Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.7 views

CVE-2024-41806

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.7AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2024/07/25 2:34 p.m.10 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References4
CVE
CVE
added 2024/07/25 2:34 p.m.49 views

CVE-2024-41806

Open edX Platform's instructor CSV uploads for cohorts can be publicly accessible when using certain storage backends. The root cause is that uploads to AWS S3 buckets could be written with a public ACL in affected branches (master, palm, olive, nutmeg, maple, lilac, koa, juniper). A patch (commi...

5.3CVSS5.2AI score0.00331EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/02/28 6:16 a.m.37 views

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/08/01 12:0 a.m.9 views

Fedora: Security Advisory for mass3 (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/17 1:16 a.m.25 views

[SECURITY] Fedora 35 Update: mass3-0-0.6.20200627gite1d5f1a.fc35

Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading...

9.3CVSS1.4AI score0.05994EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/07/06 12:0 a.m.14 views

Fedora: Security Advisory for mass3 (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/04 1:35 a.m.30 views

[SECURITY] Fedora 36 Update: mass3-0-0.6.20200627gite1d5f1a.fc36

Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
The Hacker News
The Hacker News
added 2020/12/21 10:33 a.m.110 views

Common Security Misconfigurations and Their Consequences

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2020/03/15 9:30 p.m.94 views

AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names

AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names. Download AWSGen.py...

7.4AI score
Exploits0References1
The Coalfire Blog
The Coalfire Blog
added 2018/08/28 7:52 p.m.61 views

AWS Slurp Github Takeover

Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name example.com or wordlist as input and cycles through likely S3 bucket names example.s3.amazonaws.com looking for any world-read/writeable buckets. S3 buckets are a great find for...

1AI score
Exploits0
Rows per page
Query Builder