Lucene search
K

1041 matches found

CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...

6CVSS6.5AI score0.00176EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Amazon S3 Encryption Client for .NET 安全漏洞

Amazon S3 Encryption Client for .NET is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client for .NET that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage buck...

6CVSS6.5AI score0.00094EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51882

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...

6CVSS6.3AI score0.00176EPSS
Exploits0References7
Veracode
Veracode
added 2025/12/13 7:32 a.m.4 views

Improper Cleanup Of Sensitive Data

Ansible is vulnerable to improper cleanup of sensitive data. The vulnerability is due to the awsssm connection plugin not performing garbage collection after playbook execution, which allows sensitive files to remain in the storage bucket and exposes confidential data to unauthorized access...

5.5CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/08 3:31 a.m.4 views

EUVD-2025-201639

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...

6AI score0.00182EPSS
Exploits0References9
NVD
NVD
added 2025/12/08 1:16 a.m.3 views

CVE-2025-40306

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...

0.00182EPSS
Exploits0References8
OSV
OSV
added 2025/12/08 1:16 a.m.2 views

DEBIAN-CVE-2025-40306

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...

5.4AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 1:16 a.m.4 views

UBUNTU-CVE-2025-40306

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...

5.8AI score0.00182EPSS
Exploits0References36
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: ceph (TSSA-2025:0506)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0506 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS6.8AI score0.02539EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.5 views

kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree

In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...

5.5CVSS5.7AI score0.00162EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989435)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989435 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlo...

5.5CVSS5.7AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989818)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989818 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding...

5.5CVSS6.2AI score0.0017EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990206)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990206 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding...

5.5CVSS6.2AI score0.0017EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetpipapo: clamp the maximum map bucket size to INTMAX Otherwise, a WARNONONCE error may occur in kvmallocnodenoprof when resizing the hashtable, because GFPNOWARN is not set. Similar issues include: b541ba7d1f5a...

7.8CVSS5.8AI score0.00185EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/31 5:31 p.m.14 views

Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

5.5CVSS5.1AI score0.00319EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/31 5:31 p.m.4 views

GHSA-F556-49JC-4RVC Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

5CVSS5.8AI score0.00319EPSS
Exploits0References6
Amazon
Amazon
added 2025/10/27 12:0 a.m.2 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 Affected Packages:...

7.8CVSS7.7AI score0.00185EPSS
Exploits0
Hacker One
Hacker One
added 2025/10/14 9:39 a.m.27 views

AWS VDP: Responsible disclosure - public S3 bucket exposing JSON/config files

A publicly listable S3 bucket was discovered, exposing various JSON and configuration files. The bucket listing and file metadata were retrievable without authentication...

7AI score
Exploits0
OSV
OSV
added 2025/10/12 6:15 p.m.3 views

CVE-2025-11639

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...

5.5CVSS5.2AI score0.00211EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/12 5:32 p.m.8 views

CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...

4.8CVSS0.00211EPSS
Exploits1References4
Rows per page
Query Builder