Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-9864
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.
Amazon Affiliate Store Project Amazon Affiliate Store 2.1.6
10
CVSSv2
CVE-2012-4249
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch prior to 5.1.2 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different...
Amazon Kindle Touch 5.1.0
Amazon Kindle Touch 5.1.1
NA
CVE-2022-41828
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) prior to 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Amazon Amazon Web Services Redshift Java Database Connectivity Driver
1 Github repository
5.4
CVSSv2
CVE-2014-5935
The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Daily Free App \\@ Amazon Project Daily Free App \\@ Amazon 1.5.2
NA
CVE-2022-46174
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to r...
Amazon Efs-utils
Amazon Elastic File System Container Storage Interface Driver
7.5
CVSSv2
CVE-2020-28472
This affects the package @aws-sdk/shared-ini-file-loader prior to 1.0.0-rc.9; the package aws-sdk prior to 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This c...
Amazon Aws Sdk For Javascipt
Amazon Aws Shared Configuration File Loader 1.0.0
NA
CVE-2023-1383
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an malicious user to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions before 6.2.9.5. ...
Amazon Fire Os
NA
CVE-2023-1384
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions before 6.2.9.5. Insignia TV with FireOS versions before 7.6.3.3.
Amazon Fire Os
NA
CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions before 6.2.9.5. Insignia TV...
Amazon Fire Os
NA
CVE-2023-33777
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows malicious users to execute a directory traversal attack.
Prestashop Amazon
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »