Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:17 a.m.5 views

CVE-2015-9506

The Easy Digital Downloads EDD Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/07 12:0 a.m.7 views

Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Simple Storage Service. When installed from the official GitHub...

9.8CVSS7.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/25 12:0 a.m.4 views

The vulnerability of the AWS S3 platform’s module for developer portals allows attackers to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the AWS S3 platform’s module for developer portals developed by Backstage relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...

6.8CVSS6.6AI score0.00728EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/08/23 12:0 a.m.6 views

Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Simple Storage Service. When installed from the official GitHub...

9.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2024/05/14 8:14 p.m.3 views

GHSA-23J4-MW76-5V7H Scrapy allows redirect following in protocols other than HTTP

Impact Scrapy was following redirects regardless of the URL protocol, so redirects were working for data://, file://, ftp://, s3://, and any other scheme defined in the DOWNLOADHANDLERS setting. However, HTTP redirects should only work between URLs that use the http:// or https:// schemes. A...

6.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.7 views

PT-2024-40004 · Scrapy · Scrapy

Name of the Vulnerable Software and Affected Versions: Scrapy versions prior to 2.11.2 Description: The issue allows a malicious actor with write access to the start requests and read access to the spider output to exploit the vulnerability. This can be done by redirecting to any local file using...

6.5CVSS6.9AI score
Exploits0References5
CNVD
CNVD
added 2024/02/26 12:0 a.m.2 views

JetBrains TeamCity Improper Access Control Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an Improper Access Control vulnerability that stems from a lack of access control for the S3 Artifact Storage plugin...

5.3CVSS6.9AI score0.00307EPSS
Exploits0References1
Drupal
Drupal
added 2023/05/03 12:0 a.m.7 views

S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2023-014

S3 File System s3fs provides an additional file system to your Drupal site, which stores files in Amazon's Simple Storage Service S3 or any other S3-compatible storage service. This module may fail to validate that a file being requested to be moved to storage was uploaded during the same web...

5.6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.5 views

openstack-swift: Arbitrary file access through custom S3 XML entities

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

6.5CVSS5.8AI score0.01001EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/02/28 3:48 p.m.59 views

openstack-swift: Arbitrary file access through custom S3 XML entities

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

6.5CVSS5.8AI score0.01001EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.3 views

SUSE CVE-2021-45103

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer...

8.1CVSS7.9AI score0.00886EPSS
Exploits0References3
OSV
OSV
added 2023/01/18 5:15 p.m.4 views

UBUNTU-CVE-2022-47950

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

6.5CVSS6.8AI score0.01001EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.38 views

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Swift is one of the storage projects used to store permanent static data. A security vulnerability exists in OpenStack that stems from the fact that by providing a specially...

6.5CVSS6.7AI score0.01001EPSS
Exploits1References11
OSV
OSV
added 2022/10/12 12:15 a.m.1 views

UBUNTU-CVE-2022-41606

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0...

6.5CVSS6.5AI score0.00716EPSS
Exploits0References4
NVD
NVD
added 2022/08/16 9:15 p.m.23 views

CVE-2022-37437

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service S3 in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions...

9.8CVSS0.00382EPSS
Exploits0References1
OSV
OSV
added 2022/07/12 9:15 p.m.5 views

CVE-2022-22997

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices...

9.8CVSS7.9AI score0.01369EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.3 views

Amazon AWS SDK for Android安全漏洞

Amazon AWS SDK for Android is an Andorid-based software development kit for Amazon Web Services AWS from Amazon.com. An information disclosure vulnerability exists in Amazon AWS SDK 1.7.22 and earlier. A remote attacker could use the vulnerability to access AWS S3 developer files by reading...

8.6CVSS5.7AI score0.00672EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.5 views

rubygem-activestorage: circumvention of file size limits in ActiveStorage

A flaw was found in rubygem-activestorage. The ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. The highest threat from this vulnerability is to data integrity...

7.5CVSS7AI score0.03065EPSS
Exploits1References5
Snyk
Snyk
added 2020/12/11 2:26 p.m.3 views

Command Injection

Overview s3-kilatstorage is a S3 client for NodeJs 8.X or greater. KilatStorageS3 uses a bash command to run s3cmd which has been configured and connected to the kilatstorage service. You can use this package for Amazon S3 service too. Affected versions of this package are vulnerable to Command...

9.8CVSS7.1AI score0.00685EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/01/28 12:0 a.m.6 views

The vulnerability of the S3 protocol in the S3 Browser allows a hacker to view files and obtain NTLMv2 user hash values.

The vulnerability of the S3 Browser protocol based on HTTP is related to shortcomings in the restrictions on XML links to external objects. In this case, server responses are transmitted in XML format. Exploiting this vulnerability allows a malicious actor to remotely access files and obtain user...

6.9CVSS6.7AI score0.01399EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder