Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2012-4249
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch prior to 5.1.2 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different...
Amazon Kindle Touch 5.1.0
Amazon Kindle Touch 5.1.1
356
VMScore
CVE-2019-9864
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.
Amazon Affiliate Store Project Amazon Affiliate Store 2.1.6
NA
CVE-2022-41828
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) prior to 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Amazon Amazon Web Services Redshift Java Database Connectivity Driver
1 Github repository
481
VMScore
CVE-2014-5935
The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Daily Free App \\@ Amazon Project Daily Free App \\@ Amazon 1.5.2
NA
CVE-2022-46174
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to r...
Amazon Efs-utils
Amazon Elastic File System Container Storage Interface Driver
668
VMScore
CVE-2020-28472
This affects the package @aws-sdk/shared-ini-file-loader prior to 1.0.0-rc.9; the package aws-sdk prior to 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This c...
Amazon Aws Sdk For Javascipt
Amazon Aws Shared Configuration File Loader 1.0.0
NA
CVE-2024-21634
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonV...
Amazon Ion
668
VMScore
CVE-2021-31571
The kernel in Amazon Web Services FreeRTOS prior to 10.4.3 has an integer overflow in queue.c for queue creation.
Amazon Freertos
NA
CVE-2023-1383
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an malicious user to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions before 6.2.9.5. ...
Amazon Fire Os
NA
CVE-2023-1384
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions before 6.2.9.5. Insignia TV with FireOS versions before 7.6.3.3.
Amazon Fire Os
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »