pkg:Debian/ceph

All known vulnerabilities

• CRITICAL9.8CVE-2023-43040ceph - security update
  from 0, < 16.2.15+ds-0+deb12u1
• CRITICAL9.8CVE-2023-43040ceph - security update
  from 0, < 14.2.21-1+deb11u1
• CRITICAL9.1CVE-2022-0670ceph - security update
  from 0, < 14.2.21-1+deb11u2
• CRITICAL9.1ceph - security update
  from 0, < 14.2.21-1+deb11u2
• HIGH8.8A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients c…
  from 0, < 14.2.15-1
• HIGH8.1Ceph is vulnerable to authentication bypass through RadosGW
  from 0, < 16.2.15+ds-0+deb12u1
• HIGH8.1A flaw was found in the way ceph mon handles user requests.
  from 0, < 12.2.8+dfsg1-1
• HIGH7.8A privilege escalation flaw was found in Ceph.
  from 0, < 14.2.21-1+deb11u1
• HIGH7.5RGW DoS attack with empty HTTP header in S3 object copy
  from 0, < 14.2.21-1+deb11u2
• HIGH7.5An issue was discovered in Ceph through 13.2.9.
  from 0, < 14.2.4-1
• HIGH7.5A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has be…
  from 0, < 14.2.6-4
• HIGH7.5ceph - security update
  from 0, < 14.2.4-1
• HIGH7.5ceph - security update
  from 0, < 12.2.11+dfsg1-2.1+deb10u1
• HIGH7.5Ceph does not properly sanitize encryption keys in debug logging for v4 auth.
  from 0, < 12.2.11+dfsg1-1
• HIGH7.5A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bu…
  from 0, < 10.2.5-2
• HIGH7.5It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
  from 0, < 12.2.8+dfsg1-1
• HIGH7.5The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents…
  from 0, < 10.2.5-1
• HIGH7.2An authentication flaw was found in ceph in versions before 14.2.20.
  from 0, < 14.2.20-1
• HIGH7.1User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.
  from 0, < 14.2.16-1
• MEDIUM6.8A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was disc…
  from 0, < 14.2.9-1
• MEDIUM6.5CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
  from 0, < 14.2.21-1+deb11u1
• MEDIUM6.5A flaw was found in Ceph, relating to the URL processing on RGW backends.
  from 0, < 16.2.10+ds-5
• MEDIUM6.5ceph - security update
  from 0, < 14.2.21-1+deb11u1
• MEDIUM6.5ceph - security update
  from 0, < 14.2.21-1+deb11u1
• MEDIUM6.5A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21.
  from 0, < 14.2.21-1
• MEDIUM6.5A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway).
  from 0, < 14.2.15-1
• MEDIUM6.5A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects.
  from 0, < 14.2.7-1
• MEDIUM6.5It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket in…
  from 0, < 12.2.11+dfsg1-1
• MEDIUM6.5A flaw was found in Red Hat Ceph before 0.94.9-8.
  from 0, < 10.2.5-1
• MEDIUM6.5A flaw was found in the way signature calculation was handled by cephx authentication protocol.
  from 0, < 12.2.8+dfsg1-1
• MEDIUM6.5The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault an…
  from 0, < 10.2.5-1
• MEDIUM6.1A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component.
  from 0, < 14.2.21-1
• MEDIUM6.1ceph - security update
  from 0, < 14.2.9-1
• MEDIUM6.1ceph - security update
  from 0, < 0.80.7-2+deb8u4
• MEDIUM5.7ceph - security update
  from 0, < 0.80.7-2+deb8u3
• MEDIUM5.7ceph - security update
  from 0, < 12.2.11+dfsg1-1
• MEDIUM5.7ceph - security update
  from 0, < 10.2.11-2+deb9u1
• MEDIUM5.4A flaw was found in ceph-dashboard.
  from 0, < 14.2.18-1
• MEDIUM5.3A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21.
  from 0, < 14.2.21-1
• MEDIUM4.4A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text.
  from 0, < 14.2.18-1
• MEDIUM4.4ceph - security update
  from 0, < 12.2.8+dfsg1-1
• MEDIUM4.4ceph - security update
  from 0, < 10.2.11-1
• —CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitr…
  from 0, < 0.80.10-1
• —ceph - security update
  from 0, < 14.2.21-1+deb11u3
• —ceph - security update
  from 0, < 14.2.21-1+deb11u3