Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-25806
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls ...
Amazon Opensearch
Amazon Opensearch Security
NA
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
NA
CVE-2014-3908
The Amazon.com Kindle application prior to 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Amazon Kindle
Amazon Kindle 4.4.0
8.1
CVSSv3
CVE-2018-16522
Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
Amazon Amazon Web Services Freertos
8.1
CVSSv3
CVE-2018-16528
Amazon Web Services (AWS) FreeRTOS up to and including 1.3.1 allows remote malicious users to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.
Amazon Amazon Web Services Freertos
7.5
CVSSv3
CVE-2019-13120
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT ...
Amazon Amazon Web Services Freertos
4.8
CVSSv3
CVE-2022-1645
The Amazon Link WordPress plugin up to and including 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Amazon Link Project Amazon Link
6.5
CVSSv3
CVE-2022-1830
The Amazon Einzeltitellinks WordPress plugin up to and including 1.3.3 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack o...
Amazon Einzeltitellinks Project Amazon Einzeltitellinks
7.8
CVSSv3
CVE-2021-43997
FreeRTOS versions 10.2.0 up to and including 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions up to and including 10.4.6 do not prevent a third party that has already independently gained the abilit...
Amazon Freertos 10.4.3
Amazon Freertos
1 Github repository
9.8
CVSSv3
CVE-2019-18960
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
Amazon Firecracker 0.18.0
Amazon Firecracker 0.19.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »