Vulnerabilities > Amazon > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2024-06-24 CVE-2024-38373 Out-of-bounds Read vulnerability in Amazon Freertos-Plus-Tcp
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS.
network
low complexity
amazon CWE-125
8.1
2024-06-11 CVE-2024-37293 Unspecified vulnerability in Amazon AWS Deployment Framework
The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization.
local
low complexity
amazon
7.8
2024-03-07 CVE-2024-28115 Unspecified vulnerability in Amazon Freertos
FreeRTOS is a real-time operating system for microcontrollers.
local
low complexity
amazon
7.8
2024-01-03 CVE-2024-21634 Unspecified vulnerability in Amazon ION
Amazon Ion is a Java implementation of the Ion data notation.
network
low complexity
amazon
7.5
2023-11-21 CVE-2021-27504 Integer Overflow or Wraparound vulnerability in multiple products
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.
local
low complexity
amazon ti CWE-190
7.8
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-06-28 CVE-2023-36467 Unspecified vulnerability in Amazon Aws-Dataall
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services.
network
low complexity
amazon
8.8
2023-06-23 CVE-2023-35165 Unspecified vulnerability in Amazon AWS Cloud Development KIT
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
network
low complexity
amazon
8.8
2023-05-24 CVE-2023-33248 Unspecified vulnerability in Amazon Alexa 8960323972
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing).
low complexity
amazon
7.6