Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-9864
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.
Amazon Affiliate Store Project Amazon Affiliate Store 2.1.6
10
CVSSv2
CVE-2012-4249
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch prior to 5.1.2 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different...
Amazon Kindle Touch 5.1.0
Amazon Kindle Touch 5.1.1
NA
CVE-2022-41828
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) prior to 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Amazon Amazon Web Services Redshift Java Database Connectivity Driver
1 Github repository
5.4
CVSSv2
CVE-2014-5935
The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Daily Free App \\@ Amazon Project Daily Free App \\@ Amazon 1.5.2
NA
CVE-2022-46174
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to r...
Amazon Efs-utils
Amazon Elastic File System Container Storage Interface Driver
7.5
CVSSv2
CVE-2020-28472
This affects the package @aws-sdk/shared-ini-file-loader prior to 1.0.0-rc.9; the package aws-sdk prior to 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This c...
Amazon Aws Sdk For Javascipt
Amazon Aws Shared Configuration File Loader 1.0.0
7.2
CVSSv2
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.
Amazon Log4jhotpatch
1 Article
NA
CVE-2023-23933
OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical da...
Amazon Opensearch
NA
CVE-2023-33777
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows malicious users to execute a directory traversal attack.
Prestashop Amazon
5
CVSSv2
CVE-2020-15093
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an malicious user to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metada...
Amazon Tough
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »