Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-31115 Deserialization of Untrusted Data vulnerability in Amazon Opensearch 1.0.0/2.0.0/2.0.1
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby.
network
amazon CWE-502
6.8
2022-06-17 CVE-2022-33915 Race Condition vulnerability in Amazon Hotpatch 1.112/1.116
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation.
local
amazon CWE-362
4.4
2022-04-20 CVE-2022-29527 Unspecified vulnerability in Amazon SSM Agent
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root.
local
amazon
6.9
2022-04-19 CVE-2021-3100 Improper Privilege Management vulnerability in Amazon Log4Jhotpatch
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
local
low complexity
amazon CWE-269
7.2
2022-04-19 CVE-2022-0070 Improper Privilege Management vulnerability in Amazon Hotpatch
Incomplete fix for CVE-2021-3100.
local
low complexity
amazon CWE-269
7.2
2022-04-14 CVE-2022-25165 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0
An issue was discovered in Amazon AWS VPN Client 2.0.0.
local
amazon CWE-367
6.9
2022-04-14 CVE-2022-25166 Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0
An issue was discovered in Amazon AWS VPN Client 2.0.0.
network
amazon CWE-200
4.3
2022-02-24 CVE-2022-24709 Cross-site Scripting vulnerability in Amazon Awsui/Components-React
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development.
network
amazon CWE-79
4.3
2022-02-24 CVE-2022-25809 Command Injection vulnerability in Amazon Echo DOT Firmware
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
network
low complexity
amazon CWE-77
critical
9.0
2021-12-12 CVE-2021-44833 Incorrect Default Permissions vulnerability in Amazon AWS Opensearch 1.0.0
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
network
low complexity
amazon CWE-276
7.5