Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-8897 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Amazon AWS Encryption SDK
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0.
network
low complexity
amazon CWE-327
5.5
2020-10-16 CVE-2020-27174 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Amazon Firecracker
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input.
network
low complexity
amazon CWE-119
5.0
2020-08-11 CVE-2020-8912 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2.
local
low complexity
amazon CWE-327
2.1
2020-08-11 CVE-2020-8911 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2.
local
low complexity
amazon CWE-327
2.1
2020-08-04 CVE-2020-16843 Unspecified vulnerability in Amazon Firecracker 0.20.0/0.21.0/0.21.1
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic.
network
amazon
4.3
2020-07-09 CVE-2020-15093 Improper Verification of Cryptographic Signature vulnerability in Amazon Tough
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures.
network
low complexity
amazon CWE-347
5.0
2020-02-13 CVE-2019-14652 Cross-Site Scripting vulnerability in Amazon AWS Javascript S3 Explorer 1.0.0
explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances.
network
amazon CWE-79
4.3
2020-01-08 CVE-2019-10777 OS Command Injection vulnerability in Amazon Aws-Lambda
In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization.
network
low complexity
amazon CWE-78
7.5
2019-12-31 CVE-2019-3984 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
network
low complexity
amazon CWE-78
critical
10.0
2019-12-11 CVE-2019-3989 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
network
amazon CWE-78
critical
9.3