6 matches found
CVE-2026-5485
CVE-2026-5485 affects the Amazon Athena ODBC driver on Linux, specifically the browser-based authentication component prior to version 2.0.5.1. The issue allows OS command injection via specially crafted connection parameters loaded during a local user-initiated connection, enabling potential arb...
CVE-2026-35561
CVE-2026-35561 affects the Amazon Athena ODBC driver (before 2.1.0.0) due to insufficient authentication controls in browser-based authentication components. This could allow a threat actor to intercept or hijack authentication sessions. Impact is stated as high/critical depending on metric, with...
CVE-2026-35562
CVE-2026-35562 affects the Amazon Athena ODBC driver prior to version 2.1.0.0, where allocations of resources in the parsing components may be unbounded, enabling a threat actor to induce a denial of service via crafted input during parsing. Affected platforms include Windows, Linux, and macOS bu...
CVE-2026-35559
CVE-2026-35559 affects the Amazon Athena ODBC driver. The issue is an out-of-bounds write in the driver’s query processing components prior to version 2.1.0.0, which could crash the driver when processing specially crafted data during queries. Remediation: upgrade to version 2.1.0.0 or later. If ...
CVE-2026-35560
Affected software: Amazon Athena ODBC Driver prior to 2.1.0.0. Issue: Improper certificate validation in the identity provider connection components can enable a man‑in‑the‑middle attack to intercept authentication credentials when connecting to external identity providers. Impact: Credential int...
CVE-2026-35558
Affected software: Amazon Athena ODBC driver (pre-2.1.0.0). Issue: Improper neutralization of special elements in authentication components during user-initiated authentication, enabling a threat actor to execute arbitrary code or redirect authentication flows with specially crafted connection pa...