Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

amazon aws project amazon aws vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
7.5
CVSSv2
CVE-2021-38384
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greate...
Serverless Offline Project Serverless Offline 8.0.0
7.5
CVSSv2
CVE-2022-24840
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions before 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location onl...
Django-s3file Project Django-s3file
4.4
CVSSv2
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
Polkit Project Polkit 0.115Debian Debian Linux 8.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server Aus 6.6Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 6.0Canonical Ubuntu Linux 18.10Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04
NA
CVE-2024-28056
Amazon AWS Amplify CLI prior to 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remai...
NA
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd OpensshPutty PuttyFilezilla-project Filezilla ClientMicrosoft PowershellPanic Transmit 5Panic NovaRoumenpetrov PkixsshWinscp WinscpBitvise Ssh ClientBitvise Ssh ServerLancom-systems LcosLancom-systems Lcos Fx -Lancom-systems Lcos Lx -Lancom-systems Lcos Sx 5.20Lancom-systems Lcos Sx 4.20Lancom-systems Lanconfig -Vandyke SecurecrtLibssh LibsshNet-ssh Net-ssh 7.2.0Ssh2 Project Ssh2Proftpd ProftpdFreebsd Freebsd
5.1
CVSSv2
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with...
Apache Log4j 2.0Apache Log4jIntel Oneapi -Intel Audio Development Kit -Intel Datacenter Manager -Intel System Debugger -Intel Secure Device Onboard -Intel Sensor Solution Firmware Development Kit -Intel Computer Vision Annotation Tool -Intel Genomics Kernel Library -Intel System Studio -Siemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0Apache Log4jSiemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85Siemens Sipass Integrated 2.80Siemens Head-end System Universal Device Integration SystemSiemens Gma-managerSiemens Energyip 8.5Siemens Energyip 8.6Siemens Energyip 8.7Siemens Energyip 9.0Siemens Energy Engage 3.1Siemens E-car Operation Center
4.7
CVSSv2
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Intel Pentium N N3700Intel Pentium N N3710Intel Celeron N N3000Intel Celeron N N3010Intel Celeron N N3050Intel Celeron N N2930Intel Celeron N N2920Intel Celeron N N2808Intel Celeron N N2807Intel Celeron J J3060Intel Celeron J J1900Intel Atom X3 C3295rkIntel Atom X3 C3235rkIntel Atom Z Z3775dIntel Atom Z Z3775Intel Atom Z Z3736fIntel Atom Z Z3735gIntel Atom Z Z3560Intel Atom Z Z3530Intel Atom Z Z2480Intel Atom Z Z2460Intel Atom C C3308
1.9
CVSSv2
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Atom C C2308Intel Atom C C2316Intel Atom C C2338Intel Atom C C2350Intel Atom C C2358Intel Atom C C2508Intel Atom C C2516Intel Atom C C2518Intel Atom C C2530Intel Atom C C2538Intel Atom C C2550Intel Atom C C2558Intel Atom C C2718Intel Atom C C2730Intel Atom C C2738Intel Atom C C2750Intel Atom C C2758Intel Atom C C3308Intel Atom C C3338Intel Atom C C3508Intel Atom C C3538Intel Atom C C3558
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook