Vulnerabilities > Amazon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-27 | CVE-2022-2582 | Inadequate Encryption Strength vulnerability in Amazon AWS Software Development KIT The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. | 4.3 |
| 2022-12-12 | CVE-2022-23511 | Improper Handling of Insufficient Privileges vulnerability in Amazon Cloudwatch Agent A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. | 6.8 |
| 2022-11-16 | CVE-2022-41917 | Improper Handling of Exceptional Conditions vulnerability in Amazon Opensearch OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. | 4.3 |
| 2022-11-15 | CVE-2022-41918 | Unspecified vulnerability in Amazon Opensearch OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. | 6.3 |
| 2022-09-23 | CVE-2022-39230 | Information Exposure vulnerability in Amazon Fhir-Works-On-Aws-Authz-Smart 3.1.0/3.1.1/3.1.2 fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. | 6.5 |
| 2022-07-15 | CVE-2022-31159 | Path Traversal vulnerability in Amazon Aws-Sdk-Java The AWS SDK for Java enables Java developers to work with Amazon Web Services. | 6.5 |
| 2022-04-14 | CVE-2022-25166 | Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 5.0 |
| 2022-02-24 | CVE-2022-24709 | Cross-site Scripting vulnerability in Amazon Awsui/Components-React @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. | 6.1 |
| 2021-10-19 | CVE-2021-41150 | Path Traversal vulnerability in Amazon Tough Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. | 6.5 |
| 2021-07-24 | CVE-2021-37436 | Unspecified vulnerability in Amazon Echo DOT Firmware 20180427/20210702 Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. high complexity amazon | 4.2 |