Filtered by vendor Redhat Subscriptions
Filtered by product Ceph Storage Subscriptions
Total 128 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-9579 2 Canonical, Redhat 8 Ubuntu Linux, Ceph Storage, Ceph Storage Mon and 5 more 2024-11-21 N/A
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
CVE-2016-8626 1 Redhat 5 Ceph, Ceph Storage, Enterprise Linux Desktop and 2 more 2024-11-21 N/A
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
CVE-2016-7031 2 Ceph Project, Redhat 2 Ceph, Ceph Storage 2024-11-21 N/A
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
CVE-2016-5009 1 Redhat 8 Ceph, Ceph Storage, Ceph Storage Mon and 5 more 2024-11-21 N/A
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2015-5245 1 Redhat 2 Ceph, Ceph Storage 2024-11-21 N/A
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
CVE-2015-4053 2 Ceph, Redhat 2 Ceph-deploy, Ceph Storage 2024-11-21 N/A
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
CVE-2015-3010 2 Ceph, Redhat 2 Ceph-deploy, Ceph Storage 2024-11-21 N/A
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
CVE-2014-3583 4 Apache, Apple, Canonical and 1 more 6 Http Server, Mac Os X, Os X Server and 3 more 2024-11-21 N/A
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.