Lucene search
K

22 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-55874

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS0.00327EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55874 SeaweedFS: Path traversal in the S3 gateway X-Amz-Copy-Source header allows cross-bucket object read

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS0.00327EPSS
Exploits0References4
CVE
CVE
added 6 days ago14 views

CVE-2026-55874

SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...

7.7CVSS6AI score0.00327EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 6:32 p.m.42 views

CVE-2026-45042 RustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy Source

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/03/15 5:52 a.m.6 views

OESA-2026-1542 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References2
OSV
OSV
added 2026/03/15 5:52 a.m.5 views

OESA-2026-1541 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.12 views

rgw: RGW DoS attack with empty HTTP header in S3 object copy

A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.6 views

Astra Linux – Vulnerability in Ceph

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the x-amz-copy-source argument to copy an object and specifying an empty string as its content resulted in the RGW daemon crashing, leading to a DoS attack. As of the time of publication,...

7.5CVSS5.4AI score0.0044EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/11/13 12:45 a.m.5 views

SUSE CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS6.8AI score0.0044EPSS
Exploits1References3
OSV
OSV
added 2025/11/12 7:15 p.m.3 views

DEBIAN-CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS7.1AI score0.0044EPSS
Exploits1References1
NVD
NVD
added 2025/11/12 7:15 p.m.9 views

CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS0.0044EPSS
Exploits1References2
OSV
OSV
added 2025/11/12 7:15 p.m.6 views

AZL-70058 CVE-2024-47866 affecting package ceph for versions less than 18.2.2-12

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS5.6AI score0.0044EPSS
Exploits1References1
OSV
OSV
added 2025/11/12 7:15 p.m.6 views

UBUNTU-CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/11/12 6:28 p.m.6 views

CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS5.2AI score0.0044EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/11/12 6:28 p.m.4 views

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS6.3AI score0.0044EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/12 6:28 p.m.11 views

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS0.0044EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/12 6:28 p.m.6 views

EUVD-2024-55069

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS5.9AI score0.0044EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/11/12 6:28 p.m.5 views

CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS7.1AI score0.0044EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/12 6:33 a.m.7 views

CVE-2024-47866

A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteri...

7.5CVSS6AI score0.0044EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/11/12 2:43 a.m.4 views

rgw: RGW DoS attack with empty HTTP header in S3 object copy

A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References5
Rows per page
Query Builder