Lucene search
K

319 matches found

Veracode
Veracode
added 2025/04/14 10:49 a.m.179 views

Improper Verification Of Cryptographic Signature

github.com/minio/minio is vulnerable to authorization bypass. The vulnerability is due to improper signature verification due to the ability to use arbitrary secrets to upload objects if the attacker has prior WRITE permissions and access to the access key and bucket name...

8.7CVSS6.5AI score0.02421EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.7 views

The vulnerability of Cisco IOS XR operating systems arises from the lack of control over public write permissions for installed application files. This allows attackers to circumvent existing security restrictions.

The vulnerability of Cisco IOS XR operating systems lies in the lack of control over public write permissions for installed application files. Exploiting this vulnerability can allow a perpetrator to circumvent existing security restrictions...

6.8CVSS5.4AI score0.00144EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/04/04 2:28 p.m.12 views

GHSA-WG47-6JQ2-Q2HH MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

8.7CVSS7AI score0.02421EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/04 2:28 p.m.28 views

MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

8.7CVSS7AI score0.02421EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/04 8:32 a.m.25 views

CVE-2025-31489

A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...

7.5CVSS7AI score0.02421EPSS
Exploits0References5
NVD
NVD
added 2025/04/03 8:15 p.m.29 views

CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS0.02421EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/03 7:36 p.m.40 views

CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS0.02421EPSS
Exploits0References2
CVE
CVE
added 2025/04/03 7:36 p.m.1633 views

CVE-2025-31489

Affected product: MinIO object storage server. Vulnerability: incomplete/signature validation for unsigned-trailer uploads allows a client with an existing bucket WRITE permission and knowledge of an access-key and bucket name to upload arbitrary objects by using any secret. Impact (as stated): p...

8.7CVSS6.8AI score0.02421EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.5 views

PT-2025-14797

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2025-04-03T14-56-28Z Description: The issue concerns an authorization flaw in MinIO, a high-performance object storage system. This flaw allows a client with prior WRITE permissions on a bucket to upload object...

8.7CVSS7.8AI score0.02421EPSS
Exploits0References30
OSV
OSV
added 2025/02/05 7:28 a.m.6 views

BIT-SUPERSET-2022-43720 Apache Superset: Improper rendering of user input

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

5.4CVSS5.2AI score0.01243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.3 views

PT-2024-35158 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.12.8 Craft versions prior to 5.4.9 Description: The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file...

7.7CVSS7.1AI score0.00657EPSS
Exploits1References9
OSV
OSV
added 2024/10/10 9:30 p.m.18 views

GHSA-RR8J-7W34-XP5J Vault Community Edition privilege escalation vulnerability

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

8.6CVSS7AI score0.00528EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/10 8:44 a.m.17 views

CVE-2024-43388 Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices

A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation...

8.8CVSS7.2AI score0.00565EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/24 8:50 a.m.12 views

CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

7.1AI score0.0031EPSS
Exploits1References3
NVD
NVD
added 2024/06/19 2:15 p.m.30 views

CVE-2024-38610

In the Linux kernel, the following vulnerability has been resolved: drivers/virt/acrn: fix PFNMAP PTE checks in acrnvmrammap Patch series "mm: followpte improvements and acrn followpte fixes". Patch 1 fixes a bunch of issues I spotted in the acrn driver. It compiles, that's all I know. I'll...

7.8CVSS0.00213EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.4 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not checking PTE write permissions...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References8
Kitploit
Kitploit
added 2024/05/09 12:30 p.m.45 views

BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR

BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs HookChecker.exe in all folders and subfolders of a given path. You need to have HookChecker.exe on the same folder of...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2024/04/30 7:45 p.m.28 views

CVE-2024-3746 Measuresoft ScadaPro Improper Access Control

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files...

6.8CVSS5.8AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/04/04 12:5 a.m.44 views

CVE-2024-26705

In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static block TLB entries. For that write access to the static...

4.4CVSS6.7AI score0.00194EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/03 2:55 p.m.25 views

CVE-2024-26705 parisc: BTLB: Fix crash when setting up BTLB at CPU bringup

In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static block TLB entries. For that write access to the static...

6.6AI score0.00194EPSS
Exploits0References3
Rows per page
Query Builder