Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-16599
An issue exists in Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for inform...
Amazon Freertos
Amazon Amazon Web Services Freertos
5.9
CVSSv3
CVE-2018-16600
An issue exists in Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for in...
Amazon Amazon Web Services Freertos
Amazon Freertos
8.1
CVSSv3
CVE-2018-16601
An issue exists in Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of...
Amazon Amazon Web Services Freertos
Amazon Freertos
NA
CVE-2012-5781
Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary val...
Amazon Elastic Load Balancing 1.0.12.0
Amazon Elastic Load Balancing 1.0.10.0
Amazon Elastic Load Balancing 1.0.3.4
Amazon Elastic Load Balancing 1.0
Amazon Elastic Load Balancing -
Amazon Elastic Load Balancing 1.0.17.0
Amazon Elastic Load Balancing 1.0.15.1
Amazon Elastic Load Balancing 1.0.14.3
Amazon Elastic Load Balancing 1.0.11.1
Amazon Elastic Load Balancing 1.0.9.3
5.9
CVSSv3
CVE-2020-16843
In Firecracker 0.20.x prior to 0.20.1 and 0.21.x prior to 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM net...
Amazon Firecracker 0.20.0
Amazon Firecracker 0.21.0
Amazon Firecracker 0.21.1
9.8
CVSSv3
CVE-2020-36363
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
Amazon Amazon Cloudfront 1.2 2019
7
CVSSv3
CVE-2022-29527
Amazon AWS amazon-ssm-agent prior to 3.1.1208.0 creates a world-writable sudoers file, which allows local malicious users to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
Amazon Amazon Ssm Agent
8.8
CVSSv3
CVE-2018-1169
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...
Amazon Amazon Music 6.1.5.1213
NA
CVE-2005-3908
Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions prior to 5.0.2, allows remote malicious users to inject web script or HTML via the query parameter.
Amazon Shop Amazon Shop
1 EDB exploit
NA
CVE-2014-3908
The Amazon.com Kindle application prior to 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Amazon Kindle
Amazon Kindle 4.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »