Vulnerabilities > Amazon > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-50928 | Improper Access Control vulnerability in Amazon Awslabs Sandbox Accounts for Events "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. | 9.0 |
| 2022-12-27 | CVE-2022-4725 | Server-Side Request Forgery (SSRF) vulnerability in Amazon AWS Software Development KIT A vulnerability was found in AWS SDK 2.59.0. | 9.8 |
| 2022-02-24 | CVE-2022-25809 | Unspecified vulnerability in Amazon Echo DOT Firmware Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | 9.8 |
| 2021-09-22 | CVE-2021-38112 | Argument Injection or Modification vulnerability in Amazon AWS Workspaces In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. | 9.3 |
| 2021-09-01 | CVE-2021-30355 | Improper Privilege Management vulnerability in Amazon Kindle Firmware Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | 9.3 |
| 2021-09-01 | CVE-2021-30354 | Integer Overflow or Wraparound vulnerability in Amazon Kindle Firmware Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. | 9.3 |
| 2019-12-31 | CVE-2019-3984 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | 10.0 |
| 2019-12-11 | CVE-2019-3989 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | 9.3 |
| 2019-04-04 | CVE-2018-19981 | Cleartext Storage of Sensitive Information vulnerability in Amazon AWS Software Development KIT Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. | 9.0 |
| 2017-12-06 | CVE-2017-17069 | Untrusted Search Path vulnerability in Amazon Audible 2.34.0/2.44.1 ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | 9.3 |