Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-40831 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. | 7.2 |
| 2021-11-17 | CVE-2021-43997 | Unspecified vulnerability in Amazon Freertos FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. | 7.8 |
| 2021-10-19 | CVE-2021-41150 | Path Traversal vulnerability in Amazon Tough Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. | 6.5 |
| 2021-10-19 | CVE-2021-41149 | Unspecified vulnerability in Amazon Tough Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. | 8.1 |
| 2021-09-22 | CVE-2021-38112 | Argument Injection or Modification vulnerability in Amazon AWS Workspaces In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. | 8.8 |
| 2021-09-01 | CVE-2021-30355 | Improper Privilege Management vulnerability in Amazon Kindle Firmware Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | 8.6 |
| 2021-09-01 | CVE-2021-30354 | Integer Overflow or Wraparound vulnerability in Amazon Kindle Firmware Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. | 8.6 |
| 2021-08-12 | CVE-2020-36363 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019 Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | 9.8 |
| 2021-07-24 | CVE-2021-37436 | Unspecified vulnerability in Amazon Echo DOT Firmware 20180427/20210702 Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. high complexity amazon | 4.2 |
| 2021-05-06 | CVE-2021-31828 | Server-Side Request Forgery (SSRF) vulnerability in Amazon Open Distro An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope. | 7.1 |