Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

aws — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting aws. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by aws:toughResearch and Engineering Studio (RES)AWS-LCaws-cdkKiro IDEFreeRTOS-Plus-TCPClient VPNAWS Serverless Application Model Command Line InterfaceFirecrackerSageMaker Python SDKsagemaker-python-sdkAWS Ops WheelAWS SDK for RubyS3 Encryption Client for GoS3 Encryption Client for JavaJDBC WrapperS3 Encryption Client for .NETAWS SDK for PHPaws-sdk-netAWS API MCP ServerBedrock AgentCore Starter Toolkitaws-c-event-streamAWS Encryption SDK for PythonAWS SDK for C++Harmonix on AWSWickramazon-cloudwatch-agentFreeRTOS-Plus_TCPCloud Development Kit Command Line Interfaceaws/sagemaker-python-sdk
CVE IDTitleCVSSSeverityPublished
CVE-2025-14503 Overly Permissive Trust Policy in Harmonix on AWS EKS — Harmonix on AWSCWE-266 7.2 High2025-12-15
CVE-2025-13524 Amazon Web Services Wickr 安全漏洞 — WickrCWE-404 5.7 Medium2025-11-21
CVE-2025-12967 Npgsql 安全漏洞 — JDBC WrapperCWE-470 8.0 High2025-11-10
CVE-2025-12815 Amazon Web Services Research and Engineering Studio 安全漏洞 — Research and Engineering Studio (RES)CWE-283 4.3 Medium2025-11-06
CVE-2025-11618 Invalid Pointer Dereference when receiving UDP/IPv6 packets in FreeRTOS-Plus-TCP — FreeRTOS-Plus-TCPCWE-476 4.3 Medium2025-10-10
CVE-2025-11617 Buffer Over-read when receiving IPv6 packets with incorrect payload length in FreeRTOS-Plus-TCP — FreeRTOS-Plus-TCPCWE-126 5.4 Medium2025-10-10
CVE-2025-11616 Buffer Over-read when receiving improperly sized ICMPv6 packets in FreeRTOS-Plus-TCP — FreeRTOS-Plus_TCPCWE-126 5.4 Medium2025-10-10
CVE-2025-11462 Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client — Client VPNCWE-59 7.8 High2025-10-07
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client — Client VPNCWE-276 7.8 High2025-07-23
CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache — AWS Serverless Application Model Command Line InterfaceCWE-61 6.5 Medium2025-03-31
CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container — AWS Serverless Application Model Command Line InterfaceCWE-61 6.5 Medium2025-03-31
CVE-2025-2888 Improper timestamp caching during snapshot rollback in tough — toughCWE-1025 3.7AILowAI2025-03-27
CVE-2025-2887 Failure to detect delegated target rollback in tough — toughCWE-1025 5.3AIMediumAI2025-03-27
CVE-2025-2886 Terminating targets role delegations are not respected in tough — toughCWE-670 4.3AIMediumAI2025-03-27
CVE-2025-2885 Root metadata version not validated in tough — toughCWE-1288 6.5AIMediumAI2025-03-27
CVE-2025-2598 AWS CDK CLI prints AWS credentials retrieved by custom credential plugins — Cloud Development Kit Command Line InterfaceCWE-497 5.5 Medium2025-03-21
CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk — aws/sagemaker-python-sdkCWE-328 7.5 -2025-03-20
CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center — Temporary Elevated Access Management (TEAM) for AWS IAM Identity CenterCWE-807 4.3 Medium2025-03-04
CVE-2025-0851 Path traversal issue in Deep Java Library — DeepJavaLibraryCWE-36 9.8 Critical2025-01-29
CVE-2025-0693 Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration — AWS Sign-in IAM Login FlowCWE-204 5.3 Medium2025-01-23
CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk — aws-cdkCWE-347 8.1 -2025-01-17
CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template — aws-cdkCWE-863 6.4 Medium2024-08-27
CVE-2024-32888 Amazon JDBC Driver for Redshift SQL Injection via line comment generation — amazon-redshift-jdbc-driverCWE-89 10.0 Critical2024-05-15
CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk — sagemaker-python-sdkCWE-502 7.8 High2024-05-03
CVE-2024-34073 Command Injection in sagemaker-python-sdk — sagemaker-python-sdkCWE-78 7.8 High2024-05-03
CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP — aws-sdk-phpCWE-22 6.0 Medium2023-12-22
CVE-2023-35165 AWS CDK EKS overly permissive trust policies — aws-cdkCWE-863 6.6 Medium2023-06-23
CVE-2022-46174 Race condition during concurrent TLS mounts in efs-utils — efs-utilsCWE-362 4.2 Medium2022-12-28
CVE-2022-23511 Amazon CloudWatch Agent 安全漏洞 — amazon-cloudwatch-agentCWE-274 7.1 High2022-12-12
CVE-2022-31159 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 — aws-sdk-javaCWE-22 7.9 High2022-07-15

This page lists every published CVE security advisory associated with aws. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.