451 matches found
Cleartext Storage of Sensitive Information
Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing...
PT-2026-42603
Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...
CVE-2026-8597
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-8596
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
Amazon SageMaker Python SDK 安全漏洞
Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the...
Malicious code in @sage-active/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b00241523d12b3a7ef46eb21d2e480e96702d56bd067ace6e34262cedf6747f The package @sage-active/ui was found to contain malicious code. Source: ghsa-malware 87a70bf25b705a32cb00ec306c3a4634f7b7194979aabe11a126cc59a26ffb2...
MAL-2026-2593 Malicious code in @sage-active/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b00241523d12b3a7ef46eb21d2e480e96702d56bd067ace6e34262cedf6747f The package @sage-active/ui was found to contain malicious code. Source: ghsa-malware 87a70bf25b705a32cb00ec306c3a4634f7b7194979aabe11a126cc59a26ffb2...
CVE-2025-67806
The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
CVE-2025-67806
The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67807
The CVE concerns Sage DPW 2025_06_004. The login mechanism exposes different responses for valid vs invalid usernames, enabling account enumeration in versions prior to 2021_06_000. In newer, on-premise deployments, administrators can toggle this behavior. The connected records do not provide any...
CVE-2025-67805
Sage DPW 2025_06_004 contains a non-default configuration exposing unauthenticated access to diagnostic endpoints of the Database Monitor, allowing exposure of hashes and table names. The feature is disabled by default in all installations and never available in Sage DPW Cloud; Red Hat/NVD/ENISA/...
PT-2026-29543
The login mechanism of Sage DPW 2025 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
Sage DPW 安全漏洞
Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from the login mechanism’s different responses for valid and invalid usernames, which could lead to the enumeration of existing...
Sage DPW 安全漏洞
Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...