48 matches found
EUVD-2015-7223
Malware in sbrugna...
EUVD-2019-16941
Malware in sbrugna...
EUVD-2023-23639
Malicious code in bioql PyPI...
EUVD-2023-23641
Malicious code in bioql PyPI...
EUVD-2023-23640
Malicious code in bioql PyPI...
CVE-2024-27350
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...
Amazon Fire TV YouTube Remote Control
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Amazon Fire TV YouTube Remote Control', 'Description' = %q This module acts as a simple remote control for the Amazon Fire TV's YouTube app. Test...
CVE-2024-27350
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...
Design/Logic Flaw
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...
CVE-2024-27350
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...
CVE-2024-27350
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...
CVE-2024-27350
Summary: Amazon Fire OS versions 7.x and 8.x suffer a local ADB exposure that allows Fire TV apps to establish local ADB connections. This requires enabling the non-default ADB Debugging option and approving the connection prompt. Affected versions: Fire OS 7.0.0–7.6.6.8 (fixed in 7.6.6.9 or late...
CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
CVE-2023-1384
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...
Code injection
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...
Input validation
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
CVE-2023-1385
CVE-2023-1385 describes an improper JPAKE implementation that allows offline PIN brute-forcing due to initializing random values to a known value, enabling unauthorized authentication to amzn.lightning services. Affected: Amazon Fire TV Stick 3rd gen before 6.2.9.5 and Insignia TV with FireOS 7.6...
CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
CVE-2023-1383
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with Fire...