1041 matches found
PT-2025-14797
Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2025-04-03T14-56-28Z Description: The issue concerns an authorization flaw in MinIO, a high-performance object storage system. This flaw allows a client with prior WRITE permissions on a bucket to upload object...
Potential out-of-bounds read with a malformed ELF file and the HashTable API.
Affected versions of this crate only validated the index argument of HashTable::getbucket and HashTable::getchain against the input-controlled bucketcount and chaincount fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory. PoC 1 Install the files-bucket-server package: npm install files-bucket-server 2 Create a new directory: mkdir...
CVE-2024-6577
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6583
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
GHSA-XX7C-J7H3-VJCQ TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6583
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
CVE-2024-6583
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
CVE-2024-6577
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6577
CVE-2024-6577 affects pytorch/serve. The script upload_results_to_s3.sh references the S3 bucket benchmarkai-metrics-prod without verifying ownership or accessibility, potentially enabling data exposure or unauthorized modifications if the bucket is not properly secured. No explicit remediation o...
CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6583 Path Traversal in stangirard/quivr
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
CVE-2024-6583
CVE-2024-6583 describes a path traversal vulnerability in the latest version of stangirard/quivr, enabling an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the upload request path. The root cause is related to insufficient validation of the destination path in the up...
CVE-2024-6583 Path Traversal in stangirard/quivr
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
PyTorch 安全漏洞
PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that stems from the uploadresultstos3.sh script not ensuring S3 bucket ownership, which could lead to data disclosure or unauthorized access...
Security Bulletin: An unclaimed Amazon S3 bucket vulnerability (CVE-2024-1682)affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential unclaimed Amazon S3 bucket vulnerability CVE-2024-1682 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for...
CVE-2025-27136
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection over the bucket creation endpoint. In createServiceFactory, external entities referenced in the CreateBucketConfiguration XML document are resolved and retrieved. This allows attackers to perform...