Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-12 | CVE-2021-44833 | Incorrect Default Permissions vulnerability in Amazon AWS Opensearch 1.0.0 The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | 7.5 |
| 2021-12-08 | CVE-2021-43811 | Code Injection vulnerability in Amazon Sockeye Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. | 6.8 |
| 2021-12-07 | CVE-2021-43637 | Classic Buffer Overflow vulnerability in Amazon Workspaces Amazon WorkSpaces agent is affected by Buffer Overflow. | 7.2 |
| 2021-12-07 | CVE-2021-43638 | Integer Overflow or Wraparound vulnerability in Amazon Workspaces Amazon Amazon WorkSpaces agent is affected by Integer Overflow. | 7.2 |
| 2021-11-23 | CVE-2021-40828 | Improper Certificate Validation vulnerability in Amazon products Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. | 5.8 |
| 2021-11-23 | CVE-2021-40829 | Improper Certificate Validation vulnerability in Amazon web Services Internet of Things Device Software Development KIT V2 Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. | 5.8 |
| 2021-11-23 | CVE-2021-40830 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. | 5.8 |
| 2021-11-23 | CVE-2021-40831 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. | 6.0 |
| 2021-11-17 | CVE-2021-43997 | Unspecified vulnerability in Amazon Freertos FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. | 7.8 |
| 2021-10-19 | CVE-2021-41150 | Path Traversal vulnerability in Amazon Tough Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. | 3.5 |