Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-11022
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows malicious users to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.
Amazon Fire Os 4.5.5.3
7.5
CVSSv3
CVE-2018-11023
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows malicious users to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash.
Amazon Fire Os 4.5.5.3
8.7
CVSSv3
CVE-2022-41906
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and before 2.2.1 could allo...
Amazon Opensearch Notifications
9.1
CVSSv3
CVE-2020-28199
best it Amazon Pay Plugin prior to 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.
Bestit Amazon Pay
8.8
CVSSv3
CVE-2023-36467
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 up to and including 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field whe...
Amazon Aws-dataall
8.8
CVSSv3
CVE-2021-38112
In the Amazon AWS WorkSpaces client 3.0.10 up to and including 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
Amazon Aws Workspaces
3 Github repositories
8.8
CVSSv3
CVE-2020-2090
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and previous versions allows malicious users to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Jenkins Amazon Ec2
8.1
CVSSv3
CVE-2020-2091
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Jenkins Amazon Ec2
7.6
CVSSv3
CVE-2023-33248
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows malicious users to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these fr...
Amazon Alexa 8960323972
9.8
CVSSv3
CVE-2015-7292
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS prior to 2016-01-15 allows malicious users to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.
Amazon Fire Os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »