Search CVE reports
1 – 10 of 45 results
Incorrect usage of certificate checking via Pybind
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Vulnerable | Vulnerable | Vulnerable | Not affected |
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon...
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777...
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Not affected | Not affected | Not affected | Not affected |
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is...
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Fixed | Fixed | Not affected | Not affected |
Some fixes available 9 of 10
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Fixed | Fixed | Fixed | Fixed |
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | — | Fixed | Not affected | Not affected |
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Fixed | Fixed | Fixed | Not affected |
Some fixes available 2 of 4
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss...
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Not affected | Not affected | Fixed | Fixed |
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager....
1 affected package
ceph
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Not affected | Fixed | Fixed | Not affected |
Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.
14 affected packages
ceph, duktape, mariadb-10.0, mariadb-10.1, mariadb-10.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ceph | Not affected | Not affected | Not affected | Not affected |
| duktape | Not affected | Not affected | Vulnerable | Needs evaluation |
| mariadb-10.0 | Not in release | Not in release | Not in release | Not in release |
| mariadb-10.1 | Not in release | Not in release | Not in release | Needs evaluation |
| mariadb-10.3 | Not in release | Not in release | Needs evaluation | Not in release |
| mariadb-10.5 | — | — | Not in release | Not in release |
| mariadb-5.5 | Not in release | Not in release | Not in release | Not in release |
| mysql-5.5 | Not in release | Not in release | Not in release | Not in release |
| mysql-5.6 | Not in release | Not in release | Not in release | Not in release |
| mysql-5.7 | Not in release | Not in release | Not in release | Not affected |
| mysql-8.0 | Not affected | Not affected | Not affected | Not in release |
| percona-server-5.6 | Not in release | Not in release | Not in release | Not in release |
| percona-xtradb-cluster-5.5 | Not in release | Not in release | Not in release | Not in release |
| percona-xtradb-cluster-5.6 | Not in release | Not in release | Not in release | Not in release |