71 matches found
EUVD-2026-30420
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path...
kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state
A flaw was found in the Linux kernel's libceph OSD client. When a connection fault occurs during a sparse read, the sparse-read state is not properly reset. This allows a misbehaving or compromised Ceph OSD server, or a network adversary, to disrupt traffic. As a result, the client can misinterpr...
CVE-2026-30240
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...
CVE-2026-30240
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...
CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...
CVE-2023-31042
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols...
libceph: replace BUG_ON with bounds check for map->max_osd
...
CVE-2025-62478
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
CVE-2025-62478
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
EUVD-2025-35239
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
EUVD-2011-1062
Malware in sbrugna...
EUVD-2024-19588
Malicious code in bioql PyPI...
CVE-2023-21833
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
BIT-MINIO-2024-55949 Privilege escalation in IAM import API in MinIO
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...
CVE-2025-2402
A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...
CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub
A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...
CVE-2025-2402
CVE-2025-2402 affects KNIME Business Hub. A hard-coded, non-random password for the object store (MinIO) in all versions except the listed fixes enables an unauthenticated attacker to read/manipulate swapped jobs or in/out data of active jobs, and can cause a denial-of-service by writing large da...
SUSE CVE-2024-41178
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...
GHSA-C2HF-VCMR-QJRF Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...