Vulnerabilities > Amazon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-16 | CVE-2018-11019 | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash. | 7.5 |
| 2018-05-30 | CVE-2018-11567 | Session Fixation vulnerability in Amazon products Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. | 3.3 |
| 2018-03-02 | CVE-2018-1169 | Improper Input Validation vulnerability in Amazon Music 6.1.5.1213 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. | 8.8 |
| 2017-12-06 | CVE-2017-17069 | Untrusted Search Path vulnerability in Amazon Audible 2.34.0/2.44.1 ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | 7.8 |
| 2017-11-16 | CVE-2017-16867 | Unspecified vulnerability in Amazon KEY Firmware 20171116 Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. low complexity amazon | 6.5 |
| 2017-10-30 | CVE-2017-9450 | Improper Privilege Management vulnerability in Amazon web Services Cloudformation Bootstrap The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | 7.8 |
| 2017-04-10 | CVE-2015-7292 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amazon Fire OS Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv. | 9.8 |
| 2017-03-15 | CVE-2017-6189 | Untrusted Search Path vulnerability in Amazon Kindle for PC 1.17.44183/1.3.0.30884 Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer. | 7.3 |
| 2012-11-04 | CVE-2012-5817 | Improper Certificate Validation vulnerability in multiple products Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 7.4 |