High
CVE-2021-30355
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
Tag: Amazon Kindle
All CVEs associated with "Amazon Kindle". Page 1/1 • 17 CVEs.
About “Amazon Kindle”
A curated feed of “Amazon Kindle”-related CVEs appears below. We currently track 17 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.1 (all time), and 65% are rated High/Critical (all time). Top CWEs (all time): CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), CWE-310 - CWE-310, CWE-269 - Improper Privilege Management.
In our taxonomy this topic maps to a LOW impact class. Mobile OS and devices protect account and app access. Update OS, enforce MDM policies, disable sideloading, and restrict developer options. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: kindle
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| kindle-scribe-3 | 5.19.2 | |||
| kindle-scribe-colorsoft-1 | 5.19.2 | |||
| kindle-scribe-2024 | 5.19.2 | |||
| kindle-colorsoft-1 | 5.19.2 | |||
| paperwhite-12 | 5.19.2 | |||
| kindle-11-2024 | 5.19.2 | |||
| kindle-scribe-2022 | 5.19.2 | |||
| kindle-11-2022 | 5.19.2 | |||
| paperwhite-11 | 5.19.2 | |||
| oasis-10 | 5.18.2 | |||
| kindle-10 | 5.18.1 | |||
| paperwhite-10 | 5.18.1 | |||
| oasis-9 | 5.16.2.1.1 | Expired | ||
| kindle-8 | 5.16.2.1.1 | Expired | ||
| oasis-8 | 5.16.2.1.1 | Expired | ||
| paperwhite-7 | 5.16.2.1.1 | Expired | ||
| voyage-7 | 5.13.6 | Expired | ||
| kindle-7 | 5.12.2.2 | Expired | ||
| paperwhite-6 | 5.12.2.2 | Expired | ||
| paperwhite-5 | 5.6.1.1 | Expired | ||
| kindle-5 | 4.1.4 | - Expired | ||
| kindle-4 | 4.1.4 | - Expired | ||
| touch-4 | 5.3.7.3 | - Expired | ||
| keyboard-3 | 3.4.3 | - Expired | ||
| dx-2 | 2.5.8 | - Expired | ||
| kindle-2 | 2.5.8 | - Expired | ||
| kindle-1 | 1.2.1 | - Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Amazon Kindle” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2021-09-01
High
CVE-2021-30354
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corrupti…
2018-10-16
High
CVE-2018-11025
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev…
High
CVE-2018-11024
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device…
High
CVE-2018-11023
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device…
High
CVE-2018-11022
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device…
High
CVE-2018-11021
kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on de…
Medium
CVE-2018-11020
kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /…
High
CVE-2018-11019
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device…
2017-03-15
High
CVE-2017-6189
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di…
2015-01-15
Medium
CVE-2014-8869
Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers…
2014-09-28
Medium
CVE-2014-6750
The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…
2014-09-18
Medium
CVE-2014-5925
The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac…
2014-08-30
Medium
CVE-2014-3908
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat…
2012-09-07
Medium
CVE-2010-5268
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by…
2012-08-12
Critical
CVE-2012-4249
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as…
Critical
CVE-2012-4248
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors i…