Search CVE reports

1 – 10 of 43 results

Detailed view

Sort by:

CVE-2025-52555

Medium priority

Vulnerable

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777...

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2024-48916

Medium priority

Fixed

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is...

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Fixed	Fixed	Not affected	Not affected

CVE-2023-43040

Medium priority

Some fixes available 9 of 10

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Fixed	Fixed	Fixed	Fixed

CVE-2022-3854

Medium priority

Fixed

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	—	Fixed	Not affected	Not affected

CVE-2022-3650

Medium priority

Some fixes available 8 of 9

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Fixed	Fixed	Fixed	Not affected

CVE-2022-0670

Medium priority

Some fixes available 3 of 5

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager....

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Not affected	Fixed	Fixed	Not affected

CVE-2021-46322

Medium priority

Vulnerable

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.

14 affected packages

ceph, duktape, mariadb-10.0, mariadb-10.1, mariadb-10.3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Not affected	Not affected	Not affected	Not affected
duktape	Not affected	Not affected	Vulnerable	Needs evaluation
mariadb-10.0	Not in release	Not in release	Not in release	Not in release
mariadb-10.1	Not in release	Not in release	Not in release	Needs evaluation
mariadb-10.3	Not in release	Not in release	Needs evaluation	Not in release
mariadb-10.5	—	—	Not in release	Not in release
mariadb-5.5	Not in release	Not in release	Not in release	Not in release
mysql-5.5	Not in release	Not in release	Not in release	Not in release
mysql-5.6	Not in release	Not in release	Not in release	Not in release
mysql-5.7	Not in release	Not in release	Not in release	Not affected
mysql-8.0	Not affected	Not affected	Not affected	Not in release
percona-server-5.6	Not in release	Not in release	Not in release	Not in release
percona-xtradb-cluster-5.5	Not in release	Not in release	Not in release	Not in release
percona-xtradb-cluster-5.6	Not in release	Not in release	Not in release	Not in release

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

enigma, freeciv, freedroidrpg, fs-uae, golly...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
enigma	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
grub2	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—
openscenegraph	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—
texlive-bin	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—
ufoai	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wesnoth	—	—	—	—
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected
ardour	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation

CVE-2021-3979

Low priority

Some fixes available 2 of 6

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss...

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Not affected	Not affected	Fixed	Fixed

CVE-2021-3531

Medium priority

Some fixes available 12 of 14

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest...

1 affected package

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ceph	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page: