Loading...
Loading...
Amazon Web Services security advisories.
56 advisories tracked · showing 56
CVE-2026-9291 - Insecure Deserialization in Amazon Braket SDK Job Results Processing
CVE-2026-9255 - Tool Execution Without Authorization via Piped Stdin in Kiro CLI
CVE-2026-9133 - Arbitrary file read in rabbitmq-aws plugin
CVE-2026-8838 - Remote Code Execution in amazon-redshift-python-driver
CVE-2026-8686 - Heap out-of-bounds read in coreMQTT MQTT5 property parsing
Issue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 & CVE-2026-8597)
Ongoing updates on Copy.fail and variants
Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
Dirty Frag and other issues in Amazon Linux kernels
CVE-2026-8178 - Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver
CVE-2026-31431
CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent
CVE-2026-7461 - OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
Issue with FreeRTOS-Plus-TCP - IPv6 Router Advertisement Memory Safety Issues
CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
Issue with FreeRTOS-Plus-TCP - MAC Address Validation Bypass and ICMP Echo Reply Integer Underflow
CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS
Issues in tough library and tuftool CLI utility
Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912
CVE-2026-6550 - Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python
CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver
CVE-2026-5747 - Out-of-bounds Write in Firecracker virtio-pci Transport
Issues with AWS Research and Engineering Studio (RES)
Issues with Amazon Athena ODBC Driver
CVE-2026-5429 - Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme
CVE-2026-5190 - AWS C Event Stream Streaming Decoder Stack Buffer Overflow
CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error
Arbitrary code execution via crafted project files in Kiro IDE
CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
CVE-2026-4270 - AWS API MCP File Access Restriction Bypass
MariaDB Server Audit Plugin Comment Handling Bypass
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Security Findings in SageMaker Python SDK
CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
Unanchored ACCOUNT_ID webhook filters for CodeBuild
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
Key Commitment Issues in S3 Encryption Clients
Overly Permissive Trust Policy in Harmonix on AWS EKS
CVE-2025-66478: RCE in React Server Components
Call audio termination issue in AWS Wickr desktop clients
Privilege Escalation in Aurora PostgreSQL using AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, AWS PGSQL ODBC driver
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to
Improper authentication token handling in the Amazon WorkSpaces client for Linux
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues
Buffer Over-read when receiving improperly sized ICMPv6 packets
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
IMDS impersonation
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Amazon Q Developer and Kiro – Prompt Injection Issues in Kiro and Q IDE plugins
CVE-2025-9039 - Issue with Amazon ECS agent introspection server
CVE-2025-8904 - Issue with Amazon EMR Secret Agent component
[Redirected] Memory Dump Issue in AWS CodeBuild
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam