Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2020-2091
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Jenkins Amazon Ec2
NA
CVE-2023-33248
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows malicious users to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these fr...
Amazon Alexa 8960323972
4.3
CVSSv2
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and previous versions allows malicious users to provision instances.
Jenkins Amazon Ec2
6.8
CVSSv2
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
6.4
CVSSv2
CVE-2020-28199
best it Amazon Pay Plugin prior to 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.
Bestit Amazon Pay
7.5
CVSSv2
CVE-2019-10777
In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within &qu...
Amazon Aws Lambda
5.8
CVSSv2
CVE-2012-5780
The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Amazon Merchant Sdk -
6.8
CVSSv2
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
4
CVSSv2
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Amazon Ec2
9.3
CVSSv2
CVE-2021-38112
In the Amazon AWS WorkSpaces client 3.0.10 up to and including 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
Amazon Aws Workspaces
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »