Amazon Security Vulnerabilities (CVEs)

A UNIX symbolic link following vulnerability in Firecracker's jailer component allows local host users with write access to pre-created jailer directo...

This vulnerability in the Harmonix on AWS framework allows IAM principals within the same AWS account to assume an administrative role due to an overl...

This vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs that overwhelm the system...

OpenSearch Data Prepper versions before 2.12.2 have a vulnerability where OpenSearch sink and source plugins automatically trust all SSL certificates ...

A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can cause an out-of-bounds read when receiving malformed ICMPv6 packet...

A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing allows out-of-bounds reads when receiving IPv6 packets with incorrect payload...

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing can cause an invalid pointer dereference when receiving a UDP/IPv6 packet...

This vulnerability in the tough library allows attackers to supply arbitrary version numbers in root metadata files, potentially causing clients to fe...

This vulnerability in the tough library allows clients to fetch target files from incorrect sources during delegated target rollbacks, potentially lea...

The AWS CDK CLI prints AWS credentials to console output when used with credential plugins that return expiration properties. This exposes sensitive c...

AWS CDK's IAM OIDC custom resource provider has a TLS certificate validation vulnerability where it accepts unauthorized connections. This allows pote...

This SQL injection vulnerability in the Amazon Redshift ODBC Driver allows attackers to execute arbitrary SQL commands through the SQLTables or SQLCol...

This SQL injection vulnerability in Amazon Redshift JDBC Driver version 2.1.0.31 allows attackers to execute arbitrary SQL commands through the getSch...

This vulnerability allows unauthorized users to ingest OpenTelemetry Logs data into OpenSearch Data Prepper when custom authentication plugins are imp...

This vulnerability allows authenticated data.all users to bypass intended access controls by manipulating dataset queries to retrieve sensitive enviro...

This vulnerability in data.all's AWS Cognito integration allows authentication tokens to remain valid after user logout, enabling continued access to ...

A vulnerability in AWS Cloud Development Kit (CDK) versions 2.142.0 through 2.148.0 allows authenticated Amazon Cognito users to gain unintended acces...

This CVE describes a privilege escalation vulnerability in FreeRTOS Kernel affecting ARMv7-M and ARMv8-M ports with MPU support enabled. It allows att...

CVE-2024-21634 is a denial-of-service vulnerability in Amazon Ion's Java library (ion-java) where specially crafted Ion data can cause a StackOverflow...

This vulnerability in Sandbox Accounts for Events allows authenticated users to access sensitive event data by sending crafted requests to the events ...

This vulnerability allows authenticated users to claim and access empty AWS accounts by sending malicious API requests with non-existent event IDs and...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...

This vulnerability allows attackers to send inaudible high-frequency audio commands (16-22 kHz) to Amazon Echo Dot 2nd and 3rd generation devices, pot...

This vulnerability allows attackers to brute-force PIN codes offline due to improper JPAKE implementation where random values are initialized to known...

A partial-path traversal vulnerability in AWS SDK for Java v1 allows attackers to write S3 bucket contents outside the intended destination directory ...

This vulnerability in opensearch-ruby allows remote code execution through unsafe YAML deserialization when connecting to a malicious OpenSearch serve...

CVE-2022-33915 is a local privilege escalation vulnerability in Amazon AWS Apache Log4j hotpatch packages. It affects systems using AWS hotpatch versi...

CVE-2021-3100 is a privilege escalation vulnerability in AWS's Apache Log4j hotpatch package. It allows attackers to gain elevated permissions by expl...

This vulnerability is an incomplete fix for CVE-2021-3100 in Apache Log4j hotpatch packages. It allows attackers to escalate privileges by exploiting ...

This vulnerability allows arbitrary code execution through malicious YAML configuration files in Sockeye neural machine translation framework. Attacke...

This vulnerability is a buffer overflow in the Amazon WorkSpaces agent's IOCTL handler that allows local attackers to execute arbitrary code with kern...

This CVE allows privilege escalation in FreeRTOS on ARMv7-M and ARMv8-M systems with MPU enabled. Non-kernel code can call privileged functions, and a...

CVE-2021-41150 is a path traversal vulnerability in the Tough TUF library that allows attackers to overwrite arbitrary JSON files on the system when r...

CVE-2021-41149 is a path traversal vulnerability in the Tough TUF library that allows attackers to overwrite arbitrary files on the system when cachin...

This vulnerability allows a local attacker with framework user privileges on Amazon Kindle e-readers to escalate to root access. It affects Kindle dev...

This vulnerability allows remote code execution on Amazon Kindle e-readers through a crafted PDF file. An attacker can exploit an integer overflow in ...