GHSA-2MXR-P26X-MJ73 @hulumi/baseline: AccountFoundation audit-delivery S3 bucket could be silently weakened

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

CVE-2026-46311 drm/amdgpu/userq: fix access to stale wptr mapping

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential double-free of the bit17 bitmask. A userspace environment where multiple threads compete to set the tiling to I915TILINGNONE could lead to a double-free of the bit17 bitmask. Or, conversely, memory...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper acquisition and release of the GEM object’s reserved lock before and after cleanup...

Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters

Challenge Jobs targeting an S3-Compatible repository fail with either of the following errors: Error: S3 error: Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters Code: InvalidRequest Agent failed to process method S3 error: Checksum Type mismatch occurred,...

CVE-2023-28372

A flaw exists in FlashBlade Purity OE Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock...

CVE-2023-53095

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res-bo assignment is protected ...

SUSE CVE-2023-52930

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit17 double-free A userspace with multiple threads racing I915GEMSETTILING to set the tiling to I915TILINGNONE could trigger a double free of the bit17 bitmask. Or conversely leak memory on the transition...

UBUNTU-CVE-2023-52930

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit17 double-free A userspace with multiple threads racing I915GEMSETTILING to set the tiling to I915TILINGNONE could trigger a double free of the bit17 bitmask. Or conversely leak memory on the transition...

PT-2025-18859 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been resolved in the Linux kernel. The issue is related to the LRU mechanism, which may look up a resource in the process of being removed from an...

CVE-2023-28372

A flaw exists in FlashBlade Purity OE Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock...

Design/Logic Flaw

A flaw exists in FlashBlade Purity OE Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock...

CVE-2023-28372 FlashBlade Object Store Privileged Access

A flaw exists in FlashBlade Purity OE Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock...

CVE-2023-28372

CVE-2023-28372 affects FlashBlade Purity (OE) , where a user with privileges to extend an object’s retention period can affect the availability of the object lock. The available connected sources corroborate the same flaw scope and impact, indicating an object-lock availability impact when privil...

PT-2023-21679 · Pure Storage · Flashblade Purity

Name of the Vulnerable Software and Affected Versions: FlashBlade Purity OE version 4.1.0 Description: A flaw exists in FlashBlade Purity OE whereby a user with privileges to extend an object's retention period can affect the availability of the object lock. Recommendations: For version 4.1.0,...

Authentication Bypass

github.com/minio/minio is vulnerable to Authentication Bypass. The vulnerability exists in the enforceRetentionBypassForDelete function in bucket-object-lock.go because it does not properly honor a Deny policy on ByPassGoverance. The expected behavior is "Access Denied" for all users attempting t...

Using Object Storage with Veeam Products

Summary Veeam Backup & Replication supports object storage as a destination for long-term data storage. Similarly, Veeam Backup for Office 365 and cloud-specific offerings, such as Veeam Backup for AWS, Veeam Backup for Azure, Veeam Backup for Google Cloud Platform all support object storage. Thi...