Astra Linux - уязвимость в ceph

A privilege escalation flaw was discovered in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root through a crash dump, thereby exposing privileged information...

Astra Linux - уязвимость в ceph

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and earlier, it is possible to send a JWT with “none” as its JWT algorithm. By doing this, the JWT signature is not checked. The vulnerability lies most likely in the RadosGW OIDC provider. As of the time of...

pybind: Improper use of Pybind

A flaw was found in Ceph. An attacker can allow Ceph to accept any certificate because no certificate context is passed via Pybind to the constructors imaplib.IMAP4SSL or smtplib.SMTPSSL. As a result, pybind pybind does not check the server's X.509 certificate, instead accepting any certificate...

EUVD-2020-18340

Malware in sbrugna...

EUVD-2018-2928

Malware in sbrugna...

EUVD-2022-43194

Malicious code in bioql PyPI...

CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...

CVE-2016-8626

A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests...