Vulnerabilities
Vulnerable Software
Amazon:  Security Vulnerabilities
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.
CVSS Score
8.2
EPSS Score
0.012
Published
2021-10-19
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.
CVSS Score
8.2
EPSS Score
0.011
Published
2021-10-19
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
CVSS Score
8.8
EPSS Score
0.065
Published
2021-09-22
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
CVSS Score
8.6
EPSS Score
0.069
Published
2021-09-01
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
CVSS Score
8.6
EPSS Score
0.07
Published
2021-09-01
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-08-12
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.
CVSS Score
4.2
EPSS Score
0.003
Published
2021-07-24
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
CVSS Score
7.1
EPSS Score
0.009
Published
2021-05-06
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
CVSS Score
9.8
EPSS Score
0.013
Published
2021-05-03
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.
CVSS Score
9.8
EPSS Score
0.014
Published
2021-04-22


Contact Us

Shodan ® - All rights reserved