Lucene search
K

800 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:1 p.m.9 views

CVE-2020-2185

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks...

6.8CVSS6.8AI score0.00694EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.7 views

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.3CVSS6.7AI score0.00636EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 a.m.5 views

CVE-2019-10364

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log...

5.5CVSS6.8AI score0.00337EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/04/08 4:56 p.m.24 views

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create...

8.3AI score
Exploits0
Hacker One
Hacker One
added 2025/04/08 3:23 p.m.7 views

AWS VDP: Private AWS AMIs are temporarily being exposed publicly

Temporary public exposure of private AWS AMIs was discovered. Multiple AMIs with internal AWS-related content were found in the public AMI community catalog, but were quickly removed. An EC2 instance was successfully created using one of the exposed AMIs, revealing the presence of undocumented...

7.1AI score
Exploits0
Citrix
Citrix
added 2025/04/01 12:0 a.m.9 views

Cannot create hosting connection for AWS "Failed to connect the AWS EC2 endpoint URL"

On entering API key and Secret key with Role Based Authentrication for AWS get the following error: Transaction ID:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Action Name: HostingEditHypervisorConnection Exception: StudioErrorId : ConnectionValidationFailure Reason : ManagedMachineGeneralException Exception :...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/04 11:4 p.m.10 views

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS7.4AI score0.00813EPSS
Exploits1References1
Citrix
Citrix
added 2025/02/04 12:0 a.m.9 views

Daas unable to create host connection with error: "URL invalid"

Unable to create a host connection to AWS EC2 and on-premises hypervisors XenServer, VMWare, etc. with invalid URL or authentication failure when a proxy has been configured for the Network Service account...

7.4AI score
Exploits0
HackRead
HackRead
added 2025/01/01 10:42 a.m.10 views

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/11/22 8:20 a.m.23 views

CVE-2024-53095

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

5.5CVSS6.8AI score0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/21 6:17 p.m.29 views

CVE-2024-53095 smb: client: Fix use-after-free of network namespace.

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

0.00223EPSS
Exploits0References3
CVE
CVE
added 2024/11/21 6:17 p.m.183 views

CVE-2024-53095

CVE-2024-53095 – Linux kernel SMB CIFS client UAF Issue: The CIFS/SMB client in the Linux kernel can use-after-free the network namespace (netns) when sockets are freed after the netns lifetime, triggering oopses during reconnect in Kubernetes pods that mount CIFS shares in non-root netns. Root c...

7.8CVSS6.6AI score0.00223EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.13 views

RHEL 6 : openstack-keystone (RHSA-2014:0089)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0089 advisory. The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token,...

5.8CVSS5.6AI score0.02239EPSS
Exploits2References5
Rapid7 Blog
Rapid7 Blog
added 2024/10/25 7:34 p.m.46 views

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc...

9.8CVSS9.6AI score0.99994EPSS
Exploits38
NVD
NVD
added 2024/10/22 12:15 a.m.27 views

CVE-2024-10125

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS0.00319EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/21 11:25 p.m.36 views

CVE-2024-10125 Lack of JWT issuer and signer validation

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/10/21 11:25 p.m.87 views

CVE-2024-10125

CVE-2024-10125 concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore middleware used with ALB OpenID Connect in ASP.NET Core deployments. The root cause is that JWT handling performs signature validation but fails to validate the JWT issuer and signer identity, enabling a signed token f...

7.5CVSS7.6AI score0.00319EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/10/17 10:41 a.m.38 views

AWS VDP: Reflected XSS on Amazon EC2 Instance

Product: Amazon Elastic Compute Cloud Amazon EC2 Vulnerability Type: Reflected Cross-Site Scripting XSS CVE: CVE-2022-29548 Severity: Medium Description: A reflected XSS vulnerability was discovered on the Amazon EC2 instance, allowing an attacker to inject malicious JavaScript code, potentially...

6.1CVSS6AI score0.40481EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2024/10/07 12:0 a.m.7 views

The vulnerability of the EC2 Cloud Profile module in the Continuous Integration and Delivery application delivery system of JetBrains TeamCity allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the EC2 Cloud Profile module in the Continuous Integration and Delivery application delivery system CI/CD of JetBrains TeamCity is related to insufficient protection for registration data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain...

5CVSS5.5AI score0.00291EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/29 5:11 p.m.26 views

RHSA-2017:2811 Red Hat Security Advisory: eap7-jboss-ec2-eap security update

Bulletin has no description...

9.8CVSS7.3AI score0.8904EPSS
Exploits5References30
Rows per page
Query Builder