CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5935
https://notcve.org/view.php?id=CVE-2014-5935
The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Daily Free App @ Amazon 1.5.2 (también conocida como com.kattanweb.android.dfaa) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/721977 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3908
https://notcve.org/view.php?id=CVE-2014-3908
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Amazon.com Kindle anterior a 4.5.0 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://jvn.jp/en/jp/JVN17637243/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000102 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4598 – wp-tmkm-amazon < 1.5.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4598
Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter. Vulnerabilidad de XSS en wp-tmkm-amazon-search.php en el plugin wp-tmkm-amazon 1.5b y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro AID. • http://codevigilant.com/disclosure/wp-plugin-wp-tmkm-amazon-a3-cross-site-scripting-xss http://www.securityfocus.com/bid/68448 https://plugins.trac.wordpress.org/changeset/846043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0302
https://notcve.org/view.php?id=CVE-2013-0302
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK. Vulnerabilidad no especificada en ownCloud Server anterior a 4.0.12 permite a atacantes remotos obtener información sensible a través de vectores no especificados relacionados con 'inclusión del suite de pruebas Amazon SDK.' NOTA: debido a una falta de detalles, no está claro si el problema existente en el mismo ownCloud o en Amazon SDK. • http://owncloud.org/about/security/advisories/oC-SA-2013-005 •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1840 – Glance: Backend credentials leak in Glance v1 API
https://notcve.org/view.php?id=CVE-2013-1840
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a través de una solicitud de una imagen almacenada en caché. • http://osvdb.org/91304 http://rhn.redhat.com/errata/RHSA-2013-0707.html http://secunia.com/advisories/52565 http://www.openwall.com/lists/oss-security/2013/03/14/15 http://www.securityfocus.com/bid/58490 http://www.ubuntu.com/usn/USN-1764-1 https://bugs.launchpad.net/glance/+bug/1135541 https://exchange.xforce.ibmcloud.com/vulnerabilities/82878 https://review.openstack.org/#/c/24437 https://review.openstack.org/#/c/24438 https://review.openstack.org&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •