) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/o:amazon:fire_os:5.3.6.3
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-1385 |
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. Published: May 03, 2023; 9:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-1384 |
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. Published: May 03, 2023; 9:15:09 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-1383 |
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. Published: May 03, 2023; 8:16:44 AM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2019-7399 |
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. Published: February 16, 2019; 11:29:00 PM -0500 |
V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |