CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037

The CVE affects the AWS CDK RestApi with CognitoUserPoolAuthorizer. Under certain conditions, authenticated Cognito users may gain access beyond what is intended to protected API resources/methods, though API availability is not affected. Affected CDK versions are >=2.142.0 and =2.148.1; upgra...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

AWS Cloud Development Kit 安全漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from the possibility that an...

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

The vulnerability of the software development package Azure IoT SDK for C lies in its memory management after memory is released. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Azure IoT SDK for C development software package lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2024:2999-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2993-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

edk2: Temporary DoS vulnerability

A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of availability...

SUSE: Security Advisory (SUSE-SU-2024:2900-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-42438

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access...

CVE-2024-42437

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access...

Zoom多款产品 安全漏洞

Zoom Rooms and others are products of Zoom Corporation, USA.Zoom Rooms is a software-based conferencing system.Zoom Meeting SDK is a development kit.Zoom Workplace is a desktop application software. A security vulnerability exists in a number of Zoom products. An attacker exploiting this...

SUSE: Security Advisory (SUSE-SU-2024:2868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2681-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

edk2: Use of a Weak PseudoRandom Number Generator

A security flaw has been identified in the cryptographic system of EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized remote attacker to potentially expose sensitive information...

SUSE: Security Advisory (SUSE-SU-2024:2589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...