amazon

196 tracked vulnerabilities.

CVE-2022-39230 MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
Sep 23, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-35980 HIGH
OpenSearch Security <2.1.0.0 - Info Disclosure
Aug 12, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-31159 HIGH
AWS SDK for Java <1.12.261 - Path Traversal
Jul 15, 2022
CVSS 7.9
EPSS 0.00
CVE-2022-31115 HIGH
opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load
Jun 30, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-33915 HIGH
Amazon AWS Apache Log4j <log4j-cve-2021-44228-hotpatch-1.3.5 - Priv...
Jun 17, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-29527 HIGH
Amazon AWS amazon-ssm-agent < 3.1.1208.0 - Privilege Escalation via World-Writable Sudoers File
Apr 20, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-0070 HIGH
Apache Log4j - Privilege Escalation
Apr 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25166 MEDIUM
Amazon AWS VPN Client 2.0.0 - Exposure of Sensitive Information via UNC Path in OpenVPN Configuration
Apr 14, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-25165 HIGH
Amazon AWS VPN Client 2.0.0 - TOCTOU Race Condition via Configuration File Injection
Apr 14, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-24709 HIGH
@awsui/components-react <3.0.367 - Code Injection
Feb 24, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25809 CRITICAL
Amazon Echo Dot 3rd and 4th Generation - Arbitrary Voice Command Execution via Malicious Skill or Bluetooth Pairing
Feb 24, 2022
CVSS 9.8
EPSS 0.07
CVE-2021-27504 HIGH
Amazon FreeRTOS - Integer Overflow in malloc
Nov 21, 2023
CVSS 7.4
EPSS 0.00
CVE-2021-3100 HIGH
Apache Log4j <log4j-cve-2021-44228-hotpatch-1.1-13 - Privilege Esca...
Apr 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2021-44833 CRITICAL
Amazon AWS OpenSearch CLI 1.0.0 - Incorrect Default Permissions
Dec 12, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-43811 HIGH
Sockeye < 2.3.24 - Remote Code Execution via Unsafe YAML Loading
Dec 08, 2021
CVSS 7.8
EPSS 0.09
CVE-2021-43638 HIGH
Amazon WorkSpaces <v1.0.1.1537 - RCE
Dec 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-43637 HIGH
Amazon WorkSpaces <v1.0.1.1537 - Buffer Overflow
Dec 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-40831 MEDIUM
AWS IoT Device SDK - Info Disclosure
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40830 MEDIUM
AWS IoT Device SDK v2 < 1.5.0/1.5.3/1.6.1/1.12.7 - Improper Certificate Validation
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40829 MEDIUM
AWS IoT Device SDK v2 Certificate Validation Flaw on macOS
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40828 MEDIUM
AWS IoT Device SDK v2 < 1.3.3/1.5.18/1.12.7/1.5.3 - Improper Certificate Validation on Windows
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-43997 HIGH
FreeRTOS 10.2.0-10.4.6 - Privilege Escalation
Nov 17, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-41150 HIGH
Tough < 0.12.0 - Path Traversal via Delegated Role Name Sanitization
Oct 19, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-41149 HIGH
Tough < 0.12.0 - Path Traversal and Arbitrary File Write via Target Name Sanitization Bypass
Oct 19, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-38112 HIGH
Amazon AWS WorkSpaces 3.0.10-3.1.8 - Remote Code Execution via Argument Injection in workspaces:// URI Handler
Sep 22, 2021
CVSS 8.8
EPSS 0.18
Products
freertos 17 amazon_web_services_freertos 14 fire_os 13 opensearch 11 tough 10 freertos-plus-tcp 9 blink_xt2_sync_module_firmware 7 Amazon Athena ODBC driver 6 athena_odbc 6 data.all 5 payfort-php-sdk 5 amazon_web_services_internet_of_things_device_software_development_kit_v2 4 aws_cloud_development_kit 4 aws_software_development_kit 4 firecracker 4 amazon_web_services_aws-c-io 3 aws-lc-sys 3 aws_libcrypto 3 echo_dot_firmware 3 opensearch_data_prepper 3 research_and_engineering_studio 3 tuftool 3 WorkSpaces Client 2 amazon_linux 2 amazon_web_services_redshift_java_database_connectivity_driver 2 audible 2 aws_client_vpn 2 aws_encryption_sdk 2 aws_s3_crypto_sdk 2 awslabs_sandbox_accounts_for_events 2
Quick Filters
Critical CVEs With Exploits In CISA KEV