Astra Linux - уязвимость в ceph

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

BIT-CEPH-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

UBUNTU-CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

EUVD-2024-55069

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

EUVD-2020-3171

Malware in sbrugna...

EUVD-2020-20285

Malware in sbrugna...

EUVD-2018-6557

Malware in sbrugna...

AZL-68073 CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

Linux Distros Unpatched Vulnerability : CVE-2020-27781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila...

OESA-2025-1902 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A vulnerability classified as problematic has been found in Ceph up to 17.2.7/18.2.4/19.2.2.CWE is classifying the issue as...

CVE-2025-52555

Ceph CephFS vulnerability CVE-2025-52555 affects Ceph versions 17.2.7, 18.2.1–18.2.4, and 19.0.0–19.2.2 where an unprivileged user can escalate to root by chmod 777 a directory owned by root on a ceph-fuse mounted CephFS. The attacker gains read/write/execute access to any root-owned directory, i...

UBUNTU-CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

OESA-2024-2406 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW...

Red Hat Ceph 输入验证错误漏洞

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, enabling fault tolerance and seamless data replication. Cep...

AZL-38836 CVE-2021-28361 affecting package ceph for versions less than 18.2.2-1

An issue was discovered in Storage Performance Development Kit SPDK before 20.01.01. If a PDU is sent to the iSCSI target with a zero length but data is expected, the iSCSI target can crash with a NULL pointer dereference...

AZL-39352 CVE-2021-24032 affecting package ceph for versions less than 16.2.10-3

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

DEBIAN-CVE-2020-25660

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the...