amazon

196 tracked vulnerabilities.

CVE-2023-51386 HIGH
Sandbox Accounts for Events - Info Disclosure
Dec 22, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-51651 MEDIUM
AWS SDK for PHP <3.288.1 - Path Traversal
Dec 22, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-50928 HIGH
awslabs_sandbox_accounts_for_events < 1.1.0 - Authenticated Improper Access Control via Non-Existent Event ID
Dec 22, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-45807 MEDIUM
OpenSearch < 1.3.14.0 and OpenSearch Security Plugin 2.0.0.0-2.10.0.0 - Authenticated Unauthorized Metadata Modification
Oct 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-44487 HIGH KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 0.94
CVE-2023-36467 HIGH
AWS data.all <1.5.2 - Authenticated RCE
Jun 28, 2023
CVSS 8.0
EPSS 0.03
CVE-2023-35165 MEDIUM
AWS Cloud Development Kit 1.57.0-1.202.0 and 2.0.0-2.80.0 - Incorrect Authorization via Overly Permissive Trust Policy
Jun 23, 2023
CVSS 6.6
EPSS 0.00
CVE-2023-33248 HIGH
Amazon Alexa software <8960323972 - Info Disclosure
May 24, 2023
CVSS 7.6
EPSS 0.01
CVE-2023-31141 MEDIUM
OpenSearch <1.3.10-2.7.0 - Info Disclosure
May 08, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-1385 HIGH
Amazon Fire TV Stick <6.2.9.5 - Auth Bypass
May 03, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-1384 MEDIUM
Amazon Fire OS < 6.2.9.5 - Cross-Site Scripting via setMediaSource Function
May 03, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-1383 MEDIUM
Amazon Fire TV Stick <6.2.9.5 - Info Disclosure
May 03, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-30610 MEDIUM
aws-sigv4 0.55.0 - Sensitive Information Exposure via Debug Logging
Apr 19, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-25806 MEDIUM
OpenSearch Security - Info Disclosure
Mar 02, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-23933 MEDIUM
OpenSearch 1.0.0-1.3.8 - Authenticated Out-of-bounds Read in Anomaly Detection Plugin
Feb 03, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-23613 MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Exposure of Sensitive Information via Field-Level Security Bypass
Jan 26, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-23612 MEDIUM
OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 - Authenticated Role Impersonation via JWT Role Claim Whitespace Trimming
Jan 26, 2023
CVSS 4.7
EPSS 0.00
CVE-2022-46174 MEDIUM
efs-utils < 1.34.4 - Race Condition in TLS Mount Helper Port Allocation
Dec 28, 2022
CVSS 4.2
EPSS 0.00
CVE-2022-2582 MEDIUM
AWS S3 Crypto SDK - Info Disclosure
Dec 27, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-4725 MEDIUM
AWS SDK < 2.59.1 - Server-Side Request Forgery via XML Parser
Dec 27, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-23511 HIGH
Amazon CloudWatch Agent <= 1.247354 - Privilege Escalation via Repair Process
Dec 12, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-41917 MEDIUM
OpenSearch 1.0.0-1.3.6 - Information Disclosure via Text Analyzer File Handling
Nov 16, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-41918 MEDIUM
OpenSearch < 1.3.7 - Incorrect Authorization in Fine-Grained Access Control Rules
Nov 15, 2022
CVSS 6.3
EPSS 0.00
CVE-2022-41906 HIGH
OpenSearch Notifications < 2.2.1.0 - Server-Side Request Forgery via HTTP Requests
Nov 11, 2022
CVSS 8.7
EPSS 0.00
CVE-2022-41828 HIGH
Amazon AWS Redshift JDBC Driver <2.1.0.8 - Code Injection
Sep 29, 2022
CVSS 8.1
EPSS 0.10
Products
freertos 17 amazon_web_services_freertos 14 fire_os 13 opensearch 11 tough 10 freertos-plus-tcp 9 blink_xt2_sync_module_firmware 7 Amazon Athena ODBC driver 6 athena_odbc 6 data.all 5 payfort-php-sdk 5 amazon_web_services_internet_of_things_device_software_development_kit_v2 4 aws_cloud_development_kit 4 aws_software_development_kit 4 firecracker 4 amazon_web_services_aws-c-io 3 aws-lc-sys 3 aws_libcrypto 3 echo_dot_firmware 3 opensearch_data_prepper 3 research_and_engineering_studio 3 tuftool 3 WorkSpaces Client 2 amazon_linux 2 amazon_web_services_redshift_java_database_connectivity_driver 2 audible 2 aws_client_vpn 2 aws_encryption_sdk 2 aws_s3_crypto_sdk 2 awslabs_sandbox_accounts_for_events 2
Quick Filters
Critical CVEs With Exploits In CISA KEV