50 matches found
EUVD-2021-0029
Malware in sbrugna...
EUVD-2021-0030
Malware in sbrugna...
EUVD-2021-0031
Malware in sbrugna...
EUVD-2021-0028
Malware in sbrugna...
MAL-2025-6152 Malicious code in aws-iot-twinmaker-grafana-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c4ed5abc6b9aacfab44cd41a0d5b9609603b25a6a318e051d71e9efa218d851 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12129 Malicious code in aws-iot-samples-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379933a89a9078f046a3ed35489373ccc8c0e070cef4700bbd90d36f087d5569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-6627 Malicious code in apiotics-aws_iot_client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2022-1199 Malicious code in aws-iot-greengrass-accelerators (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d12fb992832ab6f19a89aff974cd7a31a75944f387d6c3ca8c8d26e1507f2bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Insecure Certificate Validation
aws-iot-device-sdk-v2 uses insecure certificate validation. Attackers are able to compromise certificate authorities in their trust stores on macOS, by spoofing DNS records to bypass CA pinning...
Improper certificate management in AWS IoT Device SDK v2
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...
GHSA-C4RH-4376-GFF4 Improper certificate management in AWS IoT Device SDK v2
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...
GHSA-743R-5G92-5VGF Improper certificate management in AWS IoT Device SDK v2
Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...
Improper certificate management in AWS IoT Device SDK v2
Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...
GHSA-94JQ-Q5V2-76WJ Improper certificate management in AWS IoT Device SDK v2
Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...
Improper certificate management in AWS IoT Device SDK v2
Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...
GHSA-J3F7-7RMC-6WQJ Improper certificate management in AWS IoT Device SDK v2
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been "overridden". TLS handshakes will thus succeed if the peer...
Improper certificate management in AWS IoT Device SDK v2
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been "overridden". TLS handshakes will thus succeed if the peer...
Insecure Certificate Validation
aws/aws-iot-device-sdk-js-v2 is vulnerable to Insecure Certificate Validation. Attackers are able to compromise certificate authorities in their trust stores on Linux/Unix, by spoofing DNS records to bypass CA pinning...
Insecure Certificate Validation
aws-iot-device-sdk-v2 uses insecure certificate validation. The library does not verify server certificate hostname during TLS handshake, allowing attackers to override certificate authorities in their trust stores on Microsoft Windows...
CVE-2021-40831
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...