Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-8911 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. | 2.1 |
| 2020-08-04 | CVE-2020-16843 | Unspecified vulnerability in Amazon Firecracker 0.20.0/0.21.0/0.21.1 In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. network amazon | 4.3 |
| 2020-07-09 | CVE-2020-15093 | Improper Verification of Cryptographic Signature vulnerability in Amazon Tough The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. | 5.0 |
| 2020-02-13 | CVE-2019-14652 | Cross-site Scripting vulnerability in Amazon AWS Javascript S3 Explorer 1.0.0 explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. | 4.3 |
| 2020-01-08 | CVE-2019-10777 | OS Command Injection vulnerability in Amazon Aws-Lambda In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. | 7.5 |
| 2019-12-31 | CVE-2019-3984 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | 10.0 |
| 2019-12-11 | CVE-2019-3989 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | 9.3 |
| 2019-12-11 | CVE-2019-3988 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3987 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3986 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | 8.3 |