rpm package
suse/ceph&distro=SUSE Enterprise Storage 1.0
pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%201.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5245 | — | < 0.80.11-8.1 | 0.80.11-8.1 | Dec 3, 2015 | CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. | ||
| CVE-2015-3010 | — | < 0.80.9-5.1 | 0.80.9-5.1 | Jun 16, 2015 | ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||
| CVE-2014-3598 | — | < 0.80.9-5.1 | 0.80.9-5.1 | May 1, 2015 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | ||
| CVE-2014-3589 | — | < 0.80.9-5.1 | 0.80.9-5.1 | Aug 25, 2014 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
- CVE-2015-5245Dec 3, 2015affected < 0.80.11-8.1fixed 0.80.11-8.1
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
- CVE-2015-3010Jun 16, 2015affected < 0.80.9-5.1fixed 0.80.9-5.1
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
- CVE-2014-3598May 1, 2015affected < 0.80.9-5.1fixed 0.80.9-5.1
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
- CVE-2014-3589Aug 25, 2014affected < 0.80.9-5.1fixed 0.80.9-5.1
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.