Vulnerabilities > Amazon > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-31 | CVE-2019-3984 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | 9.8 |
| 2019-12-11 | CVE-2019-3989 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | 9.8 |
| 2019-12-11 | CVE-2019-18960 | Classic Buffer Overflow vulnerability in Amazon Firecracker 0.18.0/0.19.0 Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. | 9.8 |
| 2019-03-01 | CVE-2019-9483 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Ring Video Doorbell Firmware Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | 9.1 |
| 2017-04-10 | CVE-2015-7292 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amazon Fire OS Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv. | 9.8 |