Vulnerabilities > Amazon
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-12 | CVE-2020-36363 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019 Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | 7.5 |
2021-07-24 | CVE-2021-37436 | Unspecified vulnerability in Amazon Echo DOT Firmware 20180427 Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. local amazon | 1.9 |
2021-05-06 | CVE-2021-31828 | Server-Side Request Forgery (SSRF) vulnerability in Amazon Open Distro An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope. | 5.5 |
2021-05-03 | CVE-2021-32020 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. | 7.5 |
2021-04-22 | CVE-2021-31572 | Integer Overflow or Wraparound vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | 7.5 |
2021-04-22 | CVE-2021-31571 | Integer Overflow or Wraparound vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. | 7.5 |
2021-01-19 | CVE-2020-28472 | Unspecified vulnerability in Amazon products This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. | 7.5 |
2020-11-16 | CVE-2020-8897 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS Encryption SDK A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. | 5.5 |
2020-10-16 | CVE-2020-27174 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amazon Firecracker In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. | 5.0 |
2020-08-11 | CVE-2020-8912 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. | 2.1 |