VYPR
Vendor

Awslabs

Products
10
CVEs
17
Across products
17
Status
Private

Products

10

Recent CVEs

17
  • CVE-2026-12043HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted…

  • CVE-2024-8901HigOct 22, 2024
    risk 0.49cvss 7.5epss 0.00

    The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but…

  • CVE-2024-10125HigOct 22, 2024
    risk 0.49cvss 7.5epss 0.00

    The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in…

  • CVE-2026-5190HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To…

  • CVE-2026-6968MedApr 24, 2026
    risk 0.38cvss 5.9epss 0.01

    Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in…

  • CVE-2026-6967MedApr 24, 2026
    risk 0.38cvss 5.9epss 0.00

    Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the…

  • CVE-2026-6966MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.00

    Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept…

  • CVE-2024-28823MedMar 11, 2024
    risk 0.33cvss 6.1epss 0.00

    Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.

  • CVE-2025-14503Dec 15, 2025
    risk 0.00cvss epss 0.00

    An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which…

  • CVE-2023-51386Dec 22, 2023
    risk 0.00cvss epss 0.00

    Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting…

  • CVE-2023-50928Dec 22, 2023
    risk 0.00cvss epss 0.00

    "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing…

  • CVE-2022-39230Sep 23, 2022
    risk 0.00cvss epss 0.01

    fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information…

  • CVE-2021-43811Dec 8, 2021
    risk 0.00cvss epss 0.02

    Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in…

  • CVE-2021-41150Oct 19, 2021
    risk 0.00cvss epss 0.01

    Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem.…

  • CVE-2021-41149Oct 19, 2021
    risk 0.00cvss epss 0.01

    Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When…

  • CVE-2020-15093Jul 9, 2020
    risk 0.00cvss epss 0.01

    The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is…

  • CVE-2019-14652Feb 13, 2020
    risk 0.00cvss epss 0.01

    explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances.