Linux Distros Unpatched Vulnerability : CVE-2020-1760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due...

OESA-2023-1761 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's...

SUSE CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...

PT-2023-8462 · Ibm +4 · Ibm Spectrum Fusion Hci +4

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 Description: The issue is related to improper bucket access in the RGW service of the Ceph data storage system. It allows an attacker to perform unauthorized actions by exploiting the lack ...

SUSE CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service...

DEBIAN-CVE-2021-3531

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability...

UBUNTU-CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

Red Hat Ceph Storage Denial of Service Vulnerability (CNVD-2020-01642)

Red Hat Ceph Storage is a scalable, open software-defined storage platform from Red Hat. A denial of service vulnerability exists in Red Hat Ceph Storage version 3, which can be exploited to cause a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RAD...

CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service...