amazon
202 tracked vulnerabilities.
CVE-2024-37293
HIGH
AWS Deployment Framework < 4.0.0 - Privilege Escalation via Bootstrap CodeBuild Role
Jun 11, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-28056
CRITICAL
AWS Amplify CLI < 12.10.1 - Incorrect IAM Role Trust Policy Configuration
Apr 15, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-28115
HIGH
FreeRTOS < 10.6.2 - Local Privilege Escalation via Return Oriented Programming
Mar 07, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-27350
MEDIUM
Amazon Fire OS <7.6.6.9-8.1.0.3 - Info Disclosure
Feb 26, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-23680
MEDIUM
AWS Encryption SDK for Java 2.0.0-2.2.0 and <1.9.0 - Improper Verification of Cryptographic Signature
Jan 19, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-21634
HIGH
Amazon Ion < 1.10.5 - Denial of Service via Ion Data Deserialization
Jan 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51386
HIGH
Sandbox Accounts for Events - Info Disclosure
Dec 22, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-51651
MEDIUM
AWS SDK for PHP <3.288.1 - Path Traversal
Dec 22, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-50928
HIGH
awslabs_sandbox_accounts_for_events < 1.1.0 - Authenticated Improper Access Control via Non-Existent Event ID
Dec 22, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-45807
MEDIUM
OpenSearch < 1.3.14.0 and OpenSearch Security Plugin 2.0.0.0-2.10.0.0 - Authenticated Unauthorized Metadata Modification
Oct 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-44487
HIGH
KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 1.00
CVE-2023-36467
HIGH
AWS data.all <1.5.2 - Authenticated RCE
Jun 28, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-35165
MEDIUM
AWS Cloud Development Kit 1.57.0-1.202.0 and 2.0.0-2.80.0 - Incorrect Authorization via Overly Permissive Trust Policy
Jun 23, 2023
CVSS 6.6
EPSS 0.01
CVE-2023-33248
HIGH
Amazon Alexa software <8960323972 - Info Disclosure
May 24, 2023
CVSS 7.6
EPSS 0.01
CVE-2023-31141
MEDIUM
OpenSearch <1.3.10-2.7.0 - Info Disclosure
May 08, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-1385
HIGH
Amazon Fire TV Stick <6.2.9.5 - Auth Bypass
May 03, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-1384
MEDIUM
Amazon Fire OS < 6.2.9.5 - Cross-Site Scripting via setMediaSource Function
May 03, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-1383
MEDIUM
Amazon Fire TV Stick <6.2.9.5 - Info Disclosure
May 03, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-30610
MEDIUM
aws-sigv4 0.55.0 - Sensitive Information Exposure via Debug Logging
Apr 19, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-25806
MEDIUM
OpenSearch Security - Info Disclosure
Mar 02, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-23933
MEDIUM
OpenSearch 1.0.0-1.3.8 - Authenticated Out-of-bounds Read in Anomaly Detection Plugin
Feb 03, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-23613
MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Exposure of Sensitive Information via Field-Level Security Bypass
Jan 26, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-23612
MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Role Impersonation via JWT Role Claim Whitespace Trimming
Jan 26, 2023
CVSS 4.7
EPSS 0.01
CVE-2022-46174
MEDIUM
efs-utils < 1.34.4 - Race Condition in TLS Mount Helper Port Allocation
Dec 28, 2022
CVSS 4.2
EPSS 0.01
CVE-2022-2582
MEDIUM
AWS S3 Crypto SDK - Info Disclosure
Dec 27, 2022
CVSS 4.3
EPSS 0.00
Products
freertos 17
amazon_web_services_freertos 14
fire_os 13
opensearch 11
tough 10
freertos-plus-tcp 9
blink_xt2_sync_module_firmware 7
Amazon Athena ODBC driver 6
athena_odbc 6
data.all 5
firecracker 5
payfort-php-sdk 5
amazon_web_services_internet_of_things_device_software_development_kit_v2 4
aws_cloud_development_kit 4
aws_software_development_kit 4
amazon_web_services_aws-c-io 3
aws-lc-sys 3
aws_libcrypto 3
echo_dot_firmware 3
opensearch_data_prepper 3
research_and_engineering_studio 3
tuftool 3
WorkSpaces Client 2
amazon_linux 2
amazon_web_services_redshift_java_database_connectivity_driver 2
audible 2
aws_client_vpn 2
aws_encryption_sdk 2
aws_s3_crypto_sdk 2
awslabs_sandbox_accounts_for_events 2
Quick Filters