Lucene search
+L

50 matches found

osv
osv
added 2023/09/27 12:0 a.m.3 views

UBUNTU-CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...

9.8CVSS7.1AI score0.02539EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/06/22 12:0 a.m.7 views

PT-2023-8462 · Ibm +4 · Ibm Spectrum Fusion Hci +4

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 Description: The issue is related to improper bucket access in the RGW service of the Ceph data storage system. It allows an attacker to perform unauthorized actions by exploiting the lack ...

9.8CVSS6.6AI score0.0461EPSS
Exploits1References61
osv
osv
added 2022/10/08 12:0 a.m.24 views

CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm

fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References5
github
github
added 2022/02/11 11:26 p.m.61 views

CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

5.6CVSS5.8AI score0.00348EPSS
Exploits1References10Affected Software1
veracode
veracode
added 2021/12/15 11:55 p.m.22 views

Privilege Escalation

github.com/couchbase/syncgateway is vulnerable to privilege escalation. The vulnerability exists because of storage of bucket credentials in the metadata within sync documents written to the bucket, allowing a user with read privilege to perform write access to data in Couchbase Server. Note: Thi...

8.1CVSS3.4AI score0.00501EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2021/12/07 10:15 p.m.3 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

8.1CVSS7.3AI score0.00501EPSS
Exploits0References2
thn
thn
added 2020/12/21 10:33 a.m.7 views

Common Security Misconfigurations and Their Consequences

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...

5.7AI score
Exploits0
cnvd
cnvd
added 2020/04/22 12:0 a.m.2 views

L'Oréal L'Oréal Finance app has unauthorized access vulnerability

L'Oréal Finance app is the news app of L'Oréal Group, which allows users to browse the latest L'Oréal Group financial information in English and French on L'Oréal Finance. An unauthorized access vulnerability exists in the L'Oréal L'Oréal Finance app. An attacker could exploit the vulnerability t...

6.8AI score
Exploits0
redhat
redhat
added 2016/09/29 12:51 p.m.3 views

ceph: RGW permits bucket listing when authenticated_users=read

A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket...

7.5CVSS5.8AI score0.01751EPSS
Exploits1References4
hackerone
hackerone
added 2016/05/10 1:42 p.m.62 views

LocalTapiola: Amazon Bucket Accessible (http://inpref.s3.amazonaws.com/)

Searching through the source code of your homepage shows a few http://inpref.s3.amazonaws.com/ URLS. I assume that you own this s3 Amazon bucket. The problem here is, visiting that amazon bucket on a browser will shows the files on the bucket, whilst a secure bucket would bring up an access denie...

0.5AI score
Exploits0
Rows per page
Query Builder