Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sdk vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-26341
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
Intel Manageability Commander
Intel Active Management Technology Software Development Kit
Intel Endpoint Management Assistant
8.8
CVSSv3
CVE-2022-35623
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth
Nordicsemi Nrf5 Sdk For Mesh 5.0
8.8
CVSSv3
CVE-2022-35624
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN
Nordicsemi Nrf5 Sdk For Mesh
8.8
CVSSv3
CVE-2022-29558
Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.
Realtek Rtl819x Software Development Kit
8.8
CVSSv3
CVE-2022-24893
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This ca...
Espressif Esp-idf 4.1.3
Espressif Esp-idf 4.2.3
Espressif Esp-idf 4.3.2
Espressif Esp-idf 4.4.1
8.8
CVSSv3
CVE-2021-22568
When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev....
Dart Dart Software Development Kit
8.8
CVSSv3
CVE-2021-40828
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.3.3), Python (versions before 1.5.18), C++ (versions before 1.12.7) and Node.js (versions before 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Aut...
Amazon Amazon Web Services Aws-c-io
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-40829
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.4.2), Python (versions before 1.6.1), C++ (versions before 1.12.7) and Node.js (versions before 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Auth...
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-43581
An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK prior to 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, c...
Opendesign Prc Sdk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »