Vulnerabilities > Amazon > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-51386 | Improper Privilege Management vulnerability in Amazon Awslabs Sandbox Accounts for Events Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. | 3.3 |
| 2023-12-22 | CVE-2023-51651 | Path Traversal vulnerability in Amazon AWS Software Development KIT AWS SDK for PHP is the Amazon Web Services software development kit for PHP. | 3.3 |
| 2021-10-19 | CVE-2021-41150 | Path Traversal vulnerability in Amazon Tough Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. | 3.5 |
| 2021-07-24 | CVE-2021-37436 | Unspecified vulnerability in Amazon Echo DOT Firmware 20180427 Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. local amazon | 1.9 |
| 2020-08-11 | CVE-2020-8911 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. | 2.1 |
| 2020-08-11 | CVE-2020-8912 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS S3 Crypto SDK A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. | 2.1 |
| 2018-05-30 | CVE-2018-11567 | Session Fixation vulnerability in Amazon products Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. | 3.3 |
| 2017-11-16 | CVE-2017-16867 | Unspecified vulnerability in Amazon KEY Firmware Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. low complexity amazon | 3.3 |
| 2013-03-22 | CVE-2013-1840 | Information Exposure vulnerability in Openstack Glance V1 The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | 3.5 |