Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-29527 Unspecified vulnerability in Amazon SSM Agent
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root.
local
amazon
6.9
2022-04-19 CVE-2021-3100 Improper Privilege Management vulnerability in Amazon Log4Jhotpatch
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
local
low complexity
amazon CWE-269
7.2
2022-04-19 CVE-2022-0070 Improper Privilege Management vulnerability in Amazon Hotpatch
Incomplete fix for CVE-2021-3100.
local
low complexity
amazon CWE-269
7.2
2022-04-14 CVE-2022-25165 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0
An issue was discovered in Amazon AWS VPN Client 2.0.0.
local
amazon CWE-367
6.9
2022-04-14 CVE-2022-25166 Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0
An issue was discovered in Amazon AWS VPN Client 2.0.0.
network
amazon CWE-200
4.3
2022-02-24 CVE-2022-24709 Cross-site Scripting vulnerability in Amazon Awsui/Components-React
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development.
network
amazon CWE-79
4.3
2022-02-24 CVE-2022-25809 Command Injection vulnerability in Amazon Echo DOT Firmware
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
network
low complexity
amazon CWE-77
critical
9.0
2021-12-12 CVE-2021-44833 Incorrect Default Permissions vulnerability in Amazon AWS Opensearch 1.0.0
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
network
low complexity
amazon CWE-276
7.5
2021-12-08 CVE-2021-43811 Code Injection vulnerability in Amazon Sockeye
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch.
network
amazon CWE-94
6.8
2021-12-07 CVE-2021-43637 Classic Buffer Overflow vulnerability in Amazon Workspaces
Amazon WorkSpaces agent is affected by Buffer Overflow.
local
low complexity
amazon CWE-120
7.2