Lucene search
K

305 matches found

Veracode
Veracode
added 2026/02/27 2:46 p.m.6 views

Missing Cryptographic Key Commitment

Amazon.Extensions.S3.Encryption is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to lack of cryptographic key commitment when storing encrypted data keys in instruction files instead of S3 metadata, which allows an attacker with write access to the bucket to introdu...

6CVSS5.9AI score0.00094EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/17 9:30 p.m.8 views

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.9), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1095 more potentially affected by CVE-2026-26278 via fast-xml-parser (>=5.0.1 <=5.3.5)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-26278 Source advisory: SNYK:JS-FASTXMLPARSER-15307668...

7.5CVSS5.7AI score0.00811EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2026/02/16 12:0 a.m.2 views

The vulnerability of the Windows Storage Services data storage service on Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Storage Services data storage service in Windows operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to gain increased privileges...

7CVSS5.8AI score0.00431EPSS
Exploits0References3Affected Software21
Virtuozzo
Virtuozzo
added 2026/02/12 12:0 a.m.15 views

Virtuozzo Hybrid Infrastructure 7.2 Hotfix 1 (7.2.0-254)

This update provides a security fix and stability fixes for the storage service. Vulnerability id: VSTOR-122723 Bucket object lock is removed after setting a bucket policy. Vulnerability id: VSTOR-123191 Archive files are not accessible if there are issues with replication. Vulnerability id:...

9.8CVSS5.5AI score0.47621EPSS
Exploits7
Veracode
Veracode
added 2026/02/09 12:54 p.m.7 views

Sensitive Information Disclosure

Amazon SageMaker Python SDK is vulnerable to sensitive information disclosure. The vulnerability is due to the ModelBuilder HMAC signing key being returned in cleartext in the DescribeTrainingJob API response, which allows an attacker with API access and S3 output write permissions to upload...

8.5CVSS5.5AI score0.00455EPSS
Exploits0References7Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/16 12:10 a.m.7 views

Malicious code in s3-cache-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2a516ba427a772d00c202a782f0c11f2217ddb8360626591dbbd72b68cc5a1b The package s3-cache-handler was found to contain malicious code...

7AI score
Exploits0
Photon
Photon
added 2026/01/08 12:0 a.m.10 views

Moderate Photon OS Security Update - PHSA-2026-4.0-0942

Updates of 'rubygem-aws-sdk-s3', 'aws-sdk-cpp' packages of Photon OS have been released...

5.9AI score
Exploits0
OSV
OSV
added 2025/12/29 8:41 p.m.6 views

MGASA-2025-0333 Updated ceph packages fix security vulnerability

RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...

7.5CVSS6.5AI score0.00399EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 4:47 p.m.83 views

Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read

Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...

8.1CVSS6.3AI score0.02394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 4:45 p.m.7 views

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

8.6CVSS6AI score0.00509EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-14761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to differen...

6CVSS5.5AI score0.00176EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 9:15 p.m.5 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS5.8AI score0.00185EPSS
Exploits0References3
NVD
NVD
added 2025/12/17 9:15 p.m.5 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS0.00094EPSS
Exploits0References3
CVE
CVE
added 2025/12/17 8:18 p.m.11 views

CVE-2025-14763

CVE-2025-14763 concerns the Amazon S3 Encryption Client for Java lacking key commitment when the encrypted data key (EDK) is stored in an Instruction File. This could let a user with write access to an S3 bucket introduce a rogue EDK and decrypt to different plaintext. The vulnerability is tied t...

6CVSS6.4AI score0.00103EPSS
Exploits0References3
NVD
NVD
added 2025/12/17 8:15 p.m.6 views

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS0.00141EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2025/12/17 8:15 p.m.22 views

Key Commitment Issues in S3 Encryption Clients

More info at https://aws.amazon.com/security/security-bulletins/AWS-2025-032/...

6CVSS7AI score0.00176EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/12/13 4:48 a.m.6 views

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

4.3CVSS6.9AI score0.00288EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2025/12/03 1:12 a.m.11 views

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits1
Debian CVE
Debian CVE
added 2025/11/17 12:0 a.m.4 views

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS5.2AI score0.00201EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/11/14 9:1 a.m.5 views

RGW DoS attack with empty HTTP header in S3 object copy

...

7.5CVSS7AI score0.00399EPSS
Exploits1
Rows per page
Query Builder