Filtered by vendor Amazon
Subscribe
Total
132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | |||||
| CVE-2019-7399 | 1 Amazon | 1 Fire Os | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. | |||||
| CVE-2019-3984 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | |||||
| CVE-2018-16522 | 1 Amazon | 1 Amazon Web Services Freertos | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt. | |||||
| CVE-2020-16843 | 1 Amazon | 1 Firecracker | 2020-08-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. | |||||
| CVE-2020-8911 | 1 Amazon | 1 Aws S3 Crypto Sdk | 2020-08-18 | 2.1 LOW | 5.6 MEDIUM |
| A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | |||||
| CVE-2020-8912 | 1 Amazon | 1 Aws S3 Crypto Sdk | 2020-08-17 | 2.1 LOW | 2.5 LOW |
| A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | |||||
| CVE-2019-14652 | 1 Amazon | 1 Aws Javascript S3 Explorer | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. | |||||
| CVE-2019-3985 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | |||||
| CVE-2019-3986 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | |||||
| CVE-2019-3987 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | |||||
| CVE-2019-3988 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | |||||
| CVE-2019-3989 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 9.3 HIGH | 9.8 CRITICAL |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | |||||
| CVE-2019-11554 | 1 Amazon | 1 Audible | 2019-12-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | |||||
| CVE-2019-18178 | 1 Amazon | 1 Freertos\+fat | 2019-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache(). | |||||
| CVE-2018-1169 | 1 Amazon | 1 Amazon Music | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521. | |||||
| CVE-2017-16867 | 1 Amazon | 2 Amazon Key, Amazon Key Firmware | 2019-10-03 | 3.3 LOW | 6.5 MEDIUM |
| Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. | |||||
| CVE-2018-16526 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket. | |||||
| CVE-2018-16525 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply. | |||||
| CVE-2017-9450 | 1 Amazon | 1 Amazon Web Services Cloudformation Bootstrap | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | |||||