CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-30354
https://notcve.org/view.php?id=CVE-2021-30354
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. Amazon Kindle e-reader versiones anteriores a 5.13.4, incluyéndola, contiene un desbordamiento de enteros que conlleva a un desbordamiento de búfer en la región heap de la memoria en la función CJBig2Image::expand() y da lugar a una corrupción de memoria que conlleva a una ejecución de código cuando se analiza un libro PDF diseñado • https://research.checkpoint.com/2021/i-can-take-over-your-kindle • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36363
https://notcve.org/view.php?id=CVE-2020-36363
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. Amazon AWS CloudFront versión TLSv1.2_2019, permite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 y TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, que algunas entidades consideran cifrados débiles. • https://aws.amazon.com/about-aws/whats-new/2020/07/cloudfront-tls-security-policy https://stackoverflow.com/questions/62071604 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37436
https://notcve.org/view.php?id=CVE-2021-37436
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. Unos dispositivos Amazon Echo Dot versiones hasta 02-07-2021 a veces permiten a atacantes, que tienen acceso físico a un dispositivo después de un restablecimiento de fábrica, obtener información confidencial por medio de una serie de complejos ataques de hardware y software. NOTA: según se informa, hubo declaraciones de marketing del proveedor sobre la eliminación segura de contenido personal por medio de un restablecimiento de fábrica. • https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them https://dl.acm.org/doi/pdf/10.1145/3448300.3467820 https://news.ycombinator.com/item?id=27943730 https://www.cpomagazine.com/data-privacy/is-it-possible-to-make-iot-devices-private-amazon-echo-dot-does-not-wipe-personal-content-after-factory-reset •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31828
https://notcve.org/view.php?id=CVE-2021-31828
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope. Un problema de SSRF en Open Distro para Elasticsearch (ODFE) versiones anteriores a 1.13.1.0, permite a un usuario privilegiado existente enumerar los servicios de escucha o interactuar con los recursos configurados por medio de peticiones HTTP que exceden el alcance previsto del plugin Alerting • https://github.com/opendistro-for-elasticsearch/alerting/pull/353 https://opendistro.github.io/for-elasticsearch-docs/version-history https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32020
https://notcve.org/view.php?id=CVE-2021-32020
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. El kernel en Amazon Web Services FreeRTOS versiones anteriores a 10.4.3, presenta una comprobación insuficiente de límites durante la administración de la memoria de la pila • https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/c7a9a01c94987082b223d3e59969ede64363da63 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •