6386 matches found
Cleartext Storage of Sensitive Information
Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...
Cleartext Storage of Sensitive Information
Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing...
EUVD-2026-31260
Concurrency and locking defects in GSS-TSIG...
MAL-2026-4643 Malicious code in polymarket-clob-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0a3a7bbeb25fb478d59cdd4b62ebb34c13e8e236505813660e81abf61e74ec The package is published as polymarket-clob-client, an unscoped lookalike of the legitimate @polymarket/clob-client maintained by Polymarket, but the...
Nimiq 代码问题漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier have code vulnerabilities. These vulnerabilities stem from the network discovery process, which accepts signature updates from untrusted peer nodes. When PeerContact contains an empty...
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case
The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...
CVE-2026-45557
Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...
CVE-2026-45557
CVE-2026-45557 affects Technitium DNS Server. The issue is that the server aggressively fetches missing RRSIG records or mismatched DNSKEY records, enabling an attacker that controls a domain to trigger excessive network traffic from a vulnerable system. The vulnerability is fixed in version 15.0...
PT-2026-41937
Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
CVE-2026-8596
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...
CVE-2024-36334
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...
Crypt::DSA 安全特征问题漏洞
Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to version 1.20 had security vulnerabilities. These vulnerabilities stemmed from the use of the Perl...
CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-8596
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-44308 Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications
Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...
EUVD-2020-31214
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...