Filtered by vendor Amazon
Subscribe
Search
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21634 | 1 Amazon | 1 Ion | 2024-01-10 | N/A | 7.5 HIGH |
| Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with. | |||||
| CVE-2023-50928 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-01-08 | N/A | 9.0 CRITICAL |
| "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | |||||
| CVE-2023-51386 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-01-04 | N/A | 3.3 LOW |
| Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. | |||||
| CVE-2023-51651 | 1 Amazon | 1 Aws Software Development Kit | 2024-01-03 | N/A | 3.3 LOW |
| AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1. | |||||
| CVE-2023-44487 | 31 Akka, Amazon, Apache and 28 more | 127 Http Server, Opensearch Data Prepper, Apisix and 124 more | 2023-12-20 | N/A | 7.5 HIGH |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
| CVE-2021-27504 | 2 Amazon, Ti | 6 Freertos, Simplelink Cc13xx Software Development Kit, Simplelink Cc26xx Software Development Kit and 3 more | 2023-12-01 | N/A | 7.8 HIGH |
| Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution. | |||||
| CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | |||||
| CVE-2022-25809 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2023-08-08 | 9.0 HIGH | 9.8 CRITICAL |
| Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | |||||
| CVE-2022-34266 | 2 Amazon, Libtiff | 2 Linux 2, Libtiff | 2022-07-28 | N/A | 5.5 MEDIUM |
| The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. | |||||
| CVE-2022-31115 | 1 Amazon | 1 Opensearch | 2022-07-25 | 6.8 MEDIUM | 8.8 HIGH |
| opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31159 | 1 Amazon | 1 Aws-sdk-java | 2022-07-22 | N/A | 6.5 MEDIUM |
| The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the `destinationDirectory` argument, but S3 object keys are determined by the application that uploaded the objects. The `downloadDirectory` method allows the caller to pass a filesystem object in the object key but contained an issue in the validation logic for the key name. A knowledgeable actor could bypass the validation logic by including a UNIX double-dot in the bucket key. Under certain conditions, this could permit them to retrieve a directory from their S3 bucket that is one level up in the filesystem from their working directory. This issue’s scope is limited to directories whose name prefix matches the destinationDirectory. E.g. for destination directory`/tmp/foo`, the actor can cause a download to `/tmp/foo-bar`, but not `/tmp/bar`. If `com.amazonaws.services.s3.transfer.TransferManager::downloadDirectory` is used to download an untrusted buckets contents, the contents of that bucket can be written outside of the intended destination directory. Version 1.12.261 contains a patch for this issue. As a workaround, when calling `com.amazonaws.services.s3.transfer.TransferManager::downloadDirectory`, pass a `KeyFilter` that forbids `S3ObjectSummary` objects that `getKey` method return a string containing the substring `..` . | |||||
| CVE-2022-33915 | 1 Amazon | 1 Hotpatch | 2022-07-05 | 4.4 MEDIUM | 7.0 HIGH |
| Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | |||||
| CVE-2022-25165 | 1 Amazon | 1 Aws Client Vpn | 2022-05-13 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service. | |||||
| CVE-2021-3100 | 2 Amazon, Linux | 2 Log4jhotpatch, Linux Kernel | 2022-05-11 | 7.2 HIGH | 8.8 HIGH |
| The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | |||||
| CVE-2022-0070 | 2 Amazon, Linux | 2 Hotpatch, Linux Kernel | 2022-05-03 | 7.2 HIGH | 8.8 HIGH |
| Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. | |||||
| CVE-2021-44833 | 1 Amazon | 1 Aws Opensearch | 2021-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | |||||
| CVE-2021-43811 | 1 Amazon | 1 Sockeye | 2021-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. | |||||
| CVE-2021-43638 | 1 Amazon | 1 Workspaces | 2021-12-09 | 7.2 HIGH | 8.8 HIGH |
| Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-43637 | 1 Amazon | 1 Workspaces | 2021-12-09 | 7.2 HIGH | 8.8 HIGH |
| Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-40830 | 3 Amazon, Linux, Opengroup | 4 Amazon Web Services Aws-c-io, Amazon Web Services Internet Of Things Device Software Development Kit V2, Linux Kernel and 1 more | 2021-12-02 | 5.8 MEDIUM | 8.8 HIGH |
