Vulnerabilities > Amazon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-06 | CVE-2018-16527 | Information Exposure vulnerability in Amazon web Services Freertos and Freertos Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | 5.9 |
| 2018-12-06 | CVE-2018-16524 | Information Exposure vulnerability in Amazon web Services Freertos and Freertos Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | 5.9 |
| 2018-11-14 | CVE-2018-19190 | Cross-site Scripting vulnerability in Amazon Payfort-PHP-Sdk 20180426 The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | 6.1 |
| 2018-11-14 | CVE-2018-19189 | Cross-site Scripting vulnerability in Amazon Payfort-PHP-Sdk 20180426 The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | 6.1 |
| 2018-11-14 | CVE-2018-19188 | Cross-site Scripting vulnerability in Amazon Payfort-PHP-Sdk 20180426 The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | 6.1 |
| 2018-11-14 | CVE-2018-19187 | Cross-site Scripting vulnerability in Amazon Payfort-PHP-Sdk 20180426 The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | 6.1 |
| 2018-11-14 | CVE-2018-19186 | Cross-site Scripting vulnerability in Amazon Payfort-PHP-Sdk 20180426 The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | 6.1 |
| 2018-10-16 | CVE-2018-11020 | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash. | 4.4 |
| 2017-11-16 | CVE-2017-16867 | Unspecified vulnerability in Amazon KEY Firmware 20171116 Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. low complexity amazon | 6.5 |