Search for packages
| purl | pkg:deb/debian/ceph@10.2.5-6~bpo8%2B1 |
| Next non-vulnerable version | 18.2.8+ds-1 |
| Latest non-vulnerable version | 18.2.8+ds-1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18bk-met9-qfc9
Aliases: CVE-2024-31884 |
pybind: Improper use of Pybind |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-1fhp-86sm-bqe5
Aliases: CVE-2020-25660 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-1yz5-m9s7-nqdm
Aliases: CVE-2024-47866 |
rgw: RGW DoS attack with empty HTTP header in S3 object copy |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-36gd-352p-n7b7
Aliases: CVE-2021-20288 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-3pwt-4j1y-dbg6
Aliases: CVE-2019-10222 |
ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend |
Affected by 7 other vulnerabilities. |
|
VCID-47cr-h639-tqd4
Aliases: CVE-2023-43040 |
rgw: improperly verified POST keys |
Affected by 3 other vulnerabilities. |
|
VCID-4mk7-e67u-zkgy
Aliases: CVE-2020-27781 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-54nw-yq6d-2ueu
Aliases: CVE-2022-3650 |
A vulnerability has been found in Ceph which can lead to root privilege escalation. |
Affected by 3 other vulnerabilities. |
|
VCID-5bgn-2pbq-6yd1
Aliases: CVE-2022-0670 |
ceph: user/tenant can obtain access (read/write) to any share |
Affected by 3 other vulnerabilities. |
|
VCID-6kbn-psnc-q3cy
Aliases: CVE-2020-12059 |
ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW |
Affected by 7 other vulnerabilities. |
|
VCID-7k2s-fmzx-a3d8
Aliases: CVE-2020-25678 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-9e77-3unf-r3hu
Aliases: CVE-2021-3509 |
ceph-dashboard: Cross-site scripting via token Cookie |
Affected by 7 other vulnerabilities. |
|
VCID-a4u3-63ez-gfbc
Aliases: CVE-2020-10753 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-axaa-8h31-j3gd
Aliases: CVE-2018-1129 |
security update |
Affected by 29 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-bdcb-c7nj-j7gw
Aliases: CVE-2018-10861 |
security update |
Affected by 29 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-d8ft-cst1-5yh5
Aliases: CVE-2017-7519 |
security update |
Affected by 29 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-fy1p-qh8k-m7b8
Aliases: CVE-2018-16846 |
ceph: ListBucket max-keys has no defined limit in the RGW codebase |
Affected by 22 other vulnerabilities. |
|
VCID-gjne-rqt9-jqc5
Aliases: CVE-2020-1699 |
ceph: improper URL checking leads to information disclosure |
Affected by 7 other vulnerabilities. |
|
VCID-hqp5-p9fs-t3dk
Aliases: DSA-4339-2 ceph |
regression update |
Affected by 29 other vulnerabilities. |
|
VCID-kxvn-yjm8-3ygt
Aliases: CVE-2020-1760 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-m5wq-1w2k-9khk
Aliases: CVE-2020-27839 |
ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers |
Affected by 7 other vulnerabilities. |
|
VCID-nczx-qfyh-xubz
Aliases: CVE-2021-3979 |
ceph: Ceph volume does not honour osd_dmcrypt_key_size |
Affected by 3 other vulnerabilities. |
|
VCID-pp2v-1dp5-4bbd
Aliases: CVE-2020-1700 |
ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server |
Affected by 7 other vulnerabilities. |
|
VCID-qkp7-s947-ufcu
Aliases: CVE-2020-1759 |
Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. |
Affected by 7 other vulnerabilities. |
|
VCID-r1ah-c6z7-vyen
Aliases: CVE-2025-52555 |
ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-rukb-cwpx-q3hy
Aliases: CVE-2021-3524 |
gateway: radosgw: CRLF injection |
Affected by 7 other vulnerabilities. |
|
VCID-ssk3-kfn8-vuhy
Aliases: CVE-2018-16889 |
ceph: debug logging for v4 auth does not sanitize encryption keys |
Affected by 22 other vulnerabilities. |
|
VCID-xsvh-emr7-r7as
Aliases: CVE-2018-1128 |
security update |
Affected by 29 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-yr1z-udw9-mfha
Aliases: CVE-2018-14662 |
ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key |
Affected by 22 other vulnerabilities. |
|
VCID-zbwp-sfx4-xke7
Aliases: CVE-2021-3531 |
ceph: RGW unauthenticated denial of service |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cm58-jgsb-7yaf | ceph: RGW permits bucket listing when authenticated_users=read |
CVE-2016-7031
|
| VCID-gj55-s7r1-f3b4 | Ceph: RGW Denial of Service by sending null or specially crafted POST object requests |
CVE-2016-8626
|
| VCID-qr8p-ec3h-37at | crash: mon_command crashes ceph monitors on receiving empty prefix |
CVE-2016-5009
|
| VCID-ss2f-8hxs-myb1 | ceph: Object Gateway server DoS by sending invalid cross-origin HTTP request |
CVE-2016-9579
|