Vulnerabilities > Amazon > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-25165 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0
An issue was discovered in Amazon AWS VPN Client 2.0.0.
local
high complexity
amazon CWE-367
7.0
2021-12-07 CVE-2021-43637 Classic Buffer Overflow vulnerability in Amazon Workspaces 1.0
Amazon WorkSpaces agent is affected by Buffer Overflow.
local
low complexity
amazon CWE-120
8.8
2021-12-07 CVE-2021-43638 Integer Overflow or Wraparound vulnerability in Amazon Workspaces 1.0
Amazon Amazon WorkSpaces agent is affected by Integer Overflow.
local
low complexity
amazon CWE-190
8.8
2021-11-23 CVE-2021-40828 Improper Certificate Validation vulnerability in Amazon products
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows.
low complexity
amazon CWE-295
8.8
2021-11-23 CVE-2021-40829 Improper Certificate Validation vulnerability in Amazon web Services Internet of Things Device Software Development KIT V2
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS.
low complexity
amazon CWE-295
8.8
2021-11-23 CVE-2021-40830 Improper Certificate Validation vulnerability in Amazon products
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems.
low complexity
amazon CWE-295
8.8
2021-11-23 CVE-2021-40831 Improper Certificate Validation vulnerability in Amazon products
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems.
network
low complexity
amazon CWE-295
7.2
2021-11-17 CVE-2021-43997 Unspecified vulnerability in Amazon Freertos
FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege.
local
low complexity
amazon
7.8
2021-10-19 CVE-2021-41149 Unspecified vulnerability in Amazon Tough
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories.
network
low complexity
amazon
8.1
2021-09-22 CVE-2021-38112 Argument Injection or Modification vulnerability in Amazon AWS Workspaces
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument.
network
low complexity
amazon CWE-88
8.8