Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-29527 | Unspecified vulnerability in Amazon SSM Agent Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. local amazon | 6.9 |
| 2022-04-19 | CVE-2021-3100 | Improper Privilege Management vulnerability in Amazon Log4Jhotpatch The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | 7.2 |
| 2022-04-19 | CVE-2022-0070 | Improper Privilege Management vulnerability in Amazon Hotpatch Incomplete fix for CVE-2021-3100. | 7.2 |
| 2022-04-14 | CVE-2022-25165 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 6.9 |
| 2022-04-14 | CVE-2022-25166 | Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 4.3 |
| 2022-02-24 | CVE-2022-24709 | Cross-site Scripting vulnerability in Amazon Awsui/Components-React @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. | 4.3 |
| 2022-02-24 | CVE-2022-25809 | Command Injection vulnerability in Amazon Echo DOT Firmware Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | 9.0 |
| 2021-12-12 | CVE-2021-44833 | Incorrect Default Permissions vulnerability in Amazon AWS Opensearch 1.0.0 The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | 7.5 |
| 2021-12-08 | CVE-2021-43811 | Code Injection vulnerability in Amazon Sockeye Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. | 6.8 |
| 2021-12-07 | CVE-2021-43637 | Classic Buffer Overflow vulnerability in Amazon Workspaces Amazon WorkSpaces agent is affected by Buffer Overflow. | 7.2 |