24 matches found
EulerOS Virtualization 3.0.2.6 : ceph-common (EulerOS-SA-2023-1058)
According to the versions of the ceph-common packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of...
EulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1708)
According to the versions of the ceph-common packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via...
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2022-1708)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2022-1525)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : ceph-common (EulerOS-SA-2022-1525)
According to the versions of the ceph-common packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via...
SUSE: Security Advisory (SUSE-SU-2020:1747-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-Site Scripting (XSS)
ceph is vulnerable to cross-site scripting. The vulnerability exists due to a flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the...
Design/Logic Flaw
A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...
Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2021-1136)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-4706-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4706-1 ceph vulnerabilities
Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. CVE-2020-10736 Adam Mohammed found...
USN-4706-1: Ceph vulnerabilities
Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. CVE-2020-10736 Adam Mohammed found...
[ASA-202011-22] ceph: multiple issues
Arch Linux Security Advisory ASA-202011-22 ========================================== Severity: High Date : 2020-11-26 CVE-ID : CVE-2020-1759 CVE-2020-1760 CVE-2020-10753 CVE-2020-25660 Package : ceph Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1195 Summary =====...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.3 Security update
An update is now available for Red Hat Ceph Storage 3.3 on Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RHEL 7 : Red Hat Ceph Storage 3.3 (RHSA-2020:3504)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3504 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a...
FreeBSD : ceph14 -- HTTP header injection via CORS ExposeHeader tag (f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621)
Red Hat bugzilla reports : A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 4.1 security and bug fix update
An update is now available for Red Hat Ceph Storage 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2020:1747-1)
This update for ceph fixes the following issues : CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag bsc1171921. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...