Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:amazon:fire_os:3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-1385 |
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. Published: May 03, 2023; 9:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1384 |
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. Published: May 03, 2023; 9:15:09 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1383 |
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. Published: May 03, 2023; 8:16:44 AM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2019-7399 |
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. Published: February 16, 2019; 11:29:00 PM -0500 |
V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2015-7292 |
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv. Published: April 09, 2017; 11:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |