Kindle
by Amazon
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30355 | 0.00 | — | 0.07 | Sep 1, 2021 | Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | |||
| CVE-2021-30354 | 0.00 | — | 0.07 | Sep 1, 2021 | Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. | |||
| CVE-2014-3908 | 0.00 | — | 0.01 | Aug 30, 2014 | The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
- CVE-2021-30355Sep 1, 2021risk 0.00cvss —epss 0.07
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
- CVE-2021-30354Sep 1, 2021risk 0.00cvss —epss 0.07
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
- CVE-2014-3908Aug 30, 2014risk 0.00cvss —epss 0.01
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.