Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-31115 | Deserialization of Untrusted Data vulnerability in Amazon Opensearch 1.0.0/2.0.0/2.0.1 opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. | 6.8 |
| 2022-06-17 | CVE-2022-33915 | Race Condition vulnerability in Amazon Hotpatch 1.112/1.116 Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. | 4.4 |
| 2022-04-20 | CVE-2022-29527 | Unspecified vulnerability in Amazon SSM Agent Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. local amazon | 6.9 |
| 2022-04-19 | CVE-2021-3100 | Improper Privilege Management vulnerability in Amazon Log4Jhotpatch The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | 7.2 |
| 2022-04-19 | CVE-2022-0070 | Improper Privilege Management vulnerability in Amazon Hotpatch Incomplete fix for CVE-2021-3100. | 7.2 |
| 2022-04-14 | CVE-2022-25165 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 6.9 |
| 2022-04-14 | CVE-2022-25166 | Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 4.3 |
| 2022-02-24 | CVE-2022-24709 | Cross-site Scripting vulnerability in Amazon Awsui/Components-React @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. | 4.3 |
| 2022-02-24 | CVE-2022-25809 | Command Injection vulnerability in Amazon Echo DOT Firmware Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | 9.0 |
| 2021-12-12 | CVE-2021-44833 | Incorrect Default Permissions vulnerability in Amazon AWS Opensearch 1.0.0 The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | 7.5 |