Every CVE whose affected-product data names Amazon Fire Os, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2015-7292 — CVSS 9.8 (critical): Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows…
CVE-2018-11019 — CVSS 7.5 (high): kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to…
CVE-2018-11021 — CVSS 7.5 (high): kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to…
CVE-2018-11022 — CVSS 7.5 (high): kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to…
CVE-2018-11023 — CVSS 7.5 (high): kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to…
CVE-2018-11024 — CVSS 7.5 (high): kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to…
CVE-2018-11025 — CVSS 7.5 (high): kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a…
CVE-2019-7399 — CVSS 7.4 (high): Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
CVE-2023-1385 — CVSS 7.1 (high): Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to…
CVE-2024-27350 — CVSS 5.9 (medium): Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections…
CVE-2023-1383 — CVSS 5.4 (medium): An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an…
CVE-2018-11020 — CVSS 4.4 (medium): kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a…
CVE-2023-1384 — CVSS 4.3 (medium): The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to…