14931 matches found
CLSA-2026-1777391919 glib2: Fix of CVE-2020-35457
CVE-2020-35457: add a precondition in goptiongroupaddentries to avoid a GOptionEntry list size overflow GMAXSIZE. Patch backported from amazon-linux-2els...
Simplifying AWS defense with Microsoft Sentinel UEBA
In this article 1. Under the hood: The tables 2. Traditional vs. new approach 3. Real-world attack scenarios: Microsoft Sentinel UEBA in action 4. Practical implementation: Getting started 5. Limitations and constraints 6. From raw logs to behavioral context With the expansion of Microsoft Sentin...
CVE-2024-54012
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to...
CVE-2026-29181 vulnerabilities
Vulnerabilities for packages: mesosphere-vsphere-csi, aws-privateca-issuer, node-problem-detector, terraform, ko, falco-no-driver, db-operator, buildah, dex, crossplane-provider-family-azure, nerdctl, neuvector-scanner, cloud-provider-azure, cloudflared, cilium, flux-image-reflector-controller,...
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: mesosphere-vsphere-csi, aws-privateca-issuer, node-problem-detector, terraform, ko, falco-no-driver, db-operator, buildah, dex, crossplane-provider-family-azure, nerdctl, neuvector-scanner, cloud-provider-azure, cloudflared, cilium, flux-image-reflector-controller,...
EUVD-2026-25577
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
EUVD-2026-23943
AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via DoRequestAsync. An attacker in control of a configured endpoint can cause excessive memory consumption and potentially terminate the process by supplying a large HTTP response bod...
AWS Ops Wheel 数据伪造问题漏洞
AWS Ops Wheel is an open-source tool from Amazon Web Services that supports multi-tenant random selection. AWS Ops Wheel has a vulnerability related to data manipulation, stemming from the lack of JWT signature verification. This vulnerability allows unauthenticated attackers to forge JWT tokens...
Amazon tough 路径遍历漏洞
Amazon Tough is a Rust client library from Amazon, a subsidiary of The Update Framework TUF. Versions prior to tough-v0.22.0 contained a path traversal vulnerability. This vulnerability stemmed from incomplete path traversal fixes, which could allow remote authenticated users to write to files...
AWS Ops Wheel 安全漏洞
AWS Ops Wheel is an open-source tool provided by Amazon Web Services that supports multi-tenant functionality. There is a security vulnerability in AWS Ops Wheel, which stems from improper control over the modification of object properties dynamically determined during the Cognito user pool...
Amazon tough 数据伪造问题漏洞
Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from improper validation of the encryption signature uniqueness during delegated role verification. A...
CVE-2026-41332
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...
CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads
Summary OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. OpenTelemetry.Resources.AWS reads unbounded HTTP response bodies from a configured AWS EC2/ECS/EKS remote instance metadata service endpoint into memory. Both o...
EUVD-2026-25271
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads...
CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...
Malicious code in amazon-q-developer-streaming-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3016 Malicious code in amazon-q-developer-streaming-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...
Exploit for Origin Validation Error in Apache Airflow_Providers_Amazon
CVE-2026-25604 PoC Host Header Injection leading to SAML au...