amazon

202 tracked vulnerabilities.

CVE-2022-4725 MEDIUM
AWS SDK < 2.59.1 - Server-Side Request Forgery via XML Parser
Dec 27, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-23511 HIGH
Amazon CloudWatch Agent <= 1.247354 - Privilege Escalation via Repair Process
Dec 12, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-41917 MEDIUM
OpenSearch 1.0.0-1.3.6 - Information Disclosure via Text Analyzer File Handling
Nov 16, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-41918 MEDIUM
OpenSearch < 1.3.7 - Incorrect Authorization in Fine-Grained Access Control Rules
Nov 15, 2022
CVSS 6.3
EPSS 0.00
CVE-2022-41906 HIGH
OpenSearch Notifications < 2.2.1.0 - Server-Side Request Forgery via HTTP Requests
Nov 11, 2022
CVSS 8.7
EPSS 0.01
CVE-2022-41828 HIGH
Amazon AWS Redshift JDBC Driver <2.1.0.8 - Code Injection
Sep 29, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-39230 MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
Sep 23, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-35980 HIGH
OpenSearch Security <2.1.0.0 - Info Disclosure
Aug 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-31159 HIGH
AWS SDK for Java <1.12.261 - Path Traversal
Jul 15, 2022
CVSS 7.9
EPSS 0.01
CVE-2022-31115 HIGH
opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load
Jun 30, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-33915 HIGH
Amazon AWS Apache Log4j <log4j-cve-2021-44228-hotpatch-1.3.5 - Priv...
Jun 17, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-29527 HIGH
Amazon AWS amazon-ssm-agent < 3.1.1208.0 - Privilege Escalation via World-Writable Sudoers File
Apr 20, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-0070 HIGH
Apache Log4j - Privilege Escalation
Apr 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25166 MEDIUM
Amazon AWS VPN Client 2.0.0 - Exposure of Sensitive Information via UNC Path in OpenVPN Configuration
Apr 14, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-25165 HIGH
Amazon AWS VPN Client 2.0.0 - TOCTOU Race Condition via Configuration File Injection
Apr 14, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-24709 HIGH
@awsui/components-react <3.0.367 - Code Injection
Feb 24, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-25809 CRITICAL
Amazon Echo Dot 3rd and 4th Generation - Arbitrary Voice Command Execution via Malicious Skill or Bluetooth Pairing
Feb 24, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-27504 HIGH
Amazon FreeRTOS - Integer Overflow in malloc
Nov 21, 2023
CVSS 7.4
EPSS 0.00
CVE-2021-3100 HIGH
Apache Log4j <log4j-cve-2021-44228-hotpatch-1.1-13 - Privilege Esca...
Apr 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2021-44833 CRITICAL
Amazon AWS OpenSearch CLI 1.0.0 - Incorrect Default Permissions
Dec 12, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-43811 HIGH
Sockeye < 2.3.24 - Remote Code Execution via Unsafe YAML Loading
Dec 08, 2021
CVSS 7.8
EPSS 0.02
CVE-2021-43638 HIGH
Amazon WorkSpaces <v1.0.1.1537 - RCE
Dec 07, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-43637 HIGH
Amazon WorkSpaces <v1.0.1.1537 - Buffer Overflow
Dec 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-40831 MEDIUM
AWS IoT Device SDK - Info Disclosure
Nov 23, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-40830 MEDIUM
AWS IoT Device SDK v2 < 1.5.0/1.5.3/1.6.1/1.12.7 - Improper Certificate Validation
Nov 23, 2021
CVSS 6.3
EPSS 0.00