27 matches found
CVE-2021-41278
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
CVE-2022-31066
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
EUVD-2021-19524
Malware in sbrugna...
EUVD-2021-2305
Malware in sbrugna...
EUVD-2022-6047
Malicious code in bioql PyPI...
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...
Authorization Bypass
github.com/edgexfoundry/edgex-go and github.com/edgexfoundry/device-sdk-go are vulnerable to authorization bypass. The vulnerability exists in BootstrapHandler function in messaging.go because it doesn't remove MessageBus Options data from configuration after creating a message client which allow...
CVE-2022-31066
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
Authentication flaw
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
CVE-2022-31066
CVE-2022-31066 affects EdgeXFoundry up to version 2.1.1, where the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, credentials should be stored in the secret store, but access controls are bypassed, allowing interception or injecti...
CVE-2022-31066 Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
CVE-2022-31066 Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
EdgeX Foundry 信息泄露漏洞
EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. An information disclosure vulnerability exists in EdgeX Foundry versions prior to 2.1.1, which stems from the /api/v2/config endpoint exposing message bus credentials to a local, unauthenticated user...
Broken encryption in EdgeX Foundry
Summary Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. Detailed Description The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in th...
GHSA-6C7M-QWXJ-MVHP Broken encryption in EdgeX Foundry
Summary Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. Detailed Description The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in th...
CVE-2021-41278
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
CVE-2021-41278
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
Input validation
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
EdgeX Foundry 加密问题漏洞
EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. A cryptographic issue vulnerability exists in EdgeX's Functions SDK that allows an attacker to decrypt messages via unspecified vectors...
CVE-2021-41278
EdgeX Foundry CVE-2021-41278 affects the app-functions-sdk-go (and related EdgeX components) where the AES transform is broken in encryption, allowing potential decryption of data for users who enable AES in their pipelines. Affected releases rely on a flawed AES implementation; the AES transform...