569 matches found
Virtuozzo Hybrid Infrastructure 7.0 (7.0.0-250)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, object and core storage, networking, as well as monitoring and alerts. Additionally, this release delivers stability improvements and addresses issues found in previous releases...
VulnCheck KEV: CVE-2024-48914
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...
FreeScout Security Bypass Vulnerability (CNVD-2025-20796)
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by incorrect configuration of the root folder of the object Storage. An attacker could exploit the...
FreeScout 安全漏洞
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by incorrect configuration of the root folder of the object Storage. An attacker could exploit the...
CVE-2025-2394
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2023-27589
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...
CVE-2025-2394
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394
CVE-2025-2394 affects Ecovacs Home mobile apps (Android and iOS) up to version 3.3.0. The root cause is embedded Alibaba OSS access keys and secrets within the app, enabling potential sensitive data disclosure. The accompanying PT-2025-22570 advisory recommends removing or securely storing embedd...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
ECOVACS HOME 安全漏洞
ECOVACS HOME is a smart home management software from ECOVACS, China. A security vulnerability exists in ECOVACS HOME 3.3.0 and prior versions, which originates from embedding Alibaba Object Storage Service access keys and secrets, which could lead to sensitive data leakage...
PT-2025-22570 · Ecovacs · Ecovacs Home
Name of the Vulnerable Software and Affected Versions: Ecovacs Home Android and iOS Mobile Applications versions up to 3.3.0 Description: The issue concerns the disclosure of sensitive data due to embedded access keys and secrets for Alibaba Object Storage Service OSS in the Ecovacs Home mobile...
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...
CVE-2020-13268
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1...
NI Circuit Design Suite 安全漏洞
NI Circuit Design Suite is a circuit design suite from National Instruments NI that provides a complete set of tools for circuit design, simulation, verification, and layout. A security vulnerability exists in NI Circuit Design Suite version 14.3.0 and earlier, which stems from a stack buffer...
Security Bulletin: XSS vulnerability affects IBM Cloud Object Storage System (CVE-2021-39014)
Summary XSS vulnerability affects IBM Cloud Object Storage System CVE-2021-39014. This vulnerability has been addressed in the latest ClevOS releases. Vulnerability Details CVEID:CVE-2021-39014 DESCRIPTION: IBM Cloud Object System is vulnerable to stored cross-site scripting. This vulnerability...
Dell ECS Input Validation Error Vulnerability
Dell ECS is an enterprise-class object storage solution from Dell Technologies. Dell ECS suffers from an input validation error vulnerability that stems from the system failing to properly process specific inputs. No details of the vulnerability are provided at this time...
RHEL 6 / 7 : openstack-swift (RHSA-2015:1895)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1895 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...
RHEL 6 / 7 : openstack-swift (RHSA-2015:1684)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1684 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...
BIT-MINIO-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...