Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2021-40828
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.3.3), Python (versions before 1.5.18), C++ (versions before 1.12.7) and Node.js (versions before 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Aut...
Amazon Amazon Web Services Aws-c-io
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
NA
CVE-2022-35980
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access ...
Amazon Opensearch 2.0.0
Amazon Opensearch 2.1.0
755
VMScore
CVE-2017-17572
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
Amazon Clone Project Amazon Clone 1.0
1 EDB exploit
641
VMScore
CVE-2017-9450
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) prior to 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
Amazon Amazon Web Services Cloudformation Bootstrap
383
VMScore
CVE-2019-6003
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ec-cube Amazon Pay 2.12
Ec-cube Amazon Pay 2.13
Ec-cube Amazon Pay
828
VMScore
CVE-2012-4248
The Amazon Kindle Touch prior to 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote malicious users to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.schedul...
Amazon Kindle Touch
Amazon Kindle Touch 5.1.0
516
VMScore
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
534
VMScore
CVE-2021-40831
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes...
Amazon Amazon Web Services Aws-c-io 0.10.7
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
NA
CVE-2023-0423
The WordPress Amazon S3 Plugin WordPress plugin prior to 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Wordpress Amazon S3 Project Wordpress Amazon S3
383
VMScore
CVE-2014-4598
Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the AID parameter.
Wp-tmkm-amazon Project Wp-tmkm-amazon
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »