Lucene search
K

1041 matches found

Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.4 views

PT-2025-14797

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2025-04-03T14-56-28Z Description: The issue concerns an authorization flaw in MinIO, a high-performance object storage system. This flaw allows a client with prior WRITE permissions on a bucket to upload object...

8.7CVSS7.8AI score0.02327EPSS
Exploits0References30
RustSec
RustSec
added 2025/03/26 12:0 p.m.22 views

Potential out-of-bounds read with a malformed ELF file and the HashTable API.

Affected versions of this crate only validated the index argument of HashTable::getbucket and HashTable::getchain against the input-controlled bucketcount and chaincount fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a...

7AI score
Exploits0Affected Software1
Snyk
Snyk
added 2025/03/23 10:18 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory. PoC 1 Install the files-bucket-server package: npm install files-bucket-server 2 Create a new directory: mkdir...

8.7CVSS6.7AI score0.00755EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 12:55 p.m.6 views

CVE-2024-6577

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS6.9AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:55 p.m.6 views

CVE-2024-6583

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...

4.3CVSS7AI score0.00547EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.4 views

GHSA-XX7C-J7H3-VJCQ TorchServe script references S3 bucket without ensuring ownership or confirming accessibility

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS7AI score0.00362EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

TorchServe script references S3 bucket without ensuring ownership or confirming accessibility

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS6.8AI score0.00362EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-6583

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...

4.3CVSS4.6AI score
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-6583

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...

4.3CVSS0.00547EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-6577

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS0.00362EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:10 a.m.43 views

CVE-2024-6577

CVE-2024-6577 affects pytorch/serve. The script upload_results_to_s3.sh references the S3 bucket benchmarkai-metrics-prod without verifying ownership or accessibility, potentially enabling data exposure or unauthorized modifications if the bucket is not properly secured. No explicit remediation o...

6.3CVSS6.5AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS6.5AI score0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-6583 Path Traversal in stangirard/quivr

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...

4.3CVSS4.8AI score0.00547EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.44 views

CVE-2024-6583

CVE-2024-6583 describes a path traversal vulnerability in the latest version of stangirard/quivr, enabling an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the upload request path. The root cause is related to insufficient validation of the destination path in the up...

4.3CVSS7AI score0.00547EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-6583 Path Traversal in stangirard/quivr

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...

4.3CVSS0.00547EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that stems from the uploadresultstos3.sh script not ensuring S3 bucket ownership, which could lead to data disclosure or unauthorized access...

6.3CVSS6.4AI score0.00362EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 4:37 p.m.7 views

Security Bulletin: An unclaimed Amazon S3 bucket vulnerability (CVE-2024-1682)affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential unclaimed Amazon S3 bucket vulnerability CVE-2024-1682 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for...

4.3CVSS6.2AI score0.00374EPSS
Exploits0Affected Software2
NVD
NVD
added 2025/03/10 7:15 p.m.24 views

CVE-2025-27136

LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...

6.9CVSS0.00497EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/10 6:42 p.m.4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection over the bucket creation endpoint. In createServiceFactory, external entities referenced in the CreateBucketConfiguration XML document are resolved and retrieved. This allows attackers to perform...

7.2CVSS7.4AI score0.00497EPSS
Exploits1References2
Rows per page
Query Builder