| The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix. | |||||
| CVE-2021-40831 | 2 Amazon, Apple | 3 Amazon Web Services Aws-c-io, Amazon Web Services Internet Of Things Device Software Development Kit V2, Macos | 2021-12-02 | 6.0 MEDIUM | 7.2 HIGH |
| The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS. | |||||
| CVE-2021-40829 | 2 Amazon, Apple | 2 Amazon Web Services Internet Of Things Device Software Development Kit V2, Macos | 2021-12-02 | 5.8 MEDIUM | 8.8 HIGH |
| Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS. | |||||
| CVE-2021-40828 | 2 Amazon, Microsoft | 3 Amazon Web Services Aws-c-io, Amazon Web Services Internet Of Things Device Software Development Kit V2, Windows | 2021-12-02 | 5.8 MEDIUM | 8.8 HIGH |
| Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows. | |||||
| CVE-2021-43997 | 1 Amazon | 1 Freertos | 2021-11-23 | 7.2 HIGH | 7.8 HIGH |
| Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2. | |||||
| CVE-2020-15093 | 1 Amazon | 1 Tough | 2021-10-26 | 5.0 MEDIUM | 8.6 HIGH |
| The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation. | |||||
| CVE-2021-41150 | 1 Amazon | 1 Tough | 2021-10-26 | 3.5 LOW | 6.5 MEDIUM |
| Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. | |||||
| CVE-2021-41149 | 1 Amazon | 1 Tough | 2021-10-25 | 8.5 HIGH | 8.1 HIGH |
| Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. | |||||
| CVE-2021-38112 | 1 Amazon | 1 Aws Workspaces | 2021-09-30 | 9.3 HIGH | 8.8 HIGH |
| In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9. | |||||
| CVE-2021-30355 | 1 Amazon | 2 Kindle, Kindle Firmware | 2021-09-10 | 9.3 HIGH | 8.6 HIGH |
| Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | |||||
| CVE-2021-30354 | 1 Amazon | 2 Kindle, Kindle Firmware | 2021-09-10 | 9.3 HIGH | 8.6 HIGH |
| Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. | |||||
| CVE-2020-36363 | 1 Amazon | 1 Amazon Cloudfront | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | |||||
| CVE-2021-37436 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2021-08-09 | 1.9 LOW | 4.2 MEDIUM |
| Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | |||||
| CVE-2019-9483 | 1 Amazon | 2 Ring Video Doorbell, Ring Video Doorbell Firmware | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | |||||
| CVE-2020-27174 | 1 Amazon | 1 Firecracker | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. | |||||
| CVE-2021-31571 | 1 Amazon | 1 Freertos | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. | |||||
| CVE-2021-31572 | 1 Amazon | 1 Freertos | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | |||||
| CVE-2021-31828 | 1 Amazon | 1 Open Distro | 2021-05-18 | 5.5 MEDIUM | 7.1 HIGH |
| An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope. | |||||
| CVE-2021-32020 | 1 Amazon | 1 Freertos | 2021-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. | |||||
| CVE-2018-19981 | 1 Amazon | 1 Aws Software Development Kit | 2021-05-10 | 9.0 HIGH | 7.2 HIGH |
| Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms). | |||||
| CVE-2012-5781 | 1 Amazon | 1 Elastic Load Balancing | 2021-05-10 | 5.8 MEDIUM | N/A |
| Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager. | |||||
| CVE-2020-28472 | 1 Amazon | 2 Aws Sdk For Javascipt, Aws Shared Configuration File Loader | 2021-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. | |||||
| CVE-2020-8897 | 1 Amazon | 1 Aws Encryption Sdk | 2020-12-02 | 5.5 MEDIUM | 8.1 HIGH |
| A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later. | |||||
| CVE-2018-16522 | 1 Amazon | 1 Amazon Web Services Freertos | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt. | |||||
| CVE-2019-7399 | 1 Amazon | 1 Fire Os | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. | |||||
| CVE-2019-3984 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | |||||
| CVE-2019-13120 | 1 Amazon | 1 Freertos | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability. | |||||
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | |||||
| CVE-2020-16843 | 1 Amazon | 1 Firecracker | 2020-08-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. | |||||
| CVE-2020-8911 | 1 Amazon | 1 Aws S3 Crypto Sdk | 2020-08-18 | 2.1 LOW | 5.6 MEDIUM |
| A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | |||||
| CVE-2020-8912 | 1 Amazon | 1 Aws S3 Crypto Sdk | 2020-08-17 | 2.1 LOW | 2.5 LOW |
| A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | |||||