VYPR
Vendor

Amazon

Amazon.com, Inc. is an American multinational technology company engaged in e-commerce, cloud computing, online advertising, digital streaming, and artificial intelligence. Founded in 1994 by Jeff Bezos in Bellevue, Washington, the company originally started as an online marketplace for books but gradually expanded its offerings to include a wide range of product categories, referred to as "The Everything Store". Amazon has been described as a Big Tech company.

Founded 1994
Products
69
CVEs
108
Across products
95
Status
Private

Products

69
View all 69 products →

Recent CVEs

108
View all 108 CVEs →
  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2015-7292CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.

  • CVE-2026-31431HigKEVApr 22, 2026
    risk 0.59cvss 7.8epss 0.97

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…

  • CVE-2026-10591HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json),…

  • CVE-2026-5709HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser…

  • CVE-2026-5708HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile…

  • CVE-2026-5707HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a…

  • CVE-2025-12779HigNov 5, 2025
    risk 0.57cvss 8.8epss 0.00

    Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be…

  • CVE-2018-1169HigMar 2, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2025-8904HigAug 13, 2025
    risk 0.55cvss 8.5epss 0.00

    Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to…

  • CVE-2026-5485HigApr 3, 2026
    risk 0.51cvss 7.8epss 0.01

    OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local…

  • CVE-2026-35558HigApr 3, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by…

  • CVE-2026-5429HigApr 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue…

  • CVE-2026-0830HigJan 9, 2026
    risk 0.51cvss 7.8epss 0.01

    Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

  • CVE-2025-8069HigJul 23, 2025
    risk 0.51cvss 7.8epss 0.00

    During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the…

  • CVE-2017-17069HigDec 6, 2017
    risk 0.51cvss 7.8epss 0.02

    ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.

  • CVE-2017-9450HigOct 30, 2017
    risk 0.51cvss 7.8epss 0.00

    The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

  • CVE-2026-35562HigApr 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. …

  • CVE-2025-6031HigJun 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due…