Vulnerabilities > Amazon

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-23511 Improper Handling of Insufficient Privileges vulnerability in Amazon Cloudwatch Agent
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354.
network
low complexity
amazon CWE-274
6.8
2022-11-16 CVE-2022-41917 Information Exposure vulnerability in Amazon Opensearch
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana.
network
low complexity
amazon CWE-200
4.3
2022-11-15 CVE-2022-41918 Incorrect Authorization vulnerability in Amazon Opensearch
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana.
network
low complexity
amazon CWE-863
6.3
2022-11-11 CVE-2022-41906 Server-Side Request Forgery (SSRF) vulnerability in Amazon Opensearch Notifications
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels.
network
low complexity
amazon CWE-918
8.7
2022-09-29 CVE-2022-41828 Incorrect Type Conversion or Cast vulnerability in Amazon web Services Redshift Java Database Connectivity Driver
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
network
high complexity
amazon CWE-704
8.1
2022-06-30 CVE-2022-31115 Deserialization of Untrusted Data vulnerability in Amazon Opensearch 1.0.0/2.0.0/2.0.1
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby.
network
amazon CWE-502
6.8
2022-06-17 CVE-2022-33915 Race Condition vulnerability in Amazon Hotpatch 1.112/1.116
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation.
local
amazon CWE-362
4.4
2022-04-20 CVE-2022-29527 Unspecified vulnerability in Amazon SSM Agent
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root.
local
amazon
6.9
2022-04-19 CVE-2021-3100 Improper Privilege Management vulnerability in Amazon Log4Jhotpatch
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
local
low complexity
amazon CWE-269
8.8
2022-04-19 CVE-2022-0070 Improper Privilege Management vulnerability in Amazon Log4Jhotpatch
Incomplete fix for CVE-2021-3100.
local
low complexity
amazon CWE-269
8.8