Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1693)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1693 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. CVE-2026-23394 In the Linux kernel, the following vulnerability has been resolved:...

AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...

CVE-2024-41178

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...

BIT-CILIUM-OPERATOR-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

EUVD-2025-199886

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

EUVD-2023-1355

Malicious code in bioql PyPI...

payloadsallthethings

This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...

Wiz and AWS Security Hub Enhance Cloud Risk Prioritization

Wiz joins as a launch partner for AWS Security Hub to help customers act faster on prioritized security findings...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

5 Impactful AWS Vulnerabilities You're Responsible For

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer's responsibility. Think of AWS security like protecting a building: AWS provides strong...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

JavaGhost Uses Amazon IAM Permissions to Phish Organizations

Unit 42 uncovers JavaGhost's evolving AWS attacks. Learn how this threat actor uses phishing, IAM abuse, and advanced…...

USN-7234-4: Linux kernel (AWS) vulnerabilities

Ye Zhang and Nicolas Wu discovered that the iouring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

The Basics of AWS Infrastructure Security

Discover key strategies to strengthen your AWS security posture, from applying protection at all layers to understanding shared responsibility in the cloud...

Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR

Co-athored by Mikayla Wyman and Ryan Blanchard As organizations increasingly rely on AWS for scalability and innovation, the complexity of securing these environments grows. AWS offers a robust set of native services and a comprehensive ecosystem, but managing security signals and responding to...

GHSA-RJC6-VM4H-85CG Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs

Summary The AWS Serverless Application Model SAM CLI is an open source tool that allows customers to build, deploy and test their serverless applications built on AWS. AWS SAM CLI can build container Docker images and customers can specify arguments in the SAM template that are passed to the Dock...

GHSA-HHPG-V63P-WP7W TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

GHSA-WXCX-GG9C-FWP2 TorchServe vulnerable to bypass of allowed_urls configuration

Impact TorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which...