Vulnerabilities > Amazon
|2023-06-28||CVE-2023-36467|| Code Injection vulnerability in Amazon Aws-Dataall |
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services.
| 8.8 |
|2023-06-23||CVE-2023-35165|| Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT |
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
| 8.8 |
|2023-05-24||CVE-2023-33248|| Unspecified vulnerability in Amazon Alexa 8960323972 |
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing).
| 7.6 |
|2023-05-08||CVE-2023-31141|| Incorrect Authorization vulnerability in Amazon Opensearch Security |
OpenSearch is open-source software suite for search, analytics, and observability applications.
| 5.9 |
|2023-05-03||CVE-2023-1384|| Cross-site Scripting vulnerability in Amazon Fire OS |
| 6.1 |
|2023-05-03||CVE-2023-1385|| Use of Insufficiently Random Values vulnerability in Amazon Fire OS |
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 22.214.171.124. Insignia TV with FireOS 126.96.36.199.
| 8.8 |
|2023-05-03||CVE-2023-1383|| Unspecified vulnerability in Amazon Fire OS |
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 188.8.131.52.
| 4.3 |
|2023-04-19||CVE-2023-30610|| Information Exposure Through Log Files vulnerability in Amazon Aws-Sigv4 |
aws-sigv4 is a rust library for low level request signing in the aws cloud platform.
| 5.5 |
|2023-03-02||CVE-2023-25806|| Information Exposure Through Discrepancy vulnerability in Amazon Opensearch and Opensearch Security |
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization.
| 5.3 |
|2023-02-03||CVE-2023-23933|| Out-of-bounds Read vulnerability in Amazon Opensearch |
OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications.
| 4.3 |