amazon

202 tracked vulnerabilities.

CVE-2021-40829 MEDIUM
AWS IoT Device SDK v2 Certificate Validation Flaw on macOS
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40828 MEDIUM
AWS IoT Device SDK v2 < 1.3.3/1.5.18/1.12.7/1.5.3 - Improper Certificate Validation on Windows
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-43997 HIGH
FreeRTOS 10.2.0-10.4.6 - Privilege Escalation
Nov 17, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-41150 HIGH
Tough < 0.12.0 - Path Traversal via Delegated Role Name Sanitization
Oct 19, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-41149 HIGH
Tough < 0.12.0 - Path Traversal and Arbitrary File Write via Target Name Sanitization Bypass
Oct 19, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-38112 HIGH
Amazon AWS WorkSpaces 3.0.10-3.1.8 - Remote Code Execution via Argument Injection in workspaces:// URI Handler
Sep 22, 2021
CVSS 8.8
EPSS 0.06
CVE-2021-30355 HIGH
Amazon Kindle <5.13.4 - Privilege Escalation
Sep 01, 2021
CVSS 8.6
EPSS 0.07
CVE-2021-30354 HIGH
Amazon Kindle <5.13.4 - Code Injection
Sep 01, 2021
CVSS 8.6
EPSS 0.07
CVE-2021-37436 MEDIUM
Amazon Echo Dot Firmware < 2021-07-02 - Unprotected User Data Exposure via Factory Reset Bypass
Jul 24, 2021
CVSS 4.2
EPSS 0.00
CVE-2021-31828 HIGH
Amazon Open Distro for Elasticsearch < 1.13.1.0 - Authenticated Server-Side Request Forgery via Alerting Plugin
May 06, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-32020 CRITICAL
Amazon FreeRTOS < 10.4.3 - Heap-Based Buffer Overflow
May 03, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-31572 CRITICAL
Amazon FreeRTOS < 10.4.3 - Integer Overflow in Stream Buffer
Apr 22, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-31571 CRITICAL
Amazon FreeRTOS < 10.4.3 - Integer Overflow in Queue Creation
Apr 22, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-36363 CRITICAL
Amazon CloudFront TLSv1.2_2019 - Use of Weak TLS Ciphers
Aug 12, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-28472 HIGH
@aws-sdk/shared-ini-file-loader <1.0.0-rc.9 - Prototype Pollution
Jan 19, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-8897 MEDIUM
AWS Encryption SDK <2.0.0 - Info Disclosure
Nov 16, 2020
CVSS 4.8
EPSS 0.00
CVE-2020-27174 HIGH
Amazon AWS Firecracker <0.21.3-0.22.1 - Memory Corruption
Oct 16, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-8912 LOW
AWS S3 Crypto SDK for GoLang < 2.0 - Use of a Broken or Risky Cryptographic Algorithm via In-Band Key Negotiation
Aug 11, 2020
CVSS 2.5
EPSS 0.00
CVE-2020-8911 MEDIUM
AWS S3 Crypto SDK for GoLang < 2.0 - Padding Oracle Attack via AES-CBC Without MAC
Aug 11, 2020
CVSS 5.6
EPSS 0.00
CVE-2020-16843 MEDIUM
Firecracker 0.20.x-0.20.1 and 0.21.x-0.21.2 - Denial of Service via Network Stack Freeze
Aug 04, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-15093 HIGH
tough < 0.7.1 - Cryptographic Signature Verification Bypass via Duplicate Signature
Jul 09, 2020
CVSS 8.6
EPSS 0.01
CVE-2019-14652 MEDIUM
Amazon AWS JavaScript S3 Explorer <2019-08-02 - XSS
Feb 13, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-10777 CRITICAL
aws-lambda < 1.0.5 - OS Command Injection via config.FunctionName
Jan 08, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-3984 CRITICAL
Blink XT2 Sync Module Firmware < 2.3.11 - Remote Code Execution via Update Script Retrieval
Dec 31, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-3989 CRITICAL
Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via Network Configuration Retrieval
Dec 11, 2019
CVSS 9.8
EPSS 0.04