Skip to main content

Amazon Web Services Internet Of Things Device Software Development Kit V2

4 CVEs product

Monthly

CVE-2021-40831 LIB HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Authentication Bypass Apple Node.js Java +2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-40830 LIB HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Node.js Java Amazon Web Services Aws C Io +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40829 LIB HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Apple Information Disclosure Node.js Java +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40828 LIB HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Microsoft Information Disclosure Node.js Java +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Authentication Bypass Apple +4
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Node.js +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Apple Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Microsoft Information Disclosure +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy