Vulnerabilities > Amazon > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2024-21634 | Allocation of Resources Without Limits or Throttling vulnerability in Amazon ION Amazon Ion is a Java implementation of the Ion data notation. | 7.5 |
| 2023-11-21 | CVE-2021-27504 | Integer Overflow or Wraparound vulnerability in multiple products Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution. | 7.8 |
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-06-28 | CVE-2023-36467 | Code Injection vulnerability in Amazon Aws-Dataall AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. | 8.8 |
| 2023-06-23 | CVE-2023-35165 | Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. | 8.8 |
| 2023-05-24 | CVE-2023-33248 | Unspecified vulnerability in Amazon Alexa 8960323972 Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). low complexity amazon | 7.6 |
| 2023-05-03 | CVE-2023-1385 | Use of Insufficiently Random Values vulnerability in Amazon Fire OS Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. | 8.8 |
| 2023-01-26 | CVE-2023-23612 | Improper Authentication vulnerability in Amazon Opensearch OpenSearch is an open source distributed and RESTful search engine. | 8.8 |
| 2022-11-11 | CVE-2022-41906 | Server-Side Request Forgery (SSRF) vulnerability in Amazon Opensearch Notifications OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. | 8.7 |
| 2022-09-29 | CVE-2022-41828 | Incorrect Type Conversion or Cast vulnerability in Amazon web Services Redshift Java Database Connectivity Driver In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. | 8.1 |