ReportizFlow
Filtered by vendor Amazon
Subscriptions
Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10777 | 1 Amazon | 1 Aws Lambda | 2024-11-21 | 9.8 Critical |
| In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". | ||||
| CVE-2018-1169 | 1 Amazon | 1 Amazon Music | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521. | ||||
| CVE-2018-19981 | 1 Amazon | 1 Aws Software Development Kit | 2024-11-21 | N/A |
| Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms). | ||||
| CVE-2018-19190 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | ||||
| CVE-2018-19189 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | ||||
| CVE-2018-19188 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | ||||
| CVE-2018-19187 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | ||||
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | ||||
| CVE-2018-16603 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. | ||||
| CVE-2018-16602 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. | ||||
| CVE-2018-16601 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution. | ||||
| CVE-2018-16600 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure. | ||||
| CVE-2018-16599 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure. | ||||
| CVE-2018-16598 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request. | ||||
| CVE-2018-16528 | 1 Amazon | 1 Amazon Web Services Freertos | 2024-11-21 | N/A |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules. | ||||
| CVE-2018-16527 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | ||||
| CVE-2018-16526 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket. | ||||
| CVE-2018-16525 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply. | ||||
| CVE-2018-16524 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | ||||
| CVE-2018-16523 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. | ||||