104 matches found
EUVD-2022-7612
Malicious code in bioql PyPI...
EUVD-2022-6311
Malicious code in bioql PyPI...
payloadsallthethings
This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...
Linux Distros Unpatched Vulnerability : CVE-2023-51651
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix...
MAL-2025-5251 Malicious code in aws-sdk-react-native-core (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...
CVE-2022-4725
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...
GHSA-RV78-QQRQ-73M5 Directus's S3 assets become unavailable after a burst of HEAD requests
Summary There's some tools that use Directus to sync content and assets. Some of those tools use HEAD method, like Shopify, to check the existence of files. Although, when making many HEAD requests at once, at some point, all assets are being served as 403. Details When I was investigating this...
Directus's S3 assets become unavailable after a burst of HEAD requests
Summary There's some tools that use Directus to sync content and assets. Some of those tools use HEAD method, like Shopify, to check the existence of files. Although, when making many HEAD requests at once, at some point, all assets are being served as 403. Details When I was investigating this...
GHSA-J8XJ-7JFF-46MX Directus's S3 assets become unavailable after a burst of malformed transformations
Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...
Directus's S3 assets become unavailable after a burst of malformed transformations
Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...
CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
[SECURITY] Fedora 41 Update: golang-github-aws-sdk-2-20250103-1.fc41
AWS SDK for the Go programming language...
MAL-2024-11257 Malicious code in @aws-sdk-examples/libs (npm)
--- -= Per source details. Do not edit below this line.=-...
com.amazonaws:aws-java-sdk-s3 Dependency in Bamboo Data Center and Server
This High severity com.amazonaws:aws-java-sdk-s3 Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, and 9.2.1 of Bamboo Data Center and Server. This com.amazonaws:aws-java-sdk-s3 Dependency vulnerability, with a CVSS Score of 7.9 and a CVSS Vector of...
CVE-2023-51651
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...
Path traversal
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...
CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...
CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...
GHSA-557V-XCG6-RM5M Potential URI resolution path traversal in the AWS SDK for PHP
Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the Guzz...
Security Bulletin: AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159)
Summary AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the...