Vulnerabilities (CVE)

Vendor filter

Amazon Subscribe

Filter

29 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-13120 1 Amazon 1 Freertos 2019-10-15 5.0
Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for...
CVE-2018-1169 1 Amazon 1 Amazon Music 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...
CVE-2018-16526 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-10-03 6.8
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer...
CVE-2018-16525 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-10-03 6.8
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer...
CVE-2018-16528 1 Amazon 1 Amazon Web Services Freertos 2019-02-01 6.8
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.
CVE-2018-11020 1 Amazon 1 Fire Os 2019-01-17 4.9
kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and...
CVE-2018-16522 1 Amazon 1 Amazon Web Services Freertos 2019-01-04 6.8
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
CVE-2018-16523 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-04 5.8
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
CVE-2018-16524 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-04 4.3
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.
CVE-2018-16527 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-04 4.3
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
CVE-2018-16598 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-04 4.3
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS...
CVE-2018-16599 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-04 4.3
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in...
CVE-2018-16600 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-03 4.3
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in...
CVE-2018-16601 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-03 6.8
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in...
CVE-2018-16602 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-03 4.3
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in...
CVE-2018-16603 1 Amazon 2 Amazon Web Services Freertos, Freertos 2019-01-03 4.3
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in...
CVE-2018-19187 1 Amazon 1 Payfort-php-sdk 2018-12-17 4.3
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
CVE-2018-19190 1 Amazon 2 Payfort, Payfort-php-sdk 2018-12-17 4.3
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter.
CVE-2018-19189 1 Amazon 2 Payfort, Payfort-php-sdk 2018-12-17 4.3
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.
CVE-2018-19186 1 Amazon 1 Payfort-php-sdk 2018-12-17 4.3
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.