800 matches found
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks...
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...
CVE-2019-10364
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log...
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create...
AWS VDP: Private AWS AMIs are temporarily being exposed publicly
Temporary public exposure of private AWS AMIs was discovered. Multiple AMIs with internal AWS-related content were found in the public AMI community catalog, but were quickly removed. An EC2 instance was successfully created using one of the exposed AMIs, revealing the presence of undocumented...
Cannot create hosting connection for AWS "Failed to connect the AWS EC2 endpoint URL"
On entering API key and Secret key with Role Based Authentrication for AWS get the following error: Transaction ID:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Action Name: HostingEditHypervisorConnection Exception: StudioErrorId : ConnectionValidationFailure Reason : ManagedMachineGeneralException Exception :...
CVE-2024-0455
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
Daas unable to create host connection with error: "URL invalid"
Unable to create a host connection to AWS EC2 and on-premises hypervisors XenServer, VMWare, etc. with invalid URL or authentication failure when a proxy has been configured for the Network Service account...
FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits
Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools...
CVE-2024-53095
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...
CVE-2024-53095 smb: client: Fix use-after-free of network namespace.
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...
CVE-2024-53095
CVE-2024-53095 – Linux kernel SMB CIFS client UAF Issue: The CIFS/SMB client in the Linux kernel can use-after-free the network namespace (netns) when sockets are freed after the netns lifetime, triggering oopses during reconnect in Kubernetes pods that mount CIFS shares in non-root netns. Root c...
RHEL 6 : openstack-keystone (RHSA-2014:0089)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0089 advisory. The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token,...
Metasploit Weekly Wrap-Up 10/25/2024
Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc...
CVE-2024-10125
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...
CVE-2024-10125 Lack of JWT issuer and signer validation
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...
CVE-2024-10125
CVE-2024-10125 concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore middleware used with ALB OpenID Connect in ASP.NET Core deployments. The root cause is that JWT handling performs signature validation but fails to validate the JWT issuer and signer identity, enabling a signed token f...
AWS VDP: Reflected XSS on Amazon EC2 Instance
Product: Amazon Elastic Compute Cloud Amazon EC2 Vulnerability Type: Reflected Cross-Site Scripting XSS CVE: CVE-2022-29548 Severity: Medium Description: A reflected XSS vulnerability was discovered on the Amazon EC2 instance, allowing an attacker to inject malicious JavaScript code, potentially...
The vulnerability of the EC2 Cloud Profile module in the Continuous Integration and Delivery application delivery system of JetBrains TeamCity allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the EC2 Cloud Profile module in the Continuous Integration and Delivery application delivery system CI/CD of JetBrains TeamCity is related to insufficient protection for registration data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain...
RHSA-2017:2811 Red Hat Security Advisory: eap7-jboss-ec2-eap security update
Bulletin has no description...