Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

CVE-2020-36566: Snyk Vulnerability Database | Snyk

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

CVE
Open in Source
#vulnerability#mac#google#amazon#git#java#oracle#alibaba#ruby
GHSA-f5h9-qx38-2hgp: AWS SDK is vulnerable to server-side request forgery (SSRF)

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 can address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

CVE-2022-4725: Release AWS SDK for Android 2.59.1 · aws-amplify/aws-sdk-android

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

The Threat of Predictive Policing to Data Privacy and Personal Liberty

Inaccurate information from data brokers can damage careers and reputations. It's time for US privacy laws to change how law enforcement and legal agencies obtain and act on data.

Internet AppSec Remains Abysmal & Requires Sustained Action in 2023

A variety of initiatives — such as memory-safe languages and software bills of materials — promise more secure applications, but sustained improvements will require that vendors do much better, researchers agree.

Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme

Plus: An offensive US hacking operation, swatters hacking Ring cameras, a Netflix password-sharing crackdown, and more.

New Brand of Security Threats Surface in the Cloud

Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach.

CVE-2022-34468: Security Vulnerabilities fixed in Firefox 102

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Google WordPress Plug-in Bug Allows AWS Metadata Theft

A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.