Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23680 | Improper Verification of Cryptographic Signature vulnerability in Amazon AWS Encryption SDK AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. | 5.3 |
| 2024-01-03 | CVE-2024-21634 | Allocation of Resources Without Limits or Throttling vulnerability in Amazon ION Amazon Ion is a Java implementation of the Ion data notation. | 7.5 |
| 2023-12-22 | CVE-2023-51386 | Improper Privilege Management vulnerability in Amazon Awslabs Sandbox Accounts for Events Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. | 3.3 |
| 2023-12-22 | CVE-2023-50928 | Improper Access Control vulnerability in Amazon Awslabs Sandbox Accounts for Events "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. | 9.0 |
| 2023-12-22 | CVE-2023-51651 | Path Traversal vulnerability in Amazon AWS Software Development KIT AWS SDK for PHP is the Amazon Web Services software development kit for PHP. | 3.3 |
| 2023-11-21 | CVE-2021-27504 | Integer Overflow or Wraparound vulnerability in multiple products Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution. | 7.8 |
| 2023-10-16 | CVE-2023-45807 | Improper Preservation of Permissions vulnerability in Amazon Opensearch OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. | 5.4 |
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-06-28 | CVE-2023-36467 | Code Injection vulnerability in Amazon Aws-Dataall AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. | 8.8 |
| 2023-06-23 | CVE-2023-35165 | Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. | 8.8 |