149 matches found
Malicious code in @athena-portal/themes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ceef23383971e2a8f5f8f790c03e71fe17b0a7fc7dee044e2fd39424ce20856 The package @athena-portal/themes was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3291 Malicious code in @athena-portal/themes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ceef23383971e2a8f5f8f790c03e71fe17b0a7fc7dee044e2fd39424ce20856 The package @athena-portal/themes was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @athena-ui-components/axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec575fc86c9df0e6b2ab1a970a32ecf46d6c83971e173f481ecf7e87184260a9 The package @athena-ui-components/axios was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2683 Malicious code in @athena-ui-components/axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec575fc86c9df0e6b2ab1a970a32ecf46d6c83971e173f481ecf7e87184260a9 The package @athena-ui-components/axios was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @athena-ui-components/dashboard-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @athena-ui-components/deeplink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74fbec503fca2e61a016a70e66269c234d5329e19a1072a7f777c59fc4d466c The package @athena-ui-components/deeplink was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2682 Malicious code in @athena-ui-components/deeplink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74fbec503fca2e61a016a70e66269c234d5329e19a1072a7f777c59fc4d466c The package @athena-ui-components/deeplink was found to contain malicious code. Source: ossf-package-analysis...
Amazon Athena ODBC Driver < 2.0.5.1 Command Injection (Linux)
The version of Amazon Athena ODBC Driver installed on the remote Linux host is prior to 2.0.5.1. It is, therefore, affected by a vulnerability: - OS command injection in the browser-based authentication component might allow a threat actor to execute arbitrary code by using specially crafted...
CVE-2026-5485
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
CVE-2026-35558
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...
CVE-2026-35559
Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...
CVE-2026-35560
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...
CVE-2026-35562
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...
CVE-2026-35561
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
EUVD-2026-18853
Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...
EUVD-2026-18857
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
EUVD-2026-18859
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...
EUVD-2026-18855
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...
EUVD-2026-18851
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...
EUVD-2026-18861
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...