Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2019-3983
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary code and commands on the device due to insufficient UART protections.
Amazon Blink Xt2 Sync Module Firmware
9.8
CVSSv3
CVE-2019-3984
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
Amazon Blink Xt2 Sync Module Firmware
8.8
CVSSv3
CVE-2019-3987
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
Amazon Blink Xt2 Sync Module Firmware
9.8
CVSSv3
CVE-2019-3989
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
Amazon Blink Xt2 Sync Module Firmware
8.8
CVSSv3
CVE-2023-23612
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs whe...
Amazon Opensearch
8.8
CVSSv3
CVE-2019-3985
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
Amazon Blink Xt2 Sync Module Firmware
8.8
CVSSv3
CVE-2019-3988
Blink XT2 Sync Module firmware before 2.13.11 allows remote malicious users to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
Amazon Blink Xt2 Sync Module Firmware
8.8
CVSSv3
CVE-2023-36467
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 up to and including 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field whe...
Amazon Aws-dataall
4.3
CVSSv3
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Amazon Ec2
5.6
CVSSv3
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »