Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2021-41149
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, before 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When tar...
Amazon Tough
6.8
CVSSv2
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions before 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the respon...
Amazon Opensearch
NA
CVE-2023-23612
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs whe...
Amazon Opensearch
NA
CVE-2023-23933
OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical da...
Amazon Opensearch
9.3
CVSSv2
CVE-2017-17069
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows malicious users to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.
Amazon Audible
3.5
CVSSv2
CVE-2021-41150
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, before 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When t...
Amazon Tough
4.4
CVSSv2
CVE-2022-33915
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021...
Amazon Hotpatch
6.8
CVSSv2
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
6.8
CVSSv2
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
4
CVSSv2
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Amazon Ec2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »