Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

amazon — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting amazon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by amazon:Amazon Athena ODBC driverdata.allFire TV Stick 3rd genWorkSpaces ClientAmplify StudioAWS EFS CSI DriverIon-CAmazon WorkSpacesAmazon.IonDotnetECSEMRQ Developer VS Code ExtensionCloud CamFreeRTOSRedshiftAmazon Music PlayerAmazon Ion DotnetAmazon Redshift JDBC DriverAmazon Redshift Python ConnectorAmazon Redshift ODBC DriverAmazon.ApplicationLoadBalancer.Identity.AspNetCore MiddlewareAWS ALB Route Directive Adapter For IstioAWS SDKBlink XT2 Sync Module firmware
CVE IDTitleCVSSSeverityPublished
CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection — AWS EFS CSI DriverCWE-88 6.5 Medium2026-04-17
CVE-2026-35558 Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-77 7.8 High2026-04-03
CVE-2026-35559 Out-of-bounds write in query processing components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-787 6.5 Medium2026-04-03
CVE-2026-5485 OS command injection in Amazon Athena ODBC driver on Linux — Amazon Athena ODBC driverCWE-78 7.8 High2026-04-03
CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-770 7.5 High2026-04-03
CVE-2026-35561 Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-862 7.4 High2026-04-03
CVE-2026-35560 Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-295 7.4 High2026-04-03
CVE-2025-12829 Amazon Ion C 安全漏洞 — Ion-CCWE-125 6.2 Medium2025-11-07
CVE-2025-12779 Amazon WorkSpaces 安全漏洞 — Amazon WorkSpacesCWE-497 8.8 High2025-11-05
CVE-2025-11573 Denial of Service issue in Amazon.IonDotnet — Amazon.IonDotnetCWE-1286 7.5 High2025-10-09
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent — ECSCWE-277 4.3 Medium2025-08-14
CVE-2025-8904 Privilege escalation issue in Amazon EMR Secret Agent component — EMRCWE-257 8.5 High2025-08-13
CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension — Q Developer VS Code ExtensionCWE-506 4.0 Medium2025-07-30
CVE-2025-6031 Insecure device pairing in end of life Amazon Cloud Cam — Cloud CamCWE-672 7.5 High2025-06-12
CVE-2025-5688 Out of Bounds Write in FreeRTOS-Plus-TCP — FreeRTOSCWE-787 9.8AICriticalAI2025-06-04
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin — RedshiftCWE-295 7.5AIHighAI2025-05-27
CVE-2025-4318 Input validation issue in AWS Amplify Studio UI component properties — Amplify StudioCWE-95 6.4AIMediumAI2025-05-05
CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet — Amazon Ion DotnetCWE-835 7.5 High2025-04-21
CVE-2025-0501 Issue affecting Amazon WorkSpaces Clients (when running PCoIP protocol) — WorkSpaces ClientCWE-295 7.5 High2025-01-15
CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients — WorkSpaces ClientCWE-295 7.5 High2025-01-15
CVE-2024-12746 SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0 — Amazon Redshift ODBC DriverCWE-89 8.0 High2024-12-24
CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4 — Amazon Redshift Python ConnectorCWE-89 8.0 High2024-12-24
CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31 — Amazon Redshift JDBC DriverCWE-89 8.0 High2024-12-24
CVE-2024-52314 data.all admin user may access potentially sensitive data stored by producers via logs — data.allCWE-863 4.9 Medium2024-11-09
CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments — data.allCWE-863 5.4 Medium2024-11-09
CVE-2024-52313 data.all authenticated users can obtain incorrect object level authorizations — data.allCWE-639 4.3 Medium2024-11-09
CVE-2024-10953 data.all authenticated users can perform mutating update operations on persisted notification records — data.allCWE-863 4.3 Medium2024-11-09
CVE-2024-52311 data.all does not invalidate authentication token upon user logout — data.allCWE-613 6.3 Medium2024-11-09
CVE-2024-10125 Lack of JWT issuer and signer validation — Amazon.ApplicationLoadBalancer.Identity.AspNetCore MiddlewareCWE-290 7.5 High2024-10-21
CVE-2024-8901 Lack of JWT issuer and signer validation — AWS ALB Route Directive Adapter For IstioCWE-290 7.5 High2024-10-21

This page lists every published CVE security advisory associated with amazon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.