Vulnerabilities > Amazon > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-31572 | Integer Overflow or Wraparound vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | 7.5 |
| 2021-04-22 | CVE-2021-31571 | Integer Overflow or Wraparound vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. | 7.5 |
| 2021-01-19 | CVE-2020-28472 | Unspecified vulnerability in Amazon products This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. | 7.5 |
| 2020-01-08 | CVE-2019-10777 | OS Command Injection vulnerability in Amazon Aws-Lambda In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. | 7.5 |
| 2019-12-11 | CVE-2019-3988 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3987 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3986 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3985 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | 8.3 |
| 2019-12-11 | CVE-2019-3983 | Use of Hard-coded Credentials vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | 7.2 |
| 2019-12-11 | CVE-2019-18960 | Classic Buffer Overflow vulnerability in Amazon Firecracker 0.18.0/0.19.0 Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. | 7.5 |