USN-7706-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2018-14662 CVE-2021-3524 UBUNTU-CVE-2018-14662 UBUNTU-CVE-2021-3524

Published: 20 Aug 2025, 05:36

Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Aug 2025, 05:36

Published

Vulnerability first disclosed

20 May 2026, 16:03

Last Modified

Vulnerability information updated

Description

ceph vulnerabilities It was discovered that Ceph incorrectly handled read-only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-14662) Sergey Bobrov discovered that Ceph’s RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could possibly use this issue to compromise system integrity. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-3524)

Affected Systems

ubuntu•ceph
< 0.80.11-0ubuntu1.14.04.4+esm3 | < 10.2.11-0ubuntu0.16.04.3+esm2

USN-7706-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)