52 matches found
USN-7797-3: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Virtio block driver; - Media drivers; - Network drivers; - Framebuffer layer; - BTRFS file system; - Ext4 file...
EUVD-2025-18203
Malicious code in bioql PyPI...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : eclipse-jgit (SUSE-SU-2025:02762-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02762-1 advisory. - CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Tenable ha...
CVE-2025-6031
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...
CVE-2025-6031
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...
CVE-2025-6031 Insecure device pairing in end of life Amazon Cloud Cam
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...
CVE-2025-6031 Insecure device pairing in end of life Amazon Cloud Cam
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...
CVE-2025-6031
CVE-2025-6031 concerns the now-deprecated Amazon Cloud Cam. The vulnerability arises from the device’s default pairing state, which can allow an arbitrary user to bypass SSL pinning and associate the camera with any network, enabling interception and modification of network traffic. Affected prod...
PT-2025-25352 · Amazon · Amazon Cloud Cam
Name of the Vulnerable Software and Affected Versions: Amazon Cloud Cam affected versions not specified Description: The issue concerns a home security camera that is no longer supported due to its end-of-life status. When powered on, the device attempts to connect to a deprecated remote service...
Malicious code in amazon-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4b71318a5323c17de18f5573bc2c87a70f80ec6de2577c55c243993d76da1f51 The OpenSSF Package Analysis project identified 'amazon-cloud' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-374 Malicious code in amazon-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4b71318a5323c17de18f5573bc2c87a70f80ec6de2577c55c243993d76da1f51 The OpenSSF Package Analysis project identified 'amazon-cloud' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
UBUNTU-CVE-2023-4237
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...
CVE-2023-0423
The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
DEBIAN-CVE-2022-2582
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...
Amazon AWS 竞争条件问题漏洞
Amazon AWS is a cloud computing platform from the U.S.-based Amazon.com that provides a range of services including information technology infrastructure and applications, such as storage, databases, computing, machine learning, and more, to individuals, businesses, and governments. A security...
TrueStack Direct Connect 安全漏洞
TrueStack Direct Connect is a VPN management server from TrueStack USA, Inc. for easily connecting Windows and Mac computers to Windows domain controllers and file servers in the AWS cloud. A security vulnerability exists in TrueStack Direct Connect 1.4.7 that stems from incorrect application...
HTCondor 日志信息泄露漏洞
HTCondor is a workload management system at the University of Wisconsin-Madison USA. The system provides job queuing mechanisms, scheduling policies, prioritization schemes, resource monitoring and resource management. A security vulnerability exists in HTCondor versions 9.0.x through 9.0.10 and...
CVE-2021-20077
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...
Ansible: modules which use files encrypted with vault are not properly cleaned up
A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, wincopy, awss3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root...
L'Oréal L'Oréal Finance app has unauthorized access vulnerability
L'Oréal Finance app is the news app of L'Oréal Group, which allows users to browse the latest L'Oréal Group financial information in English and French on L'Oréal Finance. An unauthorized access vulnerability exists in the L'Oréal L'Oréal Finance app. An attacker could exploit the vulnerability t...