Vulnerabilities > Amazon > Fire OS > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-03 CVE-2023-1385 Unspecified vulnerability in Amazon Fire OS
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
low complexity
amazon
8.8
2019-02-17 CVE-2019-7399 Origin Validation Error vulnerability in Amazon Fire OS
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
network
high complexity
amazon CWE-346
7.4
2018-10-16 CVE-2018-11025 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5
2018-10-16 CVE-2018-11024 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5
2018-10-16 CVE-2018-11023 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5
2018-10-16 CVE-2018-11022 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5
2018-10-16 CVE-2018-11021 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5
2018-10-16 CVE-2018-11019 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5