Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

amazon — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting amazon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Amazon operates primarily as a global e-commerce platform and cloud computing provider, offering extensive infrastructure services alongside retail operations. With thirty-six recorded Common Vulnerabilities and Exposures, the entity has historically faced risks associated with remote code execution, cross-site scripting, and privilege escalation, reflecting the complexity of its distributed architecture. Security assessments indicate that while the core infrastructure maintains robust controls, peripheral services and third-party integrations often present attack vectors. Notable incidents have included data exposure events and service disruptions, prompting continuous hardening of access controls and encryption standards. The organization’s scale necessitates rigorous monitoring, yet the sheer volume of endpoints and APIs creates a broad attack surface. Analysts observe that while critical backend systems remain resilient, user-facing applications and legacy components occasionally exhibit configuration weaknesses, requiring persistent patch management and vulnerability scanning to mitigate potential exploitation by threat actors targeting sensitive customer data and operational continuity.

Top products by amazon: Amazon Athena ODBC driver data.all Fire TV Stick 3rd gen WorkSpaces Client Amazon Redshift JDBC Driver Amplify Studio Workspaces AWS EFS CSI Driver Ion-C Amazon WorkSpaces Amazon.IonDotnet ECS EMR Q Developer VS Code Extension Cloud Cam FreeRTOS Redshift Amazon Music Player Amazon Ion Dotnet Amazon Redshift Python Connector Amazon Redshift ODBC Driver Amazon.ApplicationLoadBalancer.Identity.AspNetCore Middleware AWS ALB Route Directive Adapter For Istio AWS SDK Blink XT2 Sync Module firmware
CVE IDTitleCVSSSeverityPublished
CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver — Amazon Redshift JDBC DriverCWE-470 8.1 High2026-05-08
CVE-2026-7791 Amazon WorkSpaces 安全漏洞 — WorkspacesCWE-367 7.8 High2026-05-04
CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection — AWS EFS CSI DriverCWE-88 6.5 Medium2026-04-17
CVE-2026-35558 Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-77 7.8 High2026-04-03
CVE-2026-35559 Out-of-bounds write in query processing components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-787 6.5 Medium2026-04-03
CVE-2026-5485 OS command injection in Amazon Athena ODBC driver on Linux — Amazon Athena ODBC driverCWE-78 7.8 High2026-04-03
CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-770 7.5 High2026-04-03
CVE-2026-35561 Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-862 7.4 High2026-04-03
CVE-2026-35560 Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver — Amazon Athena ODBC driverCWE-295 7.4 High2026-04-03
CVE-2025-12829 Amazon Ion C 安全漏洞 — Ion-CCWE-125 6.2 Medium2025-11-07
CVE-2025-12779 Amazon WorkSpaces 安全漏洞 — Amazon WorkSpacesCWE-497 8.8 High2025-11-05
CVE-2025-11573 Denial of Service issue in Amazon.IonDotnet — Amazon.IonDotnetCWE-1286 7.5 High2025-10-09
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent — ECSCWE-277 4.3 Medium2025-08-14
CVE-2025-8904 Privilege escalation issue in Amazon EMR Secret Agent component — EMRCWE-257 8.5 High2025-08-13
CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension — Q Developer VS Code ExtensionCWE-506 4.0 Medium2025-07-30
CVE-2025-6031 Insecure device pairing in end of life Amazon Cloud Cam — Cloud CamCWE-672 7.5 High2025-06-12
CVE-2025-5688 Out of Bounds Write in FreeRTOS-Plus-TCP — FreeRTOSCWE-787 9.8AICriticalAI2025-06-04
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin — RedshiftCWE-295 7.5AIHighAI2025-05-27
CVE-2025-4318 Input validation issue in AWS Amplify Studio UI component properties — Amplify StudioCWE-95 6.4AIMediumAI2025-05-05
CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet — Amazon Ion DotnetCWE-835 7.5 High2025-04-21
CVE-2025-0501 Issue affecting Amazon WorkSpaces Clients (when running PCoIP protocol) — WorkSpaces ClientCWE-295 7.5 High2025-01-15
CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients — WorkSpaces ClientCWE-295 7.5 High2025-01-15
CVE-2024-12746 SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0 — Amazon Redshift ODBC DriverCWE-89 8.0 High2024-12-24
CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4 — Amazon Redshift Python ConnectorCWE-89 8.0 High2024-12-24
CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31 — Amazon Redshift JDBC DriverCWE-89 8.0 High2024-12-24
CVE-2024-52314 data.all admin user may access potentially sensitive data stored by producers via logs — data.allCWE-863 4.9 Medium2024-11-09
CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments — data.allCWE-863 5.4 Medium2024-11-09
CVE-2024-52313 data.all authenticated users can obtain incorrect object level authorizations — data.allCWE-639 4.3 Medium2024-11-09
CVE-2024-10953 data.all authenticated users can perform mutating update operations on persisted notification records — data.allCWE-863 4.3 Medium2024-11-09
CVE-2024-52311 data.all does not invalidate authentication token upon user logout — data.allCWE-613 6.3 Medium2024-11-09

This page lists every published CVE security advisory associated with amazon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.