Shodan
Vulnerabilities
Vulnerable Software
Amazon:  Security Vulnerabilities
CVE-2018-16526
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.
CVSS Score
8.1
EPSS Score
0.057
Published
2018-12-06
CVE-2018-16527
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-12-06
CVE-2018-16528
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.
CVSS Score
8.1
EPSS Score
0.028
Published
2018-12-06
CVE-2018-16598
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.
CVSS Score
5.9
EPSS Score
0.003
Published
2018-12-06
CVE-2018-16599
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-12-06
CVE-2018-16600
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-12-06
CVE-2018-19186
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-14
CVE-2018-19187
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-14
CVE-2018-19188
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-14
CVE-2018-19189
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved