CVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

May 27, 2025

CVE ID : CVE-2025-5279

Published : May 27, 2025, 9:15 p.m. | 3 hours, 44 minutes ago

Description : When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token.

This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5280 – Google Chrome V8 Out-of-Bounds Heap Corruption Vulnerability

Next Article CVE-2025-5198 – Stackrox XSS Vulnerability in Role Object Name

Highlights

CVE-2025-4720 – SourceCodester Student Result Management System Remote Path Traversal Vulnerability

May 15, 2025

CVE ID : CVE-2025-4720

Published : May 15, 2025, 9:15 p.m. | 3 hours, 42 minutes ago

Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

Report: Samsung’s tri-fold phone, XR headset, and AI smart glasses to be revealed at Sep 29 Unpacked event

Are smart glasses with built-in hearing aids viable? My verdict after months of testing

These 7 smart plug hacks that saved me time, money, and energy (and how I set them up)

Amazon will sell you the iPhone 16 Pro for $250 off right now – how the deal works

Fake News Detection using Python Machine Learning (ML)

Fake News Detection using Python Machine Learning (ML)

Common FP – A New JS Utility Lib

Call for Speakers – JS Conf Armenia 2025

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Fox Sports not Working: 7 Quick Fixes to Stream Again

Capital One Zelle not Working: 7 Fast Fixes

CVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

CVE-2024-32832 – Hamid Alinia Login with Phone Number Missing Authorization

CVE-2025-31100 – Mojoomla School Management Unrestricted File Upload Vulnerability

As an SEO beginner, how can I get traffic for the website I’ve created?

CVE-2025-43023 – HP Linux Imaging and Printing Software DSA Code Signing Key Weakness

CVE-2025-5790 – TOTOLINK X15 Buffer Overflow Vulnerability

Rilasciato GNU Nano 8.5: L’editor di testo a riga di comando con ancore salvate e colorazione della sintassi migliorata

CVE-2025-4720 – SourceCodester Student Result Management System Remote Path Traversal Vulnerability

Project Manager for Planner in Teams gets real-time task notifications

Grow a Garden

ASCII Draw lets you sketch anything using characters

CVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

Related Posts