Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-45807
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perf...
Amazon Opensearch
4.3
CVSSv3
CVE-2022-41917
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries ...
Amazon Opensearch
6.3
CVSSv3
CVE-2022-41918
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices tha...
Amazon Opensearch
9.8
CVSSv3
CVE-2021-31571
The kernel in Amazon Web Services FreeRTOS prior to 10.4.3 has an integer overflow in queue.c for queue creation.
Amazon Freertos
9.8
CVSSv3
CVE-2021-31572
The kernel in Amazon Web Services FreeRTOS prior to 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.
Amazon Freertos
6.8
CVSSv3
CVE-2022-23511
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window ope...
Amazon Cloudwatch Agent
9.1
CVSSv3
CVE-2019-9483
Amazon Ring Doorbell prior to 3.4.7 mishandles encryption, which allows malicious users to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.
Amazon Ring Video Doorbell Firmware
9.8
CVSSv3
CVE-2019-3989
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
Amazon Blink Xt2 Sync Module Firmware
7.5
CVSSv3
CVE-2020-27174
In Amazon AWS Firecracker prior to 0.21.3, and 0.22.x prior to 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than ...
Amazon Firecracker
8.8
CVSSv3
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions before 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the respon...
Amazon Opensearch
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »