Filtered by vendor Bestbuy
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1384 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2024-08-02 | 4.3 Medium |
| The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2023-1385 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2024-08-02 | 7.1 High |
| Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. | ||||
| CVE-2023-1383 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2024-08-02 | 5.4 Medium |
| An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
Page 1 of 1.