Lucene search
K

566 matches found

OSV
OSV
added 2026/02/14 3:22 p.m.7 views

CVE-2026-23136 libceph: reset sparse-read state in osd_fault()

In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osdfault When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate stat...

7.5CVSS5.2AI score0.0028EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS alpha.78 contained security vulnerabilities, which stemmed from IP access control bypasses. These vulnerabilities could allow access to systems that meet the requirements of an IP whitelist policy...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/02 11:33 p.m.15 views

SageMaker Python SDK has Exposed HMAC

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...

8.5CVSS6.5AI score0.00455EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/01/15 10:35 p.m.22 views

CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

6.5CVSS0.00239EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-3139

Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.75.0 Description lakeFS's S3 gateway does not validate timestamps in authenticated requests, which allows for replay attacks. An attacker capturing a valid signed request can replay it until credentials are rotated,...

6.5CVSS6.4AI score0.00239EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

lakeFS security vulnerability

LakeFS is an open-source tool developed by Treeverse. It allows you to convert your object storage into a repository similar to Git. Versions of LakeFS prior to 1.75.0 contained security vulnerabilities. These vulnerabilities stemmed from the S3 gateway not verifying the timestamps in authenticat...

6.5CVSS5.8AI score0.00239EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/12 3:40 a.m.11 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00173EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.9 views

CVE-2023-25812

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

8.8CVSS6.7AI score0.00955EPSS
Exploits1References1
Grafana
Grafana
added 2026/01/02 12:0 a.m.12 views

Exposure of Storage Secret in Pyroscope

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

9.1CVSS5.8AI score0.00406EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-3780

Name of the Vulnerable Software and Affected Versions Pyroscope versions prior to 1.15.2 Pyroscope versions prior to 1.16.1 Description When configured to use Tencent Cloud Object Storage COS as the storage backend, the Pyroscope API may expose the secret key configuration value. An attacker with...

9.4CVSS5.8AI score0.00406EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2025/12/20 12:26 a.m.5 views

SUSE CVE-2025-68283

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

6.4CVSS6.5AI score0.00168EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2025/12/17 8:13 p.m.4 views

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS6.4AI score0.00176EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51883

Name of the Vulnerable Software and Affected Versions AWS SDK for Ruby versions prior to 1.208.0 Description A missing cryptographic key commitment in the AWS SDK for Ruby could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

6CVSS6.3AI score0.00185EPSS
Exploits0References7
OSV
OSV
added 2025/12/16 4:16 p.m.6 views

AZL-72610 CVE-2025-68283 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

5.8AI score0.00168EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/12/16 4:16 p.m.7 views

CVE-2025-68283

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

5.9AI score0.00168EPSS
Exploits0References23
OSV
OSV
added 2025/12/16 4:16 p.m.5 views

UBUNTU-CVE-2025-68285

In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in havemonandosdmap The wait loop in cephopensession can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both cephmonchandlemap and handleonem...

5.9AI score0.00173EPSS
Exploits0References36
Cvelist
Cvelist
added 2025/12/16 3:6 p.m.26 views

CVE-2025-68283 libceph: replace BUG_ON with bounds check for map->max_osd

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

0.00168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51687

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component. Specifically, the code previously used BUG ON which has been replaced with bounds checking for map-max osd. OSD indexes...

5.4AI score0.00168EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/12/11 2:36 p.m.22 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

9.1CVSS7AI score0.19396EPSS
Exploits10References4
Redos
Redos
added 2025/11/13 12:0 a.m.8 views

ROS-20251113-04

The MinIO object storage server vulnerability is related to flaws in the authorization mechanism. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

8.1CVSS6.8AI score0.00523EPSS
Exploits1
Rows per page
Query Builder