26 matches found
Missing Authorization
github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when processing a malformed PFCP SessionReportRequest in the process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to panic and terminat...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PFCP SessionReportRequest process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to crash and terminate by sending a specially...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PFCP SessionReportRequest process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to crash and terminate by sending a specially...
CVE-2026-26025 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...
CVE-2026-26025 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...
CVE-2026-26025
CVE-2026-26025 affects free5GC SMF (versions up to and including 1.4.1). A malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface can cause the SMF to panic and terminate. No upstream fix is provided in the available documents. Mitigations described in the sources include ACL/firewa...
CVE-2026-26024 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...
CVE-2026-26024 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...
Release Information for Veeam Backup for Microsoft 365 8.3
More Recent Version Available Please find the latest version of Veeam Backup for Microsoft 365 here: Veeam Downloads - Latest Version Build Numbers and Versions of Veeam Backup for Microsoft 365 Requirements This release can be used to: upgrade an existing v7, v8, v8.1, or v8.2 deployment of Veea...
CVE-2025-64179
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
CVE-2025-64179
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
CVE-2025-64179 lakeFS: Unauthenticated access to API usage metrics
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
CVE-2025-64179 lakeFS: Unauthenticated access to API usage metrics
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
CVE-2025-64179
lakeFS versions
CVE-2025-64179 lakeFS: Unauthenticated access to API usage metrics
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
lakeFS 安全漏洞
lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS 1.69.0 and earlier versions, which stems from a lack of authentication in the /api/v1/usage-report/summary endpoint that could lead to the...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/usage-report/summary endpoint. An attacker can access aggregate API usage counts by sending unauthenticated requests to this endpoint, potentially revealing information about service activity or...
lakeFS affected by unauthenticated access to API usage metrics
Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...
GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics
Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...