14931 matches found
CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...
CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...
CVE-2026-6437
A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creation permissions can exploit an improper neutralization of argument delimiters by injecting commas into volume handling arguments. This allows for the injection of arbitrary mount options, which could...
Amazon AWS Encryption SDK 安全漏洞
Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...
Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields
Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...
Mythos and Cybersecurity
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations--Microsoft, Appl...
GHSA-FMQP-4WFC-W3V7 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, kyverno-notation-aws-fips...
PT-2026-33485
Name of the Vulnerable Software and Affected Versions AWS EFS CSI Driver versions prior to v3.0.1 Description Improper neutralization of argument delimiters in the volume handling component allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount...
Amazon EFS CSI Driver 安全漏洞
The Amazon EFS CSI Driver is an open-source component developed by the Kubernetes SIGs, used for mounting AWS File Storage in Kubernetes clusters. Previous versions of the Amazon EFS CSI Driver, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from improper paramet...
aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)
yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...
Node.js Module axios < 1.15.0 Multiple Vulnerabilities
The version of the axios Node.js module installed on the remote host is prior to 1.15.0. It is, therefore, affected by multiple vulnerabilities: - Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot...
Amazon Athena ODBC Driver < 2.0.5.1 Command Injection (Linux)
The version of Amazon Athena ODBC Driver installed on the remote Linux host is prior to 2.0.5.1. It is, therefore, affected by a vulnerability: - OS command injection in the browser-based authentication component might allow a threat actor to execute arbitrary code by using specially crafted...
Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-056 (ALASFIREFOX-2026-056)
The version of firefox installed on the remote host is prior to 140.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-056 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3241 (ALAS-2026-3241)
The version of thunderbird installed on the remote host is prior to 140.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3241 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphic...
Amazon Linux 2 : libpng, --advisory ALAS2-2026-3244 (ALAS-2026-3244)
The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3244 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...
Amazon Linux 2 : tigervnc, --advisory ALAS2-2026-3231 (ALAS-2026-3231)
The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3231 advisory. In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an...
Amazon Linux 2 : perl-XML-Parser, --advisory ALAS2-2026-3230 (ALAS-2026-3230)
The version of perl-XML-Parser installed on the remote host is prior to 2.41-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3230 advisory. XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption...
Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3239 (ALAS-2026-3239)
The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3239 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occu...
Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)
The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause...
Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3249 (ALAS-2026-3249)
The version of openssl11 installed on the remote host is prior to 1.1.1zg-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3249 advisory. Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE:...