Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-31828 Server-Side Request Forgery (SSRF) vulnerability in Amazon Open Distro
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
network
low complexity
amazon CWE-918
5.5
2021-05-03 CVE-2021-32020 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Amazon Freertos
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
network
low complexity
amazon CWE-119
7.5
2021-04-22 CVE-2021-31572 Integer Overflow OR Wraparound vulnerability in Amazon Freertos
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.
network
low complexity
amazon CWE-190
7.5
2021-04-22 CVE-2021-31571 Integer Overflow OR Wraparound vulnerability in Amazon Freertos
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.
network
low complexity
amazon CWE-190
7.5
2021-01-19 CVE-2020-28472 Unspecified vulnerability in Amazon products
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0.
network
low complexity
amazon
7.5
2020-11-16 CVE-2020-8897 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Amazon AWS Encryption SDK
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0.
network
low complexity
amazon CWE-327
5.5
2020-10-16 CVE-2020-27174 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Amazon Firecracker
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input.
network
low complexity
amazon CWE-119
5.0
2020-08-11 CVE-2020-8912 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2.
local
low complexity
amazon CWE-327
2.1
2020-08-11 CVE-2020-8911 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2.
local
low complexity
amazon CWE-327
2.1
2020-08-04 CVE-2020-16843 Unspecified vulnerability in Amazon Firecracker 0.20.0/0.21.0/0.21.1
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic.
network
amazon
4.3