Lucene search
K

60 matches found

EUVD
EUVD
added 2026/07/08 2:43 p.m.6 views

EUVD-2026-42285

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS6AI score0.00327EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:51 p.m.9 views

BIT-SEAWEEDFS-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS5.8AI score0.00766EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 3:57 p.m.9 views

EUVD-2026-40360

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/30 3:57 p.m.37 views

CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS0.00766EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS0.00345EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:41 p.m.5 views

EUVD-2026-39535

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS5.9AI score0.00345EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:41 p.m.6 views

CVE-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS6AI score0.00766EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Ceph

A flaw was discovered in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET request for a swift URL that ends with two slashes, it can cause the rgw component to crash, resulting in a denial of service. The most significant threat to the system is its availability...

5.3CVSS6.6AI score0.02425EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 2:28 a.m.7 views

GO-2026-4321 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs...

6.5CVSS5.4AI score0.00239EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 10:35 p.m.24 views

CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

6.5CVSS0.00239EPSS
Exploits1References3
OSV
OSV
added 2026/01/15 9:14 p.m.4 views

GHSA-F2PH-GC9M-Q55F lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

Impact LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. An attacker who captures a valid signed request e.g., through network interception, logs, or compromised systems can replay that request until credentials are rotated, even after the reques...

6.5CVSS6.8AI score0.00239EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.7 views

lakeFS security vulnerability

LakeFS is an open-source tool developed by Treeverse. It allows you to convert your object storage into a repository similar to Git. Versions of LakeFS prior to 1.75.0 contained security vulnerabilities. These vulnerabilities stemmed from the S3 gateway not verifying the timestamps in authenticat...

6.5CVSS5.8AI score0.00239EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.6 views

CVE-2021-2317

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

10CVSS7.4AI score0.01872EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-16777

Malware in sbrugna...

9.1CVSS9.3AI score0.01074EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-16778

Malware in sbrugna...

9.1CVSS9.3AI score0.01074EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-16776

Malware in sbrugna...

10CVSS9.2AI score0.01872EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-16779

Malware in sbrugna...

9.1CVSS9.3AI score0.01074EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.6 views

CVE-2021-2320

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

9.1CVSS6.9AI score0.01074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.6 views

CVE-2021-2256

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

10CVSS7.4AI score0.01666EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.5 views

CVE-2021-2319

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

9.1CVSS6.9AI score0.01074EPSS
Exploits0References1
Rows per page
Query Builder