15 matches found
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Summary The Axios library is vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound...
EUVD-2019-18376
Malware in sbrugna...
CVE-2025-20286 ISE on AWS Static Credential
A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...
CVE-2025-27643
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...
CVE-2025-27643
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...
AWS VDP: Sensitive API Key Leakage
Vulnerability: AWS Sensitive Keys Leakage Details : the AWS Access Key & Secret Key is leaked in a Public GitHub Repository located at : Repository located at : █████████ Steps To Reproduce: Go to : ██████ In the middle of this file you can see the Keys Please see the attached screenshot also...
New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image AMI with a specific name to gain code execution within the Amazon Web Services AWS account. "If executed at scale, this attack could be used to gain...
CVE-2024-12408
CVE-2024-12408 (WP on AWS) describes a Reflected Cross-Site Scripting vulnerability in the WordPress WP on AWS plugin. All versions up to 5.2.1 are affected due to insufficient input sanitization and output escaping in POST data, enabling unauthenticated attackers to inject script if a user is tr...
PT-2024-30579 · Amazon · Aws Sagemaker
Name of the Vulnerable Software and Affected Versions: imartinez/privategpt versions up to and including 0.3.0 versions prior to 0.6.0 Description: A Python command injection vulnerability exists in the complete method of the SagemakerLLM class within ./private...
AWS VDP: CVE-2020-5902
CVE ID: CVE-2020-5902 Description: Affected Product: F5 BIG-IP Traffic Management User Interface TMUI Severity: Critical CVSS Score: 9.8 Description: Remote Code Execution RCE vulnerability in undisclosed pages of the TMUI CVE-2020-5902 is a critical vulnerability affecting the BIG-IP Traffic...
AWS VDP: Reflected XSS on Amazon EC2 Instance
Product: Amazon Elastic Compute Cloud Amazon EC2 Vulnerability Type: Reflected Cross-Site Scripting XSS CVE: CVE-2022-29548 Severity: Medium Description: A reflected XSS vulnerability was discovered on the Amazon EC2 instance, allowing an attacker to inject malicious JavaScript code, potentially...
Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk
A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as...
Denial Of Service (DoS)
linux-aws is vulnerable to denial of service. The vulnerability exists in nfnetlinkqueue.c because, in the case of an nfqueue not properly validate which allows an attacker to crash the application via malicious input...
USN-5591-4: Linux kernel (AWS) vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
F5 Networks BIG-IP : BIG-IP and BIG-IQ AWS vulnerability (K34511555)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.6.1 / 16.1.3.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K34511555 advisory. When the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ...