AWS-2021-001
AWS BulletinExploited2021-01-26
Sudo Security Issue (CVE-2021-3156)
CVEs:CVE-2021-3156
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 4 are already weaponised in the wild — see the Exploited section.
Sudo Security Issue (CVE-2021-3156)
CVEs:CVE-2021-3156
ALAS-2021-1477: kernel (important)
CVEs:CVE-2019-19813CVE-2019-19816CVE-2020-27815CVE-2020-29568CVE-2020-29569CVE-2020-29660CVE-2020-29661
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| kernel | affected | Amazon | kernel | — |
ALAS-2021-1478: sudo (important)
CVEs:CVE-2021-3156
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| sudo | affected | Amazon | sudo | — |
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
CVEs:CVE-2020-28472
ALAS-2021-1457: bind (medium)
CVEs:CVE-2020-8622
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| bind | affected | Amazon | bind | — |
ALAS-2021-1458: e2fsprogs (medium)
CVEs:CVE-2019-5094CVE-2019-5188
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| e2fsprogs | affected | Amazon | e2fsprogs | — |
ALAS-2021-1459: expat (medium)
CVEs:CVE-2018-20843CVE-2019-15903
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| expat | affected | Amazon | expat | — |
ALAS-2021-1460: java-1.8.0-openjdk (medium)
CVEs:CVE-2020-14779CVE-2020-14781CVE-2020-14782CVE-2020-14792CVE-2020-14796CVE-2020-14797CVE-2020-14803
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| java-1.8.0-openjdk | affected | Amazon | java-1.8.0-openjdk | — |
ALAS-2021-1461: kernel (medium)
CVEs:CVE-2019-19770CVE-2020-14351CVE-2020-25656CVE-2020-25668CVE-2020-25669CVE-2020-25704CVE-2020-27673CVE-2020-27675CVE-2020-27777CVE-2020-28941CVE-2020-28974CVE-2020-8694
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| kernel | affected | Amazon | kernel | — |
ALAS-2021-1462: libX11 (important)
CVEs:CVE-2020-14363
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| libX11 | affected | Amazon | libX11 | — |
ALAS-2021-1463: libxslt (medium)
CVEs:CVE-2019-11068CVE-2019-18197
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| libxslt | affected | Amazon | libxslt | — |
ALAS-2021-1464: mysql56 (medium)
CVEs:CVE-2020-14672CVE-2020-14765CVE-2020-14769CVE-2020-14793
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| mysql56 | affected | Amazon | mysql56 | — |
ALAS-2021-1465: net-snmp (important)
CVEs:CVE-2020-15862
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| net-snmp | affected | Amazon | net-snmp | — |
ALAS-2021-1466: php7-pear (medium)
CVEs:CVE-2020-28948CVE-2020-28949
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| php7-pear | affected | Amazon | php7-pear | — |
ALAS-2021-1467: qemu-kvm (medium)
CVEs:CVE-2019-15890
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| qemu-kvm | affected | Amazon | qemu-kvm | — |
ALAS-2021-1468: ruby20 (medium)
CVEs:CVE-2020-25613
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| ruby20 | affected | Amazon | ruby20 | — |
ALAS-2021-1469: samba (critical)
CVEs:CVE-2020-14318CVE-2020-14323CVE-2020-1472
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| samba | affected | Amazon | samba | — |
ALAS-2021-1470: tigervnc (medium)
CVEs:CVE-2019-15691CVE-2019-15692CVE-2019-15693CVE-2019-15694CVE-2019-15695
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| tigervnc | affected | Amazon | tigervnc | — |
ALAS-2021-1471: golang (medium)
CVEs:CVE-2020-28362CVE-2020-28366CVE-2020-28367
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| golang | affected | Amazon | golang | — |
ALAS-2021-1472: tomcat7 (low)
CVEs:CVE-2020-1935
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| tomcat7 | affected | Amazon | tomcat7 | — |
ALAS-2021-1473: tomcat8 (medium)
CVEs:CVE-2020-17527
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| tomcat8 | affected | Amazon | tomcat8 | — |
ALAS-2021-1474: vim (medium)
CVEs:CVE-2019-20807
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| vim | affected | Amazon | vim | — |
ALAS-2021-1475: xorg-x11-server (important)
CVEs:CVE-2020-14345CVE-2020-14346CVE-2020-14361CVE-2020-14362
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| xorg-x11-server | affected | Amazon | xorg-x11-server | — |
ALAS-2021-1476: postgresql95, postgresql96 (important)
CVEs:CVE-2020-25694CVE-2020-25695CVE-2020-25696
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| postgresql95, postgresql96 | affected | Amazon | postgresql95, postgresql96 | — |
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.