CVE-2023-51651
- EPSS 0.1%
- Veröffentlicht 22.12.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:38:32
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method...
CVE-2022-2582
- EPSS 0.08%
- Veröffentlicht 27.12.2022 22:15:12
- Zuletzt bearbeitet 11.04.2025 17:15:36
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older ...
CVE-2022-4725
- EPSS 0.08%
- Veröffentlicht 27.12.2022 15:15:12
- Zuletzt bearbeitet 21.11.2024 07:35:49
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation lea...
- EPSS 0.67%
- Veröffentlicht 04.04.2019 15:29:01
- Zuletzt bearbeitet 21.11.2024 03:58:56
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. N...