Filtered by vendor S3ql Project Subscriptions
Filtered by product S3ql Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-12088 1 S3ql Project 1 S3ql 2024-11-21 N/A
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
CVE-2014-0485 1 S3ql Project 1 S3ql 2024-11-21 N/A
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.