Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
4.2
CVSSv3
CVE-2021-37436
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about ...
Amazon Echo Dot Firmware
7.8
CVSSv3
CVE-2017-17069
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows malicious users to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.
Amazon Audible
7.5
CVSSv3
CVE-2020-27174
In Amazon AWS Firecracker prior to 0.21.3, and 0.22.x prior to 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than ...
Amazon Firecracker
8.8
CVSSv3
CVE-2023-23612
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs whe...
Amazon Opensearch
6.5
CVSSv3
CVE-2023-23613
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rel...
Amazon Opensearch
8.1
CVSSv3
CVE-2021-41149
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, before 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When tar...
Amazon Tough
9.1
CVSSv3
CVE-2019-9483
Amazon Ring Doorbell prior to 3.4.7 mishandles encryption, which allows malicious users to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.
Amazon Ring Video Doorbell Firmware
8.6
CVSSv3
CVE-2021-30354
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
Amazon Kindle Firmware
8.8
CVSSv3
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions before 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the respon...
Amazon Opensearch
8.8
CVSSv3
CVE-2019-3985
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
Amazon Blink Xt2 Sync Module Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »