VYPR

Ceph

by Red Hat

Source repositories

CVEs (6)

  • CVE-2016-9579MedAug 1, 2018
    risk 0.43cvss 6.5epss 0.04

    A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP…

  • CVE-2016-8626MedJul 31, 2018
    risk 0.42cvss 6.5epss 0.02

    A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

  • CVE-2017-16818MedDec 20, 2017
    risk 0.42cvss 6.5epss 0.02

    RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to…

  • CVE-2016-5009MedJul 12, 2016
    risk 0.42cvss 6.5epss 0.02

    The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

  • CVE-2025-39878Sep 23, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error The function move_dirty_folio_in_page_array() was created by commit ce80b76dd327 ("ceph: introduce ceph_process_folio_batch() method") by moving…

  • CVE-2015-5245Dec 3, 2015
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.