Vulnerabilities > Amazon > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-30355 Improper Privilege Management vulnerability in Amazon Kindle Firmware
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
local
low complexity
amazon CWE-269
8.6
2021-09-01 CVE-2021-30354 Integer Overflow or Wraparound vulnerability in Amazon Kindle Firmware
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
local
low complexity
amazon CWE-190
8.6
2021-05-06 CVE-2021-31828 Server-Side Request Forgery (SSRF) vulnerability in Amazon Open Distro
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
network
low complexity
amazon CWE-918
7.1
2020-11-16 CVE-2020-8897 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS Encryption SDK
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0.
network
low complexity
amazon CWE-327
8.1
2020-10-16 CVE-2020-27174 Memory Leak vulnerability in Amazon Firecracker
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input.
network
low complexity
amazon CWE-401
7.5
2020-07-09 CVE-2020-15093 Improper Verification of Cryptographic Signature vulnerability in Amazon Tough
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures.
network
low complexity
amazon CWE-347
8.6
2019-12-11 CVE-2019-3988 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
low complexity
amazon CWE-78
8.8
2019-12-11 CVE-2019-3987 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
low complexity
amazon CWE-78
8.8
2019-12-11 CVE-2019-3986 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
low complexity
amazon CWE-78
8.8
2019-12-11 CVE-2019-3985 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
low complexity
amazon CWE-78
8.8