10 matches found
EUVD-2024-1151
Malicious code in bioql PyPI...
CVE-2025-54809 F5 Access for Android vulnerability
F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
SUSE CVE-2024-41178
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...
The vulnerability of the AssumeRoleWithWebIdentity request of the Security Token Service (AWS STS) – a single API for interacting with object storage services and local files in Apache Arrow Rust Object Store – allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the AssumeRoleWithWebIdentity request of the Security Token Service AWS STS – a single API for interacting with object storage services and local files – is related to insufficient protection of registration data. Exploiting this vulnerability allows an attacker to bypass...
CVE-2024-41178
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...
Apache Arrow 日志信息泄露漏洞
Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A log message disclosure vulnerability...
PT-2024-5382 · Apache · Apache Arrow Rust Object Store
Name of the Vulnerable Software and Affected Versions: Apache Arrow Rust Object Store versions 0.10.1 and earlier Description: The issue is related to the exposure of temporary credentials in logs when using AWS WebIdentityTokens with the object store crate. On certain error conditions, the logs...
MAL-2024-1593 Malicious code in ato-z-web-identity-components-app-cdk-adp-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c33c62d31d74de8fa6a7a3911507ce9a8d513bccb45ff1b51b7fbb9068920d3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Chrome announces plans to improve URL display, website identity
“Unreadable gobbledygook” is one way to describe URLs today as we know them, and Google has been attempting to redo their look for years. In their latest move to improve how Chrome—and of course, how the company hopes other browsers would follow suit—displays the URL in its omnibox the address ba...