24 matches found
CVE-2026-49017
OpenStack Swift prior to 2.36.2 and 2.37.2 is affected. The s3api middleware enters an infinite loop while processing truncated aws-chunked PUT bodies, due to the StreamingInput class repeatedly appending an empty buffer and re-reading. This causes the proxy-server worker to become permanently un...
PT-2026-31855
Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0 Description A flaw exists in OpenStack Keystone where restricted application credentials can be used to create EC2 credentials. An authenticated user with a...
EUVD-2021-8679
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.18 Bug Fix Update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.18 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...
SUSE CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
Ubuntu 20.04 LTS / 22.04 LTS : OpenStack Swift vulnerability (USN-5852-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5852-1 advisory. It was discovered that OpenStack Swift incorrectly handled certain XML files. A remote authenticated user could possibly use this issue to obtain...
Debian DSA-5327-1 : swift - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5327 advisory. Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. For the stable distribution bullseye,...
[SECURITY] [DLA 3281-1] swift security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-3281-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 25, 2023 https://wiki.debian.org/LTS -...
Debian dla-3281 : python-swift - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3281 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3281-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DSA 5327-1] swift security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5327-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2023 https://www.debian.org/security/faq -...
GHSA-274C-RX2J-2V3X OpenStack Swift XML external entities (XXE) Injection
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
OpenStack Swift XML external entities (XXE) Injection
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
DEBIAN-CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
Code injection
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-47950
OpenStack Swift contains a vulnerability (CVE-2022-47950) where a authenticated user can supply crafted XML to the S3 API, causing it to disclose arbitrary host files. Affected lines mention OpenStack Swift versions before 2.28.1, 2.29.x before 2.29.2, and 2.30.0, with impact on both s3api (Rocky...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
PT-2023-1506 · Openstack +2 · Openstack Swift +2
Name of the Vulnerable Software and Affected Versions: OpenStack Swift versions prior to 2.28.1 OpenStack Swift versions 2.29.x prior to 2.29.2 OpenStack Swift version 2.30.0 Description: The issue is related to the S3 API interface of the OpenStack Swift distributed object storage system. It...
[ASA-202103-5] minio: access restriction bypass
Arch Linux Security Advisory ASA-202103-5 ========================================= Severity: Medium Date : 2021-03-13 CVE-ID : CVE-2021-21362 Package : minio Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1664 Summary ======= The package minio before...