522 matches found
SUSE CVE-2025-59048
OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...
WSO2多款产品 安全漏洞
WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists i...
CVE-2025-11621
Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise...
CVE-2025-59048
OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
Vault and Vault Enterprise's "Vault" AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5,...
GHSA-9G4H-H484-3578 HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
Vault and Vault Enterprise's "Vault" AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5,...
CVE-2025-11621 Vault AWS auth method bypass due to AWS client cache
Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise...
HashiCorp Vault Enterprise 安全漏洞
HashiCorp Vault Enterprise is an enterprise information archiving platform from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise versions 1.21.0, 1.20.5, 1.19.11, and 1.16.27, which stems from the same or wildcard use of the boundprincipaliam rol...
EUVD-2017-18298
Malware in sbrugna...
EUVD-2019-1989
Malware in sbrugna...
EUVD-2021-2368
Malware in sbrugna...
EUVD-2019-2220
Malware in sbrugna...
EUVD-2016-9368
Malware in sbrugna...
EUVD-2015-6797
Malware in sbrugna...
EUVD-2021-1705
Malware in sbrugna...
EUVD-2025-7453
Malicious code in bioql PyPI...
EUVD-2025-19964
Malicious code in bioql PyPI...
EUVD-2025-1817
Malicious code in bioql PyPI...
EUVD-2022-6388
Malicious code in bioql PyPI...
EUVD-2025-21537
Malicious code in bioql PyPI...