Redhat Openshift Container Storage vulnerabilities

CVE-2021-3979 [MEDIUM] CWE-327 CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key l A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

CVE-2021-4048 [CRITICAL] CWE-125 CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVE-2020-1700 [MEDIUM] CWE-400 CVE-2020-1700: A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenti A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the