Lucene search
K
RedhatCeph Storage Mon

5 matches found

CVE
CVE
added 2018/07/10 2:0 p.m.382 views

CVE-2018-1128

CVE-2018-1128 describes a replay vulnerability in the Cephx authentication protocol where a packet sniffer on a Ceph cluster network can authenticate to Ceph services due to insufficient verification of clients. The issue affects the msgr2 protocol (used by most Ceph communication) and can compro...

7.5CVSS7AI score0.01374EPSS
CVE
CVE
added 2018/07/10 2:0 p.m.320 views

CVE-2018-1129

CVE-2018-1129: A flaw in cephx signature calculation lets an attacker on a ceph cluster network alter payloads to bypass signature checks. Affected Ceph branches include master, mimic, luminous, and jewel. The initial description notes the vulnerability but does not provide a concrete patch versi...

6.5CVSS6.9AI score0.01902EPSS
CVE
CVE
added 2018/07/10 2:0 p.m.255 views

CVE-2018-10861

CVE-2018-10861 describes an authorization issue in Ceph Monitor (ceph-mon) where any authenticated Ceph user with read access can delete, create Ceph storage pools, and corrupt snapshot images. Affected releases include Ceph branches master, mimic, luminous, and jewel. The impact is the ability t...

8.1CVSS6.4AI score0.03249EPSS
CVE
CVE
added 2018/08/01 4:0 p.m.127 views

CVE-2016-9579

The CVE-2016-9579 flaw affects Ceph Object Gateway when CORS is configured to allow origins on a bucket. A remote unauthenticated attacker could trigger a denial-of-service by sending specially crafted cross-origin requests. Affected Ceph branches are 1.3.x and 2.x. Connected sources confirm this...

7.5CVSS7.2AI score0.04396EPSS
CVE
CVE
added 2016/07/12 7:0 p.m.100 views

CVE-2016-5009

The CVE-2016-5009 issue affects Ceph where the handle_command function in mon/Monitor.cc could be triggered by an empty or crafted prefix, allowing a remote authenticated user to cause a denial of service (segmentation fault and monitor crash). The linked advisories (Red Hat RHSA-2016:1384, SUSE/...

6.5CVSS6.1AI score0.0248EPSS