amazon

202 tracked vulnerabilities.

CVE-2024-37293 HIGH
AWS Deployment Framework < 4.0.0 - Privilege Escalation via Bootstrap CodeBuild Role
Jun 11, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-28056 CRITICAL
AWS Amplify CLI < 12.10.1 - Incorrect IAM Role Trust Policy Configuration
Apr 15, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-28115 HIGH
FreeRTOS < 10.6.2 - Local Privilege Escalation via Return Oriented Programming
Mar 07, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-27350 MEDIUM
Amazon Fire OS <7.6.6.9-8.1.0.3 - Info Disclosure
Feb 26, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-23680 MEDIUM
AWS Encryption SDK for Java 2.0.0-2.2.0 and <1.9.0 - Improper Verification of Cryptographic Signature
Jan 19, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-21634 HIGH
Amazon Ion < 1.10.5 - Denial of Service via Ion Data Deserialization
Jan 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51386 HIGH
Sandbox Accounts for Events - Info Disclosure
Dec 22, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-51651 MEDIUM
AWS SDK for PHP <3.288.1 - Path Traversal
Dec 22, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-50928 HIGH
awslabs_sandbox_accounts_for_events < 1.1.0 - Authenticated Improper Access Control via Non-Existent Event ID
Dec 22, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-45807 MEDIUM
OpenSearch < 1.3.14.0 and OpenSearch Security Plugin 2.0.0.0-2.10.0.0 - Authenticated Unauthorized Metadata Modification
Oct 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-44487 HIGH KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 1.00
CVE-2023-36467 HIGH
AWS data.all <1.5.2 - Authenticated RCE
Jun 28, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-35165 MEDIUM
AWS Cloud Development Kit 1.57.0-1.202.0 and 2.0.0-2.80.0 - Incorrect Authorization via Overly Permissive Trust Policy
Jun 23, 2023
CVSS 6.6
EPSS 0.01
CVE-2023-33248 HIGH
Amazon Alexa software <8960323972 - Info Disclosure
May 24, 2023
CVSS 7.6
EPSS 0.01
CVE-2023-31141 MEDIUM
OpenSearch <1.3.10-2.7.0 - Info Disclosure
May 08, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-1385 HIGH
Amazon Fire TV Stick <6.2.9.5 - Auth Bypass
May 03, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-1384 MEDIUM
Amazon Fire OS < 6.2.9.5 - Cross-Site Scripting via setMediaSource Function
May 03, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-1383 MEDIUM
Amazon Fire TV Stick <6.2.9.5 - Info Disclosure
May 03, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-30610 MEDIUM
aws-sigv4 0.55.0 - Sensitive Information Exposure via Debug Logging
Apr 19, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-25806 MEDIUM
OpenSearch Security - Info Disclosure
Mar 02, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-23933 MEDIUM
OpenSearch 1.0.0-1.3.8 - Authenticated Out-of-bounds Read in Anomaly Detection Plugin
Feb 03, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-23613 MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Exposure of Sensitive Information via Field-Level Security Bypass
Jan 26, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-23612 MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Role Impersonation via JWT Role Claim Whitespace Trimming
Jan 26, 2023
CVSS 4.7
EPSS 0.01
CVE-2022-46174 MEDIUM
efs-utils < 1.34.4 - Race Condition in TLS Mount Helper Port Allocation
Dec 28, 2022
CVSS 4.2
EPSS 0.01
CVE-2022-2582 MEDIUM
AWS S3 Crypto SDK - Info Disclosure
Dec 27, 2022
CVSS 4.3
EPSS 0.00