Lucene search
+L

104 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7612

Malicious code in bioql PyPI...

9.8CVSS5.9AI score0.00669EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6311

Malicious code in bioql PyPI...

7.9CVSS7AI score0.01431EPSS
Exploits1References5
Gitee
Gitee
added 2025/09/07 12:46 a.m.91 views

payloadsallthethings

This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-51651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix...

6CVSS5.4AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2025/06/25 5:22 p.m.7 views

MAL-2025-5251 Malicious code in aws-sdk-react-native-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:25 a.m.13 views

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

9.8CVSS6.9AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 5:20 p.m.10 views

GHSA-RV78-QQRQ-73M5 Directus's S3 assets become unavailable after a burst of HEAD requests

Summary There's some tools that use Directus to sync content and assets. Some of those tools use HEAD method, like Shopify, to check the existence of files. Although, when making many HEAD requests at once, at some point, all assets are being served as 403. Details When I was investigating this...

5.3CVSS6.8AI score0.00406EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/26 5:20 p.m.18 views

Directus's S3 assets become unavailable after a burst of HEAD requests

Summary There's some tools that use Directus to sync content and assets. Some of those tools use HEAD method, like Shopify, to check the existence of files. Although, when making many HEAD requests at once, at some point, all assets are being served as 403. Details When I was investigating this...

5.3CVSS7AI score0.00406EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2025/03/26 5:19 p.m.8 views

GHSA-J8XJ-7JFF-46MX Directus's S3 assets become unavailable after a burst of malformed transformations

Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...

5.3CVSS6.8AI score0.00406EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/26 5:19 p.m.35 views

Directus's S3 assets become unavailable after a burst of malformed transformations

Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...

5.3CVSS7.1AI score0.00406EPSS
Exploits1References3Affected Software2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS5.7AI score0.00245EPSS
Exploits0References2
Fedora
Fedora
added 2025/01/14 1:8 a.m.15 views

[SECURITY] Fedora 41 Update: golang-github-aws-sdk-2-20250103-1.fc41

AWS SDK for the Go programming language...

5.4CVSS5.6AI score0.00874EPSS
Exploits0
OSV
OSV
added 2024/12/08 9:58 p.m.5 views

MAL-2024-11257 Malicious code in @aws-sdk-examples/libs (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2024/11/22 1:6 a.m.25 views

com.amazonaws:aws-java-sdk-s3 Dependency in Bamboo Data Center and Server

This High severity com.amazonaws:aws-java-sdk-s3 Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, and 9.2.1 of Bamboo Data Center and Server. This com.amazonaws:aws-java-sdk-s3 Dependency vulnerability, with a CVSS Score of 7.9 and a CVSS Vector of...

7.9CVSS6.3AI score0.01431EPSS
Exploits1
NVD
NVD
added 2023/12/22 9:15 p.m.41 views

CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS0.00376EPSS
Exploits0References3
Prion
Prion
added 2023/12/22 9:15 p.m.17 views

Path traversal

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

1.7CVSS7.2AI score0.00376EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/22 9:3 p.m.49 views

CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS6.2AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2023/12/22 9:3 p.m.50 views

CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS5.4AI score0.00881EPSS
Exploits1References5
OSV
OSV
added 2023/12/21 11:16 p.m.78 views

GHSA-557V-XCG6-RM5M Potential URI resolution path traversal in the AWS SDK for PHP

Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the Guzz...

6CVSS4.8AI score0.00881EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 7:33 p.m.51 views

Security Bulletin: AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159)

Summary AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the...

7.9CVSS6.7AI score0.01431EPSS
Exploits1Affected Software1
Rows per page
Query Builder