Lucene search
K

4 matches found

CVE
CVE
added 2023/05/03 11:42 a.m.62 views

CVE-2023-1383

CVE-2023-1383 involves an improper enforcement of a behavioral workflow in the exchangeDeviceServices function of the amzn.dmgr service. Public documents specify affected devices: Amazon Fire TV Stick (3rd gen) before 6.2.9.5 and Insignia TV with FireOS before 7.6.3.3. The vulnerability enables a...

5.4CVSS4.6AI score0.00276EPSS
CVE
CVE
added 2019/02/17 4:0 a.m.52 views

CVE-2019-7399

Vulnerability summary (CVE-2019-7399) : FireOS up to version 5.3.6.3/4 contains a root-cause in the Settings/Terms of Use and Privacy pages where content is loaded without HTTPS. This allows a network-based attacker to perform a man-in-the-middle (MITM) attack to inject malicious content or exfil...

7.4CVSS7.4AI score0.00691EPSS
CVE
CVE
added 2023/05/03 12:10 p.m.45 views

CVE-2023-1384

The CVE-2023-1384 issue affects Amazon Fire TV Stick 3rd-gen devices (pre-6.2.9.5) and Insignia FireOS TVs (pre-7.6.3.3). The root cause is improper sanitization of the source parameter in the setMediaSource function of the amzn.thin.pl service, which can allow arbitrary JavaScript execution. Rem...

6.1CVSS6.4AI score0.0038EPSS
CVE
CVE
added 2023/05/03 12:33 p.m.42 views

CVE-2023-1385

CVE-2023-1385 describes an improper JPAKE implementation that allows offline PIN brute-forcing due to initializing random values to a known value, enabling unauthorized authentication to amzn.lightning services. Affected: Amazon Fire TV Stick 3rd gen before 6.2.9.5 and Insignia TV with FireOS 7.6...

8.8CVSS8.6AI score0.00332EPSS