amazon
202 tracked vulnerabilities.
CVE-2022-4725
MEDIUM
AWS SDK < 2.59.1 - Server-Side Request Forgery via XML Parser
Dec 27, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-23511
HIGH
Amazon CloudWatch Agent <= 1.247354 - Privilege Escalation via Repair Process
Dec 12, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-41917
MEDIUM
OpenSearch 1.0.0-1.3.6 - Information Disclosure via Text Analyzer File Handling
Nov 16, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-41918
MEDIUM
OpenSearch < 1.3.7 - Incorrect Authorization in Fine-Grained Access Control Rules
Nov 15, 2022
CVSS 6.3
EPSS 0.00
CVE-2022-41906
HIGH
OpenSearch Notifications < 2.2.1.0 - Server-Side Request Forgery via HTTP Requests
Nov 11, 2022
CVSS 8.7
EPSS 0.01
CVE-2022-41828
HIGH
Amazon AWS Redshift JDBC Driver <2.1.0.8 - Code Injection
Sep 29, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-39230
MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
Sep 23, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-35980
HIGH
OpenSearch Security <2.1.0.0 - Info Disclosure
Aug 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-31159
HIGH
AWS SDK for Java <1.12.261 - Path Traversal
Jul 15, 2022
CVSS 7.9
EPSS 0.01
CVE-2022-31115
HIGH
opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load
Jun 30, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-33915
HIGH
Amazon AWS Apache Log4j <log4j-cve-2021-44228-hotpatch-1.3.5 - Priv...
Jun 17, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-29527
HIGH
Amazon AWS amazon-ssm-agent < 3.1.1208.0 - Privilege Escalation via World-Writable Sudoers File
Apr 20, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-0070
HIGH
Apache Log4j - Privilege Escalation
Apr 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25166
MEDIUM
Amazon AWS VPN Client 2.0.0 - Exposure of Sensitive Information via UNC Path in OpenVPN Configuration
Apr 14, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-25165
HIGH
Amazon AWS VPN Client 2.0.0 - TOCTOU Race Condition via Configuration File Injection
Apr 14, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-24709
HIGH
@awsui/components-react <3.0.367 - Code Injection
Feb 24, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-25809
CRITICAL
Amazon Echo Dot 3rd and 4th Generation - Arbitrary Voice Command Execution via Malicious Skill or Bluetooth Pairing
Feb 24, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-27504
HIGH
Amazon FreeRTOS - Integer Overflow in malloc
Nov 21, 2023
CVSS 7.4
EPSS 0.00
CVE-2021-3100
HIGH
Apache Log4j <log4j-cve-2021-44228-hotpatch-1.1-13 - Privilege Esca...
Apr 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2021-44833
CRITICAL
Amazon AWS OpenSearch CLI 1.0.0 - Incorrect Default Permissions
Dec 12, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-43811
HIGH
Sockeye < 2.3.24 - Remote Code Execution via Unsafe YAML Loading
Dec 08, 2021
CVSS 7.8
EPSS 0.02
CVE-2021-43638
HIGH
Amazon WorkSpaces <v1.0.1.1537 - RCE
Dec 07, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-43637
HIGH
Amazon WorkSpaces <v1.0.1.1537 - Buffer Overflow
Dec 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-40831
MEDIUM
AWS IoT Device SDK - Info Disclosure
Nov 23, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-40830
MEDIUM
AWS IoT Device SDK v2 < 1.5.0/1.5.3/1.6.1/1.12.7 - Improper Certificate Validation
Nov 23, 2021
CVSS 6.3
EPSS 0.00
Products
freertos 17
amazon_web_services_freertos 14
fire_os 13
opensearch 11
tough 10
freertos-plus-tcp 9
blink_xt2_sync_module_firmware 7
Amazon Athena ODBC driver 6
athena_odbc 6
data.all 5
firecracker 5
payfort-php-sdk 5
amazon_web_services_internet_of_things_device_software_development_kit_v2 4
aws_cloud_development_kit 4
aws_software_development_kit 4
amazon_web_services_aws-c-io 3
aws-lc-sys 3
aws_libcrypto 3
echo_dot_firmware 3
opensearch_data_prepper 3
research_and_engineering_studio 3
tuftool 3
WorkSpaces Client 2
amazon_linux 2
amazon_web_services_redshift_java_database_connectivity_driver 2
audible 2
aws_client_vpn 2
aws_encryption_sdk 2
aws_s3_crypto_sdk 2
awslabs_sandbox_accounts_for_events 2
Quick Filters