Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-40828
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.3.3), Python (versions before 1.5.18), C++ (versions before 1.12.7) and Node.js (versions before 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Aut...
Amazon Amazon Web Services Aws-c-io
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
9.8
CVSSv3
CVE-2019-18960
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
Amazon Firecracker 0.18.0
Amazon Firecracker 0.19.0
7.5
CVSSv3
CVE-2022-35980
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access ...
Amazon Opensearch 2.0.0
Amazon Opensearch 2.1.0
9.8
CVSSv3
CVE-2017-17572
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
Amazon Clone Project Amazon Clone 1.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-6003
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ec-cube Amazon Pay 2.12
Ec-cube Amazon Pay 2.13
Ec-cube Amazon Pay
NA
CVE-2012-4248
The Amazon Kindle Touch prior to 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote malicious users to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.schedul...
Amazon Kindle Touch
Amazon Kindle Touch 5.1.0
4.8
CVSSv3
CVE-2023-0423
The WordPress Amazon S3 Plugin WordPress plugin prior to 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wordpress Amazon S3 Project Wordpress Amazon S3
8.8
CVSSv3
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
NA
CVE-2014-4598
Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the AID parameter.
Wp-tmkm-amazon Project Wp-tmkm-amazon
7.2
CVSSv3
CVE-2021-40831
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes...
Amazon Amazon Web Services Aws-c-io 0.10.7
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »