CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11554
https://notcve.org/view.php?id=CVE-2019-11554
The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. La aplicación Audible versiones hasta 2.34.0 para Android presenta una Falta de Comprobación del Certificado SSL, permitiendo a atacantes de tipo MITM causar una denegación de servicio. • https://pankajupadhyay.in/2019/12/06/audible-and-a-curious-case-of-insecure-by-default-in-adobe-sdks • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17069 – Amazon Audible DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-17069
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. ActiveSetupN.exe en Amazon Audible para Windows en versiones anteriores a noviembre de 2017 permite que atacantes ejecuten código DLL arbitrario si ActiveSetupN.exe se ejecuta desde un directorio en el que un atacante ya haya creado un archivo troyano dwmapi.dll. Amazon Audible suffers from a dll hijacking vulnerability. • http://www.securityfocus.com/bid/102044 https://packetstormsecurity.com/files/145202/Amazon-Audible-DLL-Hijacking.html https://twitter.com/LionHeartRoxx/status/936338288314540032 • CWE-426: Untrusted Search Path •