CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-11022
https://notcve.org/view.php?id=CVE-2018-11022
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash. kernel/omap/drivers/misc/gcx/gcioctl/gcif.c en el componente kernel en Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 permite que los atacantes inyecten un argumento manipulado mediante el argumento de una llamada ioctl en el dispositivo /dev/gcioctl con el comando 3224132973 y provoquen el cierre inesperado del kernel. • https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 1CVE-2018-11567
https://notcve.org/view.php?id=CVE-2018-11567
Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range. NOTE: The vendor states "Customer trust is important to us and we take security and privacy seriously. • https://info.checkmarx.com/hubfs/Amazon_Echo_Research.pdf https://www.checkmarx.com/2018/04/25/eavesdropping-with-amazon-alexa https://www.wired.com/story/amazon-echo-alexa-skill-spying https://www.yahoo.com/news/amazon-alexa-bug-let-hackers-104609600.html • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-1169 – Amazon Music Player URI parsing Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-1169
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://www.securityfocus.com/bid/103215 https://zerodayinitiative.com/advisories/ZDI-18-215 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17572 – FS Amazon Clone 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17572
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. FS Amazon Clone 1.0 tiene una inyección SQL mediante el parámetro PATH_INFO en /VerAyari. • https://www.exploit-db.com/exploits/43259 https://packetstormsecurity.com/files/145303/FS-Amazon-Clone-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17069 – Amazon Audible DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-17069
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. ActiveSetupN.exe en Amazon Audible para Windows en versiones anteriores a noviembre de 2017 permite que atacantes ejecuten código DLL arbitrario si ActiveSetupN.exe se ejecuta desde un directorio en el que un atacante ya haya creado un archivo troyano dwmapi.dll. Amazon Audible suffers from a dll hijacking vulnerability. • http://www.securityfocus.com/bid/102044 https://packetstormsecurity.com/files/145202/Amazon-Audible-DLL-Hijacking.html https://twitter.com/LionHeartRoxx/status/936338288314540032 • CWE-426: Untrusted Search Path •