Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Amazon — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting Amazon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Amazon operates primarily as a global e-commerce platform and cloud computing provider, offering extensive infrastructure services alongside retail operations. With thirty-six recorded Common Vulnerabilities and Exposures, the entity has historically faced risks associated with remote code execution, cross-site scripting, and privilege escalation, reflecting the complexity of its distributed architecture. Security assessments indicate that while the core infrastructure maintains robust controls, peripheral services and third-party integrations often present attack vectors. Notable incidents have included data exposure events and service disruptions, prompting continuous hardening of access controls and encryption standards. The organization’s scale necessitates rigorous monitoring, yet the sheer volume of endpoints and APIs creates a broad attack surface. Analysts observe that while critical backend systems remain resilient, user-facing applications and legacy components occasionally exhibit configuration weaknesses, requiring persistent patch management and vulnerability scanning to mitigate potential exploitation by threat actors targeting sensitive customer data and operational continuity.

Top products by Amazon: Amazon Athena ODBC driver data.all Fire TV Stick 3rd gen WorkSpaces Client Amazon Redshift JDBC Driver Amplify Studio Workspaces AWS EFS CSI Driver Ion-C Amazon WorkSpaces Amazon.IonDotnet ECS EMR Q Developer VS Code Extension Cloud Cam FreeRTOS Redshift Amazon Music Player Amazon Ion Dotnet Amazon Redshift Python Connector Amazon Redshift ODBC Driver Amazon.ApplicationLoadBalancer.Identity.AspNetCore Middleware AWS ALB Route Directive Adapter For Istio AWS SDK Blink XT2 Sync Module firmware
CVE IDTitleCVSSSeverityPublished
CVE-2024-10125 Lack of JWT issuer and signer validation — Amazon.ApplicationLoadBalancer.Identity.AspNetCore MiddlewareCWE-290 7.5 High2024-10-21
CVE-2024-8901 Lack of JWT issuer and signer validation — AWS ALB Route Directive Adapter For IstioCWE-290 7.5 High2024-10-21
CVE-2023-1385 Amazon Fire TV Stick 安全特征问题漏洞 — Fire TV Stick 3rd genCWE-330 7.1 High2023-05-03
CVE-2023-1384 Amazon Fire TV Stick 跨站脚本漏洞 — Fire TV Stick 3rd genCWE-80 4.3 Medium2023-05-03
CVE-2020-8897 Robustness weakness in AWS KMS and Encryption SDKs — AWS SDKCWE-310 4.8 Medium2020-11-16
CVE-2019-3984 Blink XT2 Sync Module 操作系统命令注入漏洞 — Blink XT2 Sync Module firmware 9.8 -2019-12-31
CVE-2018-1169 Amazon Music Player 安全漏洞 — Amazon Music PlayerCWE-78 8.8 -2018-03-02

This page lists every published CVE security advisory associated with Amazon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.