Lucene search
K

103 matches found

Prion
Prion
added 2023/08/08 10:15 p.m.25 views

Input validation

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

4CVSS6.4AI score0.00672EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/08/08 9:2 p.m.28 views

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.4AI score0.00672EPSS
Exploits1References5
CVE
CVE
added 2023/08/08 9:2 p.m.2492 views

CVE-2023-39951

CVE-2023-39951 affects OpenTelemetry Java Instrumentation prior to 1.28.0. When instrumenting AWS SDK v2 calls to SES v1, the request query parameters are inserted into the trace url.path, causing the HTTP body (subject and message) to be exposed in telemetry backends. This information disclosure...

6.5CVSS6.3AI score0.00672EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/08 9:2 p.m.17 views

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.4AI score0.00672EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/08/08 9:2 p.m.61 views

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.5AI score0.00672EPSS
Exploits1References3
OSV
OSV
added 2023/07/27 5:0 p.m.14 views

MAL-2023-1118 Malicious code in aws-sdk-js-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e64c49f08b91cb456113ae44bbd8efc8280a1c79aa45ca1bd0f019c4af6ad873 The OpenSSF Package Analysis project identified 'aws-sdk-js-v3' @ 1.3.7 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 4:23 p.m.27 views

Security Bulletin: IBM Storage Protect server is vulnerable to a file system access attack due to AWS SDK for Java (CVE-2022-31159)

Summary The AWS SDK for Java is used by IBM Storage Protect server as part of its AWS cloud support. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the downloadDirector...

7.9CVSS6.7AI score0.01431EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2023/06/20 12:1 p.m.23 views

Cross-Site Scripting (XSS)

github.com/pydio/cells is vulnerable to Cross-Site Scripting XSS attacks. The Amazon AWS SDK for JavaScript is used to create presigned URLs for Pydio Cells. It is feasible to create valid signatures for any download URLs since the secrets required to sign these URLs are hardcoded and made...

5.4CVSS5.6AI score0.02937EPSS
Exploits4References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/19 6:38 p.m.66 views

Security Bulletin: There is a security vulnerability in AWS SDK for Java used by Maximo Asset Management (CVE-2022-31159)

Summary There is a security vulnerability in AWS SDK for Java used by Maximo Asset Management. This only affects systems configured to store attachments in a Simple Storage Service S3 cloud object storage. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remo...

7.9CVSS6.7AI score0.01431EPSS
Exploits1Affected Software11
NVD
NVD
added 2023/06/08 9:15 p.m.15 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

5.4CVSS5.3AI score0.02937EPSS
Exploits4References2
Prion
Prion
added 2023/06/08 9:15 p.m.20 views

Cross site scripting

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

4.9CVSS5.4AI score0.02937EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/08 12:0 a.m.9 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

6.5AI score0.02937EPSS
Exploits4References2
OSV
OSV
added 2023/06/08 12:0 a.m.20 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

5.4CVSS6.5AI score0.02937EPSS
Exploits4References4
vulnersOsv
vulnersOsv
added 2023/06/06 5:33 p.m.5 views

@aws-amplify/geo (>=2.0.13-push-notification-dryrun.43 <=2.0.35-unstable.15353e0.2), @aws-amplify/interactions (>=5.0.13-push-notification-dryrun.43 <=5.1.1-unstable.15353e0.2) +98 more potentially affected by CVE-2023-34104 via fast-xml-parser (>=4.1.3 <=4.2.3)

fast-xml-parser NPM version =4.1.3, =2.0.13-push-notification-dryrun.43, =5.0.13-push-notification-dryrun.43, =1.0.13-push-notification-dryrun.43, =5.0.13-push-notification-dryrun.43, =5.1.3-push-notification-dryrun.43, =1.1.6-exodus.1, =6.2.44, =9.1.0, =9.1.0, =9.53.0 and more Source cves:...

7.5CVSS7.1AI score0.01135EPSS
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.333 views

Pydio Cells 4.1.2 Cross Site Scripting

Advisory: Pydio Cells: Cross-Site Scripting via File Download Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web...

7.1AI score0.02937EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/26 11:13 a.m.43 views

Security Bulletin: There is a vulnerability in AWS SDK for Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-31159)

Summary There is a vulnerability in AWS SDK for Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw ...

7.9CVSS6.7AI score0.01431EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/19 9:18 p.m.39 views

Security Bulletin: IBM Security Guardium is affected by an AWS SDK vulnerability (CVE-2022-31159)

Summary IBM Security Guardium has fixed this vulnerability. Instructions for obtaining the fix are below. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the...

7.9CVSS6.8AI score0.01431EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/26 4:1 p.m.30 views

AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending

The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, SigningParams is printed, thereby revealing those credentials to...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/04/19 6:15 p.m.57 views

CVE-2023-30610

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/19 5:18 p.m.9 views

CVE-2023-30610 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder