Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon aws software development kit vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2018-19981
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must ...
Amazon Aws Software Development Kit
NA
CVE-2023-51651
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer compone...
Amazon Aws Software Development Kit
NA
CVE-2022-2582
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
Amazon Aws Software Development Kit
NA
CVE-2022-4725
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forg...
Amazon Aws Software Development Kit
NA
CVE-2023-35165
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and...
Amazon Aws Cloud Development Kit
5.8
CVSSv2
CVE-2021-40828
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.3.3), Python (versions before 1.5.18), C++ (versions before 1.12.7) and Node.js (versions before 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Aut...
Amazon Amazon Web Services Aws-c-io
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
5.8
CVSSv2
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
6
CVSSv2
CVE-2021-40831
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes...
Amazon Amazon Web Services Aws-c-io 0.10.7
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
5.8
CVSSv2
CVE-2021-40829
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.4.2), Python (versions before 1.6.1), C++ (versions before 1.12.7) and Node.js (versions before 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Auth...
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
5
CVSSv2
CVE-2021-23051
On BIG-IP versions 15.1.0.4 up to and including 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »