AZL-68073 CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

AZL-39352 CVE-2021-24032 affecting package ceph for versions less than 16.2.10-3

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...

AZL-38326 CVE-2019-8457 affecting package ceph for versions less than 18.2.1-1

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables...