1041 matches found
Amazon AWS SDK for PHP 安全漏洞
Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...
Amazon S3 Encryption Client for .NET 安全漏洞
Amazon S3 Encryption Client for .NET is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client for .NET that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage buck...
PT-2025-51882
Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...
Improper Cleanup Of Sensitive Data
Ansible is vulnerable to improper cleanup of sensitive data. The vulnerability is due to the awsssm connection plugin not performing garbage collection after playbook execution, which allows sensitive files to remain in the storage bucket and exposes confidential data to unauthorized access...
EUVD-2025-201639
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...
CVE-2025-40306
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...
DEBIAN-CVE-2025-40306
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...
UBUNTU-CVE-2025-40306
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosure with the following warning: The helper xattrkey uses the pointer variable in the loop condition rather than dereferencing it. As...
TencentOS Server 4: ceph (TSSA-2025:0506)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0506 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989435)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989435 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlo...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989818)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989818 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990206)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990206 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetpipapo: clamp the maximum map bucket size to INTMAX Otherwise, a WARNONONCE error may occur in kvmallocnodenoprof when resizing the hashtable, because GFPNOWARN is not set. Similar issues include: b541ba7d1f5a...
Ansible does not collect garbage after playbook run
A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...
GHSA-F556-49JC-4RVC Ansible does not collect garbage after playbook run
A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 Affected Packages:...
AWS VDP: Responsible disclosure - public S3 bucket exposing JSON/config files
A publicly listable S3 bucket was discovered, exposing various JSON and configuration files. The bucket listing and file metadata were retrievable without authentication...
CVE-2025-11639
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...
CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...