Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-16527
Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
Amazon Freertos
Amazon Amazon Web Services Freertos
5.8
CVSSv2
CVE-2018-16523
Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
Amazon Amazon Web Services Freertos
Amazon Freertos
4.3
CVSSv2
CVE-2018-16524
Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.
Amazon Amazon Web Services Freertos
Amazon Freertos
5.8
CVSSv2
CVE-2012-5781
Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary val...
Amazon Elastic Load Balancing 1.0.12.0
Amazon Elastic Load Balancing 1.0.10.0
Amazon Elastic Load Balancing 1.0.3.4
Amazon Elastic Load Balancing 1.0
Amazon Elastic Load Balancing -
Amazon Elastic Load Balancing 1.0.17.0
Amazon Elastic Load Balancing 1.0.15.1
Amazon Elastic Load Balancing 1.0.14.3
Amazon Elastic Load Balancing 1.0.11.1
Amazon Elastic Load Balancing 1.0.9.3
4.3
CVSSv2
CVE-2020-16843
In Firecracker 0.20.x prior to 0.20.1 and 0.21.x prior to 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM net...
Amazon Firecracker 0.20.0
Amazon Firecracker 0.21.0
Amazon Firecracker 0.21.1
4.3
CVSSv2
CVE-2005-3908
Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions prior to 5.0.2, allows remote malicious users to inject web script or HTML via the query parameter.
Amazon Shop Amazon Shop
1 EDB exploit
7.5
CVSSv2
CVE-2020-36363
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
Amazon Amazon Cloudfront 1.2 2019
6.8
CVSSv2
CVE-2018-1169
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...
Amazon Amazon Music 6.1.5.1213
6.9
CVSSv2
CVE-2022-29527
Amazon AWS amazon-ssm-agent prior to 3.1.1208.0 creates a world-writable sudoers file, which allows local malicious users to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
Amazon Amazon Ssm Agent
NA
CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) whe...
Amazon Opensearch Security
Amazon Opensearch
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »