CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

EUVD-2022-52980

Malicious code in bioql PyPI...

PT-2024-23497 · Pure Storage · Pure Storage Flasharray

Name of the Vulnerable Software and Affected Versions: PureStorage FlashArray versions up to 6.6.5 Description: A flaw exists in PureStorage FlashArray, allowing a user to make a specific call to a FlashArray endpoint which enables privilege escalation. This issue can lead to improper privilege...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 (5.4.4-112)

This update delivers a new feature for the compute service, performance optimization for the object storage, as well as stability, security, and performance improvements. Vulnerability id: VSTOR-74916 VMs with Windows Server 2019, Windows Server 2022, and Windows 10 fail to boot after installatio...

Virtuozzo Hybrid Infrastructure 5.4 Update 2 (5.4.2-58)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute services, core and object storage, integrations, monitoring and alerts. Additionally, this release delivers stability improvements and addresses issues found in previous releases. Vulnerabilit...

Virtuozzo Hybrid Infrastructure 5.2 Update 1 (5.2.1-57)

This update provides full support for Authorization Code Flow, as well as bug fixes and improvements. Vulnerability id: VSTOR-57337 It is impossible to set the disk role to "Unassigned" while joining a node to the cluster. Vulnerability id: VSTOR-57187 Unable to add an iSCSI target with multiple...

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31524

CVE-2022-31524 affects the PureStorage-OpenConnect/swagger repository up to version 1.1.5. The root cause is the unsafe use of Flask’s send_file, enabling absolute path traversal. Public references (including Red Hat) confirm the same description. The provided documents do not specify an official...