amazon

202 tracked vulnerabilities.

CVE-2025-5279 HIGH
Amazon Redshift Python Connector 2.0.872-2.1.7 - Improper Certificate Validation
May 27, 2025
EPSS 0.00
CVE-2025-4318 CRITICAL
AWS Amplify Studio - Code Injection
May 05, 2025
EPSS 0.01
CVE-2025-3857 HIGH
Amazon.IonDotnet < 1.3.1 - Denial of Service via RawBinaryReader Binary Deserialization
Apr 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-2888 MEDIUM
Amazon Tough < 0.20.0 - Incorrect Timestamp Validation During Snapshot Rollback
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2887 MEDIUM
Amazon Tough < 0.20.0 - Incorrect Target Rollback Detection
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2886 MEDIUM
Amazon Tough < 0.20.0 - Incorrect Target Source Validation via Delegation Chain
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2885 MEDIUM
Amazon Tough < 0.20.0 - Arbitrary Metadata Version Spoofing via Root Metadata Validation Bypass
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2598 MEDIUM
AWS Cloud Development Kit 2.172.0-2.178.2 - Exposure of Sensitive System Information via Credential Plugin
Mar 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-23206 HIGH
AWS Cloud Development Kit < 2.177.0 - Improper Certificate Validation in OIDC Custom Resource Provider
Jan 17, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-0501 HIGH
Amazon WorkSpaces - Man-In-The-Middle
Jan 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0500 HIGH
Amazon WorkSpaces, AppStream, and DCV Clients - Certificate Validation Session Exposure
Jan 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12746 HIGH
Amazon Redshift ODBC Driver 2.1.5.0 - SQL Injection via SQLTables or SQLColumns Metadata APIs
Dec 24, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-12745 HIGH
Amazon Redshift Python Connector 2.1.4 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-12744 HIGH
Amazon Redshift JDBC Driver 2.1.0.31 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-55886 MEDIUM
OpenSearch Data Prepper 2.1.0-2.10.1 - Unauthenticated OpenTelemetry Logs Ingestion
Dec 12, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-52314 MEDIUM
data.all 1.0.0-2.6.0 - Unauthorized Data Extraction via CloudWatch Log Scanning
Nov 09, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-52313 MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Authorization Bypass via getDataset Query
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-52312 MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization
Nov 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-52311 MEDIUM
data.all 1.0.0-2.6.0 - Insufficient Session Expiration via Cognito Authentication Tokens
Nov 09, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-10953 MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-8901 HIGH
AWS ALB Route Directive Adapter For Istio - Auth Bypass
Oct 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-10125 HIGH
Amazon.ApplicationLoadBalancer.Identity.AspNetCore - Info Disclosure
Oct 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-45037 MEDIUM
AWS Cloud Development Kit 2.142.0-2.148.0 - Incorrect Authorization via RestApi Construct with CognitoUserPoolAuthorizer
Aug 27, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-6387 HIGH
OpenSSH - DoS
Jul 01, 2024
CVSS 8.1
EPSS 1.00
CVE-2024-38373 CRITICAL
FreeRTOS-Plus-TCP <4.1.0 - Buffer Overflow
Jun 24, 2024
CVSS 9.6
EPSS 0.01