Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-38112 Argument Injection or Modification vulnerability in Amazon AWS Workspaces
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument.
network
amazon CWE-88
critical
9.3
2021-09-01 CVE-2021-30355 Improper Privilege Management vulnerability in Amazon Kindle Firmware
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
network
amazon CWE-269
critical
9.3
2021-09-01 CVE-2021-30354 Integer Overflow or Wraparound vulnerability in Amazon Kindle Firmware
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
network
amazon CWE-190
critical
9.3
2021-08-12 CVE-2020-36363 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
network
low complexity
amazon CWE-327
7.5
2021-07-24 CVE-2021-37436 Unspecified vulnerability in Amazon Echo DOT Firmware 20180427
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks.
local
amazon
1.9
2021-05-06 CVE-2021-31828 Server-Side Request Forgery (SSRF) vulnerability in Amazon Open Distro
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
network
low complexity
amazon CWE-918
5.5
2021-05-03 CVE-2021-32020 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amazon Freertos
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
network
low complexity
amazon CWE-119
7.5
2021-04-22 CVE-2021-31572 Integer Overflow or Wraparound vulnerability in Amazon Freertos
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.
network
low complexity
amazon CWE-190
7.5
2021-04-22 CVE-2021-31571 Integer Overflow or Wraparound vulnerability in Amazon Freertos
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.
network
low complexity
amazon CWE-190
7.5
2021-01-19 CVE-2020-28472 Unspecified vulnerability in Amazon products
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0.
network
low complexity
amazon
7.5