AWS SDK for .NET 输入验证错误漏洞

AWS SDK for .NET is an open source developer kit from Amazon Web Services. An input validation error vulnerability exists in AWS SDK for .NET versions 4.0.0 through prior to 4.0.3.3, which stems from a regional input field that can be set to an invalid value, potentially resulting in AWS API call...

CVE-2021-27408

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools Welch Allyn Service Tool: versions prior to v1.10, Welch Ally...

MAL-2026-181 Malicious code in smintio-portals-component-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ac8dad03743200fb36bb249f7d2292a267daaffb767a56e0c0e6634dc71afe The package smintio-portals-component-sdk was found to contain malicious code. Source: ghsa-malware...

Improper Validation of Syntactic Correctness of Input

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid...

EUVD-2026-1418

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value...

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)

aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

Moderate Photon OS Security Update - PHSA-2026-4.0-0942

Updates of 'rubygem-aws-sdk-s3', 'aws-sdk-cpp' packages of Photon OS have been released...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

EUVD-2025-203984

Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

CVE-2025-14760

CVE-2025-14760 affects the AWS SDK for C++ and is reported in multiple sources including Red Hat and VMware Photon advisories. The issue is described as missing cryptographic key commitment that could allow a user with write access to an S3 bucket to insert a new envelope data key (EDK) that decr...

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...

PT-2025-51882

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...

PT-2025-51881

Name of the Vulnerable Software and Affected Versions AWS SDK for C++ versions prior to 1.11.712 Description A missing cryptographic key commitment in the AWS SDK for C++ could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

Adobe DNG Software Development Kit (SDK) Input Validation Error Vulnerability

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. An input validation error vulnerability exists in Adobe DNG Software Development Kit SDK, which can be exploited by an attacker to execute arbitrary code on a system or cause an applicati...

PT-2025-51206

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of netwo...

CVE-2025-66033

CVE-2025-66033 affects Okta Java Management SDK (versions 21.0.0–24.0.0). The issue involves improper thread cleanup in multithreaded use of the ApiClient, which can cause memory issues and, under sustained load, degrade performance and availability and may lead to a denial-of-service. Red Hat/Re...

CVE-2025-64783

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...