amazon

196 tracked vulnerabilities.

CVE-2025-2885 MEDIUM
Amazon Tough < 0.20.0 - Arbitrary Metadata Version Spoofing via Root Metadata Validation Bypass
Mar 27, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-2598 MEDIUM
AWS Cloud Development Kit 2.172.0-2.178.2 - Exposure of Sensitive System Information via Credential Plugin
Mar 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-23206 HIGH
AWS Cloud Development Kit < 2.177.0 - Improper Certificate Validation in OIDC Custom Resource Provider
Jan 17, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-0501 HIGH
Amazon WorkSpaces - Man-In-The-Middle
Jan 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0500 HIGH
Amazon WorkSpaces, AppStream, and DCV Clients - Certificate Validation Session Exposure
Jan 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12746 HIGH
Amazon Redshift ODBC Driver 2.1.5.0 - SQL Injection via SQLTables or SQLColumns Metadata APIs
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-12745 HIGH
Amazon Redshift Python Connector 2.1.4 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-12744 HIGH
Amazon Redshift JDBC Driver 2.1.0.31 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-55886 MEDIUM
OpenSearch Data Prepper 2.1.0-2.10.1 - Unauthenticated OpenTelemetry Logs Ingestion
Dec 12, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-52314 MEDIUM
data.all 1.0.0-2.6.0 - Unauthorized Data Extraction via CloudWatch Log Scanning
Nov 09, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-52313 MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Authorization Bypass via getDataset Query
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-52312 MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization
Nov 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-52311 MEDIUM
data.all 1.0.0-2.6.0 - Insufficient Session Expiration via Cognito Authentication Tokens
Nov 09, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-10953 MEDIUM
data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-8901 HIGH
AWS ALB Route Directive Adapter For Istio - Auth Bypass
Oct 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-10125 HIGH
Amazon.ApplicationLoadBalancer.Identity.AspNetCore - Info Disclosure
Oct 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-45037 MEDIUM
AWS Cloud Development Kit 2.142.0-2.148.0 - Incorrect Authorization via RestApi Construct with CognitoUserPoolAuthorizer
Aug 27, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-6387 HIGH
OpenSSH - DoS
Jul 01, 2024
CVSS 8.1
EPSS 0.63
CVE-2024-38373 CRITICAL
FreeRTOS-Plus-TCP <4.1.0 - Buffer Overflow
Jun 24, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-37293 HIGH
AWS Deployment Framework < 4.0.0 - Privilege Escalation via Bootstrap CodeBuild Role
Jun 11, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-28056 CRITICAL
AWS Amplify CLI < 12.10.1 - Incorrect IAM Role Trust Policy Configuration
Apr 15, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-28115 HIGH
FreeRTOS < 10.6.2 - Local Privilege Escalation via Return Oriented Programming
Mar 07, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-27350 MEDIUM
Amazon Fire OS <7.6.6.9-8.1.0.3 - Info Disclosure
Feb 26, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-23680 MEDIUM
AWS Encryption SDK for Java 2.0.0-2.2.0 and <1.9.0 - Improper Verification of Cryptographic Signature
Jan 19, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-21634 HIGH
Amazon Ion < 1.10.5 - Denial of Service via Ion Data Deserialization
Jan 03, 2024
CVSS 7.5
EPSS 0.00
Products
freertos 17 amazon_web_services_freertos 14 fire_os 13 opensearch 11 tough 10 freertos-plus-tcp 9 blink_xt2_sync_module_firmware 7 Amazon Athena ODBC driver 6 athena_odbc 6 data.all 5 payfort-php-sdk 5 amazon_web_services_internet_of_things_device_software_development_kit_v2 4 aws_cloud_development_kit 4 aws_software_development_kit 4 firecracker 4 amazon_web_services_aws-c-io 3 aws-lc-sys 3 aws_libcrypto 3 echo_dot_firmware 3 opensearch_data_prepper 3 research_and_engineering_studio 3 tuftool 3 WorkSpaces Client 2 amazon_linux 2 amazon_web_services_redshift_java_database_connectivity_driver 2 audible 2 aws_client_vpn 2 aws_encryption_sdk 2 aws_s3_crypto_sdk 2 awslabs_sandbox_accounts_for_events 2
Quick Filters
Critical CVEs With Exploits In CISA KEV