18 matches found
CVE-2024-34525
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file...
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
CVE-2024-34525
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file...
CVE-2024-34525
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file...
CVE-2024-34525
CVE-2024-34525 affects FileCodeBox 2.0, where a cleartext environment file stores sensitive credentials (OneDrive password and AWS key). Root cause is storing credentials in an unencrypted env file, enabling potential unauthorized access if the file is exposed. Documented remediation/recommendati...
CVE-2024-34525
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file...
CVE-2024-34525
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file...
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was fir...
GHSA-4PH2-8337-HM62 Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
GHSA-W736-HF9P-QQH3 Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
Command injection
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
CVE-2019-15310
CVE-2019-15310 affects Linkplay firmware. The issue enables WAN remote code execution without user interaction, enabling an attacker to retrieve the firmware AWS credentials and gain full control over Linkplay’s AWS estate, including S3 buckets containing device firmware. When combined with an OS...
Legal Robot: S3 ACL misconfiguration
Summary: Legal Robot's s3 bucket legalrobot.com is misconfigured. The ACL allows me to access and copy all files. This means that I could go through and copy all the media files on the s3 bucket. I did not attempt to delete any files as I did not want to go too far and affect your operations. Ste...