Lucene search
+L

75 matches found

ptsecurity
ptsecurity
added 2020/09/20 12:0 a.m.3 views

PT-2021-5763

Name of the Vulnerable Software and Affected Versions ceph versions prior to 14.2.20 Description The issue is related to a flaw in the authentication procedure of the ceph storage network, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and caus...

7.8CVSS6.6AI score0.27477EPSS
Exploits14References81
osv
osv
added 2019/05/17 1:47 p.m.9 views

SUSE-SU-2019:1287-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127:...

9.8CVSS8.4AI score0.07291EPSS
Exploits5References52
mageia
mageia
added 2019/05/16 8:25 a.m.70 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

8.8CVSS7.4AI score0.16523EPSS
Exploits19References43
veracode
veracode
added 2019/05/16 3:10 a.m.34 views

Privilege Escalation

cephx is vulnerable to privilege escalation attacks. This is because cephx authentication protocol does not verify ceph clients correctly. An attacker who has access to the ceph cluster network is able to sniff packets on the network...

7.5CVSS8AI score0.01374EPSS
Exploits0References33Affected Software3
veracode
veracode
added 2019/05/16 3:10 a.m.26 views

Authentication Bypass

cephx protocol is vulnerable to authentication bypass attacks. This is because the way signature calculation was handled by cephx authentication protocol. An attacker who has access to ceph cluster network is able to alter the message payload which leads to bypass signature checks done by cephx...

6.5CVSS7.1AI score0.01902EPSS
Exploits0References32Affected Software3
nessus
nessus
added 2019/04/29 12:0 a.m.62 views

openSUSE Security Update : ceph (openSUSE-2019-1284)

This update for ceph version 13.2.4 fixes the following issues : Security issues fixed : - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety bsc1111177 - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon bsc1099162 - CVE-2018-1128: Fixed signature check bypass i...

8.1CVSS6.3AI score0.03249EPSS
Exploits0References13
opensuse
opensuse
added 2019/04/27 12:0 a.m.112 views

Security update for ceph (moderate)

openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2019:1284-1 Rating: moderate References: 1084645 1086613 1096748 1099162 1101262 1111177 1114567 1114710 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-14662 CVE-2018-16846 Affected Products:...

8.1CVSS7.5AI score0.03249EPSS
Exploits0References8
debian
debian
added 2019/03/15 10:45 p.m.419 views

[SECURITY] [DLA 1715-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...

7.8CVSS7.3AI score0.60631EPSS
Exploits11
osv
osv
added 2019/02/20 11:50 p.m.7 views

MGASA-2019-0098 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

8.8CVSS7.3AI score0.16523EPSS
Exploits10References24
mageia
mageia
added 2019/02/20 11:50 p.m.69 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

8.8CVSS0.16523EPSS
Exploits10References23
nessus
nessus
added 2019/01/02 12:0 a.m.50 views

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2980-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14617: Prevent NULL pointer dereference and panic in hfspluslookup when opening a file that is purportedly a hard link in an hfs+ filesystem that has malform...

7.8CVSS6.8AI score0.04997EPSS
Exploits4References174
osv
osv
added 2018/12/21 9:28 p.m.13 views

MGASA-2018-0487 Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...

7.8CVSS6.3AI score0.01902EPSS
Exploits5References13
mageia
mageia
added 2018/12/21 9:28 p.m.79 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...

7.8CVSS0.4AI score0.01902EPSS
Exploits5References12
nessus
nessus
added 2018/09/21 12:0 a.m.41 views

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. Th...

8.4CVSS7AI score0.04997EPSS
Exploits8References162
osv
osv
added 2018/08/03 5:46 p.m.11 views

SUSE-SU-2018:2193-1 Security update for ceph

This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: https://ceph.com/releases/12-2-7-luminous-released/ luminous: osd: eternal stuck PG in 'unfoundrecovery' bsc1094932 bluestore: db.slow used when db is not full bsc1092874 CVE-2018-10861: Ensure that...

8.1CVSS7.3AI score0.03249EPSS
Exploits0References8
redhat
redhat
added 2018/07/26 3:35 p.m.75 views

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update

An update for ceph is now available for Red Hat Ceph Storage 2.5 for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.6AI score0.03249EPSS
Exploits0References6
nessus
nessus
added 2018/07/18 12:0 a.m.282 views

RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2177 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

8.1CVSS7AI score0.03249EPSS
Exploits0References29
redhat
redhat
added 2018/07/11 6:21 p.m.179 views

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.0 security and bug fix update

An update for ceph is now available for Red Hat Ceph Storage for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS6.7AI score0.03249EPSS
Exploits0References4
redhat
redhat
added 2018/07/11 6:11 p.m.37 views

ceph: cephx protocol is vulnerable to replay attack

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perfo...

7.5CVSS7.2AI score0.01374EPSS
Exploits0References4
redhat
redhat
added 2018/07/11 6:11 p.m.16 views

ceph: cephx uses weak signatures

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...

6.5CVSS7.2AI score0.01902EPSS
Exploits0References4
Rows per page
Query Builder