305 matches found
Missing Cryptographic Key Commitment
Amazon.Extensions.S3.Encryption is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to lack of cryptographic key commitment when storing encrypted data keys in instruction files instead of S3 metadata, which allows an attacker with write access to the bucket to introdu...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.9), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1095 more potentially affected by CVE-2026-26278 via fast-xml-parser (>=5.0.1 <=5.3.5)
fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-26278 Source advisory: SNYK:JS-FASTXMLPARSER-15307668...
The vulnerability of the Windows Storage Services data storage service on Windows operating systems allows attackers to exploit their privileges.
The vulnerability of the Windows Storage Services data storage service in Windows operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to gain increased privileges...
Virtuozzo Hybrid Infrastructure 7.2 Hotfix 1 (7.2.0-254)
This update provides a security fix and stability fixes for the storage service. Vulnerability id: VSTOR-122723 Bucket object lock is removed after setting a bucket policy. Vulnerability id: VSTOR-123191 Archive files are not accessible if there are issues with replication. Vulnerability id:...
Sensitive Information Disclosure
Amazon SageMaker Python SDK is vulnerable to sensitive information disclosure. The vulnerability is due to the ModelBuilder HMAC signing key being returned in cleartext in the DescribeTrainingJob API response, which allows an attacker with API access and S3 output write permissions to upload...
Malicious code in s3-cache-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2a516ba427a772d00c202a782f0c11f2217ddb8360626591dbbd72b68cc5a1b The package s3-cache-handler was found to contain malicious code...
Moderate Photon OS Security Update - PHSA-2026-4.0-0942
Updates of 'rubygem-aws-sdk-s3', 'aws-sdk-cpp' packages of Photon OS have been released...
MGASA-2025-0333 Updated ceph packages fix security vulnerability
RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...
Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read
Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...
Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data
Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...
Linux Distros Unpatched Vulnerability : CVE-2025-14761
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to differen...
CVE-2025-14762
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...
CVE-2025-14764
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...
CVE-2025-14763
CVE-2025-14763 concerns the Amazon S3 Encryption Client for Java lacking key commitment when the encrypted data key (EDK) is stored in an Instruction File. This could let a user with write access to an S3 bucket introduce a rogue EDK and decrypt to different plaintext. The vulnerability is tied t...
CVE-2025-14760
Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...
Key Commitment Issues in S3 Encryption Clients
More info at https://aws.amazon.com/security/security-bulletins/AWS-2025-032/...
Information Disclosure
Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...
[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
RGW DoS attack with empty HTTP header in S3 object copy
...