Vulnerabilities > Amazon > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2019-18178 Use After Free vulnerability in Amazon Freertos+Fat 160919A
Real Time Engineers FreeRTOS+FAT 160919a has a use after free.
network
low complexity
amazon CWE-416
7.5
2019-10-07 CVE-2019-13120 Out-of-bounds Read vulnerability in Amazon web Services Freertos
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker.
network
low complexity
amazon CWE-125
7.5
2019-04-04 CVE-2018-19981 Cleartext Storage of Sensitive Information vulnerability in Amazon AWS Software Development KIT
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service.
network
low complexity
amazon CWE-312
7.2
2019-02-17 CVE-2019-7399 Origin Validation Error vulnerability in Amazon Fire OS
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
network
high complexity
amazon CWE-346
7.4
2018-12-06 CVE-2018-16601 Integer Underflow (Wrap or Wraparound) vulnerability in Amazon web Services Freertos and Freertos
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.
network
high complexity
amazon CWE-191
8.1
2018-12-06 CVE-2018-16528 Improper Input Validation vulnerability in Amazon web Services Freertos
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.
network
high complexity
amazon CWE-20
8.1
2018-12-06 CVE-2018-16526 Unspecified vulnerability in Amazon web Services Freertos and Freertos
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.
network
high complexity
amazon
8.1
2018-12-06 CVE-2018-16525 Unspecified vulnerability in Amazon web Services Freertos and Freertos
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.
network
high complexity
amazon
8.1
2018-12-06 CVE-2018-16523 Divide By Zero vulnerability in Amazon web Services Freertos and Freertos
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
network
high complexity
amazon CWE-369
7.4
2018-12-06 CVE-2018-16522 Access of Uninitialized Pointer vulnerability in Amazon web Services Freertos
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
network
high complexity
amazon CWE-824
8.1