Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8958

Malware in sbrugna...

6.5CVSS6.4AI score0.0132EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2025/05/14 4:34 p.m.10 views

K000151331: Ceph RADOS Gateway vulnerability CVE-2024-48916

Security Advisory Description Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As...

8.1CVSS7.1AI score0.00192EPSS
Exploits0
OSV
OSV
added 2025/02/28 3:33 p.m.2 views

OESA-2025-1207 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by...

8.1CVSS6.9AI score0.00192EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/11 4:7 p.m.7 views

ceph: rhceph-container: Authentication bypass in CEPH RadosGW

A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...

8.1CVSS5.8AI score0.00192EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/12/02 10:50 a.m.16 views

CVE-2024-48916

A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...

9.1CVSS6.6AI score0.00192EPSS
Exploits0References6
OSV
OSV
added 2024/05/14 1:46 p.m.0 views

DEBIAN-CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...

9.8CVSS6.6AI score0.02539EPSS
Exploits1References1
OSV
OSV
added 2020/06/26 3:15 p.m.1 views

DEBIAN-CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

6.5CVSS6.7AI score0.01627EPSS
Exploits0References1
OSV
OSV
added 2019/08/28 2:0 p.m.2 views

UBUNTU-CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...

7.5CVSS7.1AI score0.0461EPSS
Exploits0References5
OSV
OSV
added 2019/03/27 12:0 a.m.3 views

UBUNTU-CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service...

7.5CVSS7.1AI score0.02946EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/12/06 12:0 a.m.4 views

PT-2018-2686 · Civetweb +2 · Civetweb +2

Name of the Vulnerable Software and Affected Versions: CivetWeb affected versions not specified Description: The issue is related to resource management errors in the CivetWeb web server. It can be exploited by a remote attacker to cause a denial of service. Specifically, when CivetWeb is used as...

7.5CVSS5.8AI score0.02946EPSS
Exploits1References40
Rows per page
Query Builder