VYPR

rpm package

suse/ceph&distro=SUSE Enterprise Storage 1.0

pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%201.0

Vulnerabilities (4)

  • CVE-2015-5245Dec 3, 2015
    affected < 0.80.11-8.1fixed 0.80.11-8.1

    CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.

  • CVE-2015-3010Jun 16, 2015
    affected < 0.80.9-5.1fixed 0.80.9-5.1

    ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

  • CVE-2014-3598May 1, 2015
    affected < 0.80.9-5.1fixed 0.80.9-5.1

    The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

  • CVE-2014-3589Aug 25, 2014
    affected < 0.80.9-5.1fixed 0.80.9-5.1

    PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.