Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-45807 | Improper Preservation of Permissions vulnerability in Amazon Opensearch OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. | 5.4 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-06-28 | CVE-2023-36467 | Code Injection vulnerability in Amazon Aws-Dataall AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. | 8.8 |
| 2023-06-23 | CVE-2023-35165 | Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. | 8.8 |
| 2023-05-24 | CVE-2023-33248 | Unspecified vulnerability in Amazon Alexa 8960323972 Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). low complexity amazon | 7.6 |
| 2023-05-08 | CVE-2023-31141 | Incorrect Authorization vulnerability in Amazon Opensearch Security OpenSearch is open-source software suite for search, analytics, and observability applications. | 5.9 |
| 2023-05-03 | CVE-2023-1384 | Cross-site Scripting vulnerability in Amazon Fire OS The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | 6.1 |
| 2023-05-03 | CVE-2023-1385 | Use of Insufficiently Random Values vulnerability in Amazon Fire OS Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. | 8.8 |
| 2023-05-03 | CVE-2023-1383 | Unspecified vulnerability in Amazon Fire OS An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. low complexity amazon | 4.3 |
| 2023-04-19 | CVE-2023-30610 | Information Exposure Through Log Files vulnerability in Amazon Aws-Sigv4 aws-sigv4 is a rust library for low level request signing in the aws cloud platform. | 5.5 |