Lucene search
K

14931 matches found

OSV
OSV
added 2026/04/28 3:58 p.m.7 views

CLSA-2026-1777391919 glib2: Fix of CVE-2020-35457

CVE-2020-35457: add a precondition in goptiongroupaddentries to avoid a GOptionEntry list size overflow GMAXSIZE. Patch backported from amazon-linux-2els...

7.8CVSS7.2AI score0.00567EPSS
Exploits1References1
Microsoft Secure
Microsoft Secure
added 2026/04/28 1:0 p.m.11 views

Simplifying AWS defense with Microsoft Sentinel UEBA

In this article 1. Under the hood: The tables 2. Traditional vs. new approach 3. Real-world attack scenarios: Microsoft Sentinel UEBA in action 4. Practical implementation: Getting started 5. Limitations and constraints 6. From raw logs to behavioral context With the expansion of Microsoft Sentin...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/28 8:16 a.m.10 views

CVE-2024-54012

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to...

8.5CVSS0.00256EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.7 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: mesosphere-vsphere-csi, aws-privateca-issuer, node-problem-detector, terraform, ko, falco-no-driver, db-operator, buildah, dex, crossplane-provider-family-azure, nerdctl, neuvector-scanner, cloud-provider-azure, cloudflared, cilium, flux-image-reflector-controller,...

7.5CVSS5.8AI score0.00435EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.7 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: mesosphere-vsphere-csi, aws-privateca-issuer, node-problem-detector, terraform, ko, falco-no-driver, db-operator, buildah, dex, crossplane-provider-family-azure, nerdctl, neuvector-scanner, cloud-provider-azure, cloudflared, cilium, flux-image-reflector-controller,...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/24 4:11 p.m.5 views

EUVD-2026-25577

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 3:59 p.m.6 views

EUVD-2026-23943

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache...

5.7CVSS5.1AI score0.00096EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/24 2:31 a.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via DoRequestAsync. An attacker in control of a configured endpoint can cause excessive memory consumption and potentially terminate the process by supplying a large HTTP response bod...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

AWS Ops Wheel 数据伪造问题漏洞

AWS Ops Wheel is an open-source tool from Amazon Web Services that supports multi-tenant random selection. AWS Ops Wheel has a vulnerability related to data manipulation, stemming from the lack of JWT signature verification. This vulnerability allows unauthenticated attackers to forge JWT tokens...

9.8CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Amazon tough 路径遍历漏洞

Amazon Tough is a Rust client library from Amazon, a subsidiary of The Update Framework TUF. Versions prior to tough-v0.22.0 contained a path traversal vulnerability. This vulnerability stemmed from incomplete path traversal fixes, which could allow remote authenticated users to write to files...

7.1CVSS5.8AI score0.0052EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

AWS Ops Wheel 安全漏洞

AWS Ops Wheel is an open-source tool provided by Amazon Web Services that supports multi-tenant functionality. There is a security vulnerability in AWS Ops Wheel, which stems from improper control over the modification of object properties dynamically determined during the Cognito user pool...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Amazon tough 数据伪造问题漏洞

Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from improper validation of the encryption signature uniqueness during delegated role verification. A...

7CVSS5.7AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 10:16 p.m.5 views

CVE-2026-41332

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:57 p.m.37 views

CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS0.00105EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/23 9:44 p.m.10 views

OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads

Summary OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. OpenTelemetry.Resources.AWS reads unbounded HTTP response bodies from a configured AWS EC2/ECS/EKS remote instance metadata service endpoint into memory. Both o...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2026/04/23 9:44 p.m.8 views

EUVD-2026-25271

OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 6:22 p.m.3 views

CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS

The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/23 1:15 p.m.8 views

Malicious code in amazon-q-developer-streaming-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/23 1:15 p.m.6 views

MAL-2026-3016 Malicious code in amazon-q-developer-streaming-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/22 1:22 a.m.112 views

Exploit for Origin Validation Error in Apache Airflow_Providers_Amazon

CVE-2026-25604 PoC Host Header Injection leading to SAML au...

5.4CVSS5.8AI score0.00359EPSS
Exploits1
Rows per page
Query Builder