Lucene search
+L

31 matches found

Positive Technologies
Positive Technologies
â€ĸadded 2026/06/10 12:0 a.m.â€ĸ18 views

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

8.5CVSS5.4AI score0.00039EPSS
Exploits0References5
SUSE CVE
SUSE CVE
â€ĸadded 2026/04/06 11:24 p.m.â€ĸ4 views

SUSE CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References3
OSV
OSV
â€ĸadded 2026/04/02 6:42 p.m.â€ĸ4 views

GO-2026-4896 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio

MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio...

7.1CVSS5.9AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
â€ĸadded 2026/04/01 11:0 p.m.â€ĸ3 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References1
NVD
NVD
â€ĸadded 2026/03/31 8:16 p.m.â€ĸ6 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
â€ĸadded 2026/03/31 7:30 p.m.â€ĸ2 views

CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
â€ĸadded 2026/03/31 7:30 p.m.â€ĸ6 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Cvelist
Cvelist
â€ĸadded 2026/03/31 7:30 p.m.â€ĸ29 views

CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS0.00124EPSS
Exploits0References1
OSV
OSV
â€ĸadded 2026/03/27 10:26 p.m.â€ĸ12 views

GHSA-3RH2-V3GR-35P9 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

Impact What kind of vulnerability is it? Who is impacted? A flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication- headers on a normal PutObject request. The...

7.1CVSS6AI score0.00124EPSS
Exploits0References4
EUVD
EUVD
â€ĸadded 2026/03/27 12:31 a.m.â€ĸ6 views

EUVD-2026-16424

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
â€ĸadded 2026/03/27 12:0 a.m.â€ĸ18 views

PT-2026-28605

Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2026-03-26T21-24-40Z Description A flaw in the extractMetadataFromMime function allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects. This is...

7.5CVSS5.9AI score0.60368EPSS
Exploits18References46
NVD
NVD
â€ĸadded 2026/03/26 10:16 p.m.â€ĸ6 views

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS0.00155EPSS
Exploits0References1
Snyk
Snyk
â€ĸadded 2026/03/26 9:39 p.m.â€ĸ5 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the /status/config endpoint. An attacker can obtain plaintext S3 Server-Side Encryption with Customer-Provided Keys by sending a request to this endpoint, potentially allowing unauthorized...

8.7CVSS5.9AI score0.00155EPSS
Exploits0References2
OSV
OSV
â€ĸadded 2026/03/26 9:39 p.m.â€ĸ4 views

CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS7AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
â€ĸadded 2026/03/26 9:39 p.m.â€ĸ25 views

CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS0.00155EPSS
Exploits0References1
CVE
CVE
â€ĸadded 2026/03/26 9:39 p.m.â€ĸ24 views

CVE-2026-28377

The CVE-2026-28377 issue affects Grafana Tempo (tempo package) where the /status/config endpoint exposes the S3 SSE-C encryption key in plaintext, enabling unauthorized access to the key used for tracing data stored in S3. Affected component/file: the Tempo S3 backend (tempodb/backend/s3) as desc...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
EUVD
EUVD
â€ĸadded 2025/10/07 12:30 a.m.â€ĸ4 views

EUVD-2020-29129

Malware in sbrugna...

8.1CVSS8AI score0.00727EPSS
Exploits1References3
Kitploit
Kitploit
â€ĸadded 2022/07/28 12:30 p.m.â€ĸ65 views

TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID | Cloud Service Company | Types Of Cloud...

7.5AI score
Exploits0References67
NVD
NVD
â€ĸadded 2020/11/16 1:15 a.m.â€ĸ38 views

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...

8.1CVSS8AI score0.00727EPSS
Exploits1References2
Cvelist
Cvelist
â€ĸadded 2020/11/16 12:36 a.m.â€ĸ30 views

CVE-2020-8152

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...

5.6AI score0.0032EPSS
Exploits2References3
Rows per page
Query Builder