Vulnerability-Lookup

CVE-2019-5682 (GCVE-0-2019-5682)

Vulnerability from cvelistv5 – Published: 2019-08-06 20:00 – Updated: 2024-08-04 20:01

Summary

Severity ?

No CVSS data available.

CWE

code execution, denial of service

Assigner

nvidia

References

URL

	Vendor	Product	Version
	NVIDIA	SHIELD TV	Affected: SHIELD Experience prior to 8.0

GSD-2019-5682

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5682

Aliases

CVE-2019-5682

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5682",
    "description": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.",
    "id": "GSD-2019-5682"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5682"
      ],
      "details": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.",
      "id": "GSD-2019-5682",
      "modified": "2023-12-13T01:23:55.466360Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2019-5682",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SHIELD TV",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SHIELD Experience prior to 8.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NVIDIA"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "code execution, denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804",
            "refsