amazon
202 tracked vulnerabilities.
CVE-2025-5279
HIGH
Amazon Redshift Python Connector 2.0.872-2.1.7 - Improper Certificate Validation
May 27, 2025
EPSS 0.00
CVE-2025-4318
CRITICAL
AWS Amplify Studio - Code Injection
May 05, 2025
EPSS 0.01
CVE-2025-3857
HIGH
Amazon.IonDotnet < 1.3.1 - Denial of Service via RawBinaryReader Binary Deserialization
Apr 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-2888
MEDIUM
Amazon Tough < 0.20.0 - Incorrect Timestamp Validation During Snapshot Rollback
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2887
MEDIUM
Amazon Tough < 0.20.0 - Incorrect Target Rollback Detection
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2886
MEDIUM
Amazon Tough < 0.20.0 - Incorrect Target Source Validation via Delegation Chain
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2885
MEDIUM
Amazon Tough < 0.20.0 - Arbitrary Metadata Version Spoofing via Root Metadata Validation Bypass
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2598
MEDIUM
AWS Cloud Development Kit 2.172.0-2.178.2 - Exposure of Sensitive System Information via Credential Plugin
Mar 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-23206
HIGH
AWS Cloud Development Kit < 2.177.0 - Improper Certificate Validation in OIDC Custom Resource Provider
Jan 17, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-0501
HIGH
Amazon WorkSpaces - Man-In-The-Middle
Jan 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0500
HIGH
Amazon WorkSpaces, AppStream, and DCV Clients - Certificate Validation Session Exposure
Jan 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12746
HIGH
Amazon Redshift ODBC Driver 2.1.5.0 - SQL Injection via SQLTables or SQLColumns Metadata APIs
Dec 24, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-12745
HIGH
Amazon Redshift Python Connector 2.1.4 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-12744
HIGH
Amazon Redshift JDBC Driver 2.1.0.31 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-55886
MEDIUM
OpenSearch Data Prepper 2.1.0-2.10.1 - Unauthenticated OpenTelemetry Logs Ingestion
Dec 12, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-52314
MEDIUM
data.all 1.0.0-2.6.0 - Unauthorized Data Extraction via CloudWatch Log Scanning
Nov 09, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-52313
MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Authorization Bypass via getDataset Query
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-52312
MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization
Nov 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-52311
MEDIUM
data.all 1.0.0-2.6.0 - Insufficient Session Expiration via Cognito Authentication Tokens
Nov 09, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-10953
MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-8901
HIGH
AWS ALB Route Directive Adapter For Istio - Auth Bypass
Oct 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-10125
HIGH
Amazon.ApplicationLoadBalancer.Identity.AspNetCore - Info Disclosure
Oct 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-45037
MEDIUM
AWS Cloud Development Kit 2.142.0-2.148.0 - Incorrect Authorization via RestApi Construct with CognitoUserPoolAuthorizer
Aug 27, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-6387
HIGH
OpenSSH - DoS
Jul 01, 2024
CVSS 8.1
EPSS 1.00
CVE-2024-38373
CRITICAL
FreeRTOS-Plus-TCP <4.1.0 - Buffer Overflow
Jun 24, 2024
CVSS 9.6
EPSS 0.01
Products
freertos 17
amazon_web_services_freertos 14
fire_os 13
opensearch 11
tough 10
freertos-plus-tcp 9
blink_xt2_sync_module_firmware 7
Amazon Athena ODBC driver 6
athena_odbc 6
data.all 5
firecracker 5
payfort-php-sdk 5
amazon_web_services_internet_of_things_device_software_development_kit_v2 4
aws_cloud_development_kit 4
aws_software_development_kit 4
amazon_web_services_aws-c-io 3
aws-lc-sys 3
aws_libcrypto 3
echo_dot_firmware 3
opensearch_data_prepper 3
research_and_engineering_studio 3
tuftool 3
WorkSpaces Client 2
amazon_linux 2
amazon_web_services_redshift_java_database_connectivity_driver 2
audible 2
aws_client_vpn 2
aws_encryption_sdk 2
aws_s3_crypto_sdk 2
awslabs_sandbox_accounts_for_events 2
Quick Filters