31 matches found
Check Point Security Gateway 安全漏洞
Check Point Security Gateway is a series of network security gateway devices developed by the Israeli company Check Point. There is a security vulnerability in Check Point Security Gateway, which arises when the identity-aware module based on browser authentication is enabled, allowing...
CVE-2025-27853
Summary: CVE-2025-27853 affects the Garmin WDU web-based UI (versions v1 1.4.6 and v2 5.0). The root cause is that authentication is performed only in the client browser while WebSocket communications to the WDU server do not enforce authentication. This enables an attacker to bypass authenticati...
CVE-2025-27853
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
CVE-2026-5485
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
EUVD-2026-18857
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
EUVD-2026-18861
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
CVE-2026-35561
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
CVE-2026-5485
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
CVE-2026-5485
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
CVE-2026-5485 OS command injection in Amazon Athena ODBC driver on Linux
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
CVE-2026-5485
CVE-2026-5485 affects the Amazon Athena ODBC driver on Linux, specifically the browser-based authentication component prior to version 2.0.5.1. The issue allows OS command injection via specially crafted connection parameters loaded during a local user-initiated connection, enabling potential arb...
CVE-2026-35561
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
CVE-2026-35561
CVE-2026-35561 affects the Amazon Athena ODBC driver (before 2.1.0.0) due to insufficient authentication controls in browser-based authentication components. This could allow a threat actor to intercept or hijack authentication sessions. Impact is stated as high/critical depending on metric, with...
PT-2026-30223
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...
Amazon Athena ODBC driver 安全漏洞
The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.0.5.1 contained security vulnerabilities. These vulnerabilities stemmed from the browser-based authentication component’s ability to execute...
EUVD-2022-35446
Malicious code in bioql PyPI...
EUVD-2022-34278
Malicious code in bioql PyPI...
CVE-2022-30239
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971...
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...