EUVD-2022-6388

Malicious code in bioql PyPI...

EUVD-2025-21537

Malicious code in bioql PyPI...

CVE-2025-49827

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49827

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

CVE-2025-49827

CVE-2025-49827 affects CyberArk Conjur OSS (versions 1.19.5–1.22.0) and Secrets Manager, Self-Hosted (13.1–13.5, 13.6). Root cause is bypass of the IAM authenticator via manipulation of AWS-signed headers and a malformed regex that redirects the authentication validation request to a attacker-con...

CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CyberArk Conjur 安全漏洞

CyberArk Conjur is an open source key management software from CyberArk. A security vulnerability exists in CyberArk Conjur that stems from an IAM authenticator bypass that could lead to elevated privileges...

PT-2025-29612

Name of the Vulnerable Software and Affected Versions Conjur OSS versions 1.19.5 through 1.22.0 Secrets Manager, Self-Hosted versions 13.1 through 13.6 Description Conjur provides secrets management and application identity for infrastructure. A malformed regular expression allows an attacker...

SUSE SLES15 / openSUSE 15 Security Update : aws-iam-authenticator (SUSE-SU-2024:4329-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4329-1 advisory. - CVE-2022-1996: Fixed CORS bypass bsc1200528. Tenable has extracted the preceding description block directly from the SUSE...

Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: CVE-2022-1996: Fixed CORS bypass bsc1200528. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

SUSE-SU-2024:4329-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: - CVE-2022-1996: Fixed CORS bypass bsc1200528...

Fedora: Security Advisory for golang-sigs-k8s-aws-iam-authenticator (FEDORA-2022-5038c3236c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:2583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The initial work on this tool was driven by Heptio. The project receives contributions from multiple community engineers and is currently maintained by Heptio and Amazon EKS OSS Engineers...

openSUSE: Security Advisory for aws-iam-authenticator (SUSE-SU-2022:2583-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2022:2583-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2583-1 advisory. - A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and...

SUSE-SU-2022:2583-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass bsc1201395...