Redhat Ceph_storage
45 CVEs affecting Redhat Ceph_storage. Latest disclosed: 2025-12-18. Critical: 7, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-26148 | Critical | 9.8 | 2022-03-21 | An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When t… |
CVE-2021-20236 | Critical | 9.8 | 2021-05-28 | A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending c… |
CVE-2018-14649 | Critical | 9.8 | 2018-10-09 | It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=… |
CVE-2018-15727 | Critical | 9.8 | 2018-08-29 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing… |
CVE-2022-0670 | Critical | 9.1 | 2022-07-25 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vul… |
CVE-2021-4048 | Critical | 9.1 | 2021-12-08 | An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before vers… |
CVE-2019-14859 | Critical | 9.1 | 2020-01-02 | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification… |
CVE-2020-25660 | High | 8.8 | 2020-11-23 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then… |
CVE-2018-10861 | High | 8.1 | 2018-07-10 | A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and co… |
CVE-2020-1712 | High | 7.8 | 2020-03-31 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages… |
CVE-2018-10875 | High | 7.8 | 2018-07-13 | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under th… |
CVE-2025-13601 | High | 7.7 | 2025-11-26 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to… |
CVE-2025-14874 | High | 7.5 | 2025-12-18 | A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2020-1699 | High | 7.5 | 2020-04-21 | A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions… |
CVE-2019-10222 | High | 7.5 | 2019-11-08 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW serve… |
CVE-2018-1128 | High | 7.5 | 2018-07-10 | It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph c… |
CVE-2016-7031 | High | 7.5 | 2016-10-03 | The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. |
CVE-2021-20288 | High | 7.2 | 2021-04-15 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_ke… |
CVE-2020-27781 | High | 7.1 | 2020-12-18 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manil… |