High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-01	CVE-2024-6387	Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). network high complexity openbsd redhat suse debian canonical amazon netapp freebsd netbsd CWE-362	8.1
2024-06-24	CVE-2024-38373	Out-of-bounds Read vulnerability in Amazon Freertos-Plus-Tcp FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. network low complexity amazon CWE-125	8.1
2024-06-11	CVE-2024-37293	Unspecified vulnerability in Amazon AWS Deployment Framework The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. local low complexity amazon	7.8
2024-03-07	CVE-2024-28115	Unspecified vulnerability in Amazon Freertos FreeRTOS is a real-time operating system for microcontrollers. local low complexity amazon	7.8
2024-01-03	CVE-2024-21634	Allocation of Resources Without Limits or Throttling vulnerability in Amazon ION Amazon Ion is a Java implementation of the Ion data notation. network low complexity amazon CWE-770	7.5
2023-11-21	CVE-2021-27504	Integer Overflow or Wraparound vulnerability in multiple products Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution. local low complexity amazon ti CWE-190	7.8
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-06-28	CVE-2023-36467	Code Injection vulnerability in Amazon Aws-Dataall AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. network low complexity amazon CWE-94	8.8
2023-06-23	CVE-2023-35165	Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. network low complexity amazon CWE-863	8.8
2023-05-24	CVE-2023-33248	Unspecified vulnerability in Amazon Alexa 8960323972 Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). low complexity amazon	7.6