Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-45807 Unspecified vulnerability in Amazon Opensearch
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021.
network
low complexity
amazon
5.4
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-06-28 CVE-2023-36467 Unspecified vulnerability in Amazon Aws-Dataall
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services.
network
low complexity
amazon
8.8
2023-06-23 CVE-2023-35165 Unspecified vulnerability in Amazon AWS Cloud Development KIT
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
network
low complexity
amazon
8.8
2023-05-24 CVE-2023-33248 Unspecified vulnerability in Amazon Alexa 8960323972
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing).
low complexity
amazon
7.6
2023-05-08 CVE-2023-31141 Unspecified vulnerability in Amazon Opensearch Security
OpenSearch is open-source software suite for search, analytics, and observability applications.
network
high complexity
amazon
5.9
2023-05-03 CVE-2023-1384 Cross-site Scripting vulnerability in Amazon Fire OS
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
network
low complexity
amazon CWE-79
6.1
2023-05-03 CVE-2023-1385 Unspecified vulnerability in Amazon Fire OS
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
low complexity
amazon
8.8
2023-05-03 CVE-2023-1383 Unspecified vulnerability in Amazon Fire OS
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
low complexity
amazon
4.3
2023-04-19 CVE-2023-30610 Unspecified vulnerability in Amazon Aws-Sigv4
aws-sigv4 is a rust library for low level request signing in the aws cloud platform.
local
low complexity
amazon
5.5