Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Container Storage Subscriptions
Total 24 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-1700 4 Canonical, Ceph, Opensuse and 1 more 4 Ubuntu Linux, Ceph, Leap and 1 more 2024-11-21 6.5 Medium
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
CVE-2020-16845 5 Debian, Fedoraproject, Golang and 2 more 13 Debian Linux, Fedora, Go and 10 more 2024-11-21 7.5 High
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-15586 6 Cloudfoundry, Debian, Fedoraproject and 3 more 15 Cf-deployment, Routing-release, Debian Linux and 12 more 2024-11-21 5.9 Medium
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2020-14040 3 Fedoraproject, Golang, Redhat 16 Fedora, Text, 3scale Amp and 13 more 2024-11-21 7.5 High
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.