Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-3989 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | 9.3 |
| 2019-12-11 | CVE-2019-3988 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3987 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3986 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3985 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3983 | Use of Hard-coded Credentials vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | 7.2 |
| 2019-12-11 | CVE-2019-18960 | Classic Buffer Overflow vulnerability in Amazon Firecracker 0.18.0/0.19.0 Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. | 7.5 |
| 2019-12-06 | CVE-2019-11554 | Improper Certificate Validation vulnerability in Amazon Audible 2.34.0 The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | 4.3 |
| 2019-11-04 | CVE-2019-18178 | Use After Free vulnerability in Amazon Freertos+Fat 160919A Real Time Engineers FreeRTOS+FAT 160919a has a use after free. | 5.0 |
| 2019-10-07 | CVE-2019-13120 | Out-of-bounds Read vulnerability in Amazon web Services Freertos Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. | 7.5 |