Lucene search
K

13 matches found

OSV
OSV
added last week6 views

GO-2026-5764 DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream

DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 12:2 p.m.19 views

Malicious code in @validate-sdk/v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93b483fd9338717a984d2e695d44a5497cb4b2d1a91c0eabc160fbc6d6cd7aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 7:19 a.m.10 views

Malicious code in pino-sdk-v2 (npm)

Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious package/lib/tools.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a The...

5.9AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43649

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00672EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.5 views

Realtek AP-Router SDK Input Validation Error Vulnerability

The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...

7.2CVSS7.9AI score0.01178EPSS
Exploits1References2
NVD
NVD
added 2023/08/08 10:15 p.m.46 views

CVE-2023-39951

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.3AI score0.00672EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/08 9:2 p.m.17 views

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.4AI score0.00672EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/08/08 9:2 p.m.61 views

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.5AI score0.00672EPSS
Exploits1References3
OSV
OSV
added 2023/08/08 9:2 p.m.28 views

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.4AI score0.00672EPSS
Exploits1References5
OSV
OSV
added 2021/11/23 12:15 a.m.18 views

CVE-2021-40831

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...

7.2CVSS6.8AI score
Exploits0References5
Prion
Prion
added 2021/11/23 12:15 a.m.24 views

Design/Logic Flaw

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...

5.8CVSS8.5AI score0.00375EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/11/23 12:15 a.m.47 views

PYSEC-2021-861

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS4.4AI score0.00398EPSS
Exploits0References6
CVE
CVE
added 2021/11/22 11:41 p.m.100 views

CVE-2021-40828

CVE-2021-40828 affects AWS IoT Device SDK v2 on Windows prior to specific versions: Java < 1.3.3, Python < 1.5.18, C++ < 1.12.7, Node.js

8.8CVSS7.2AI score0.00398EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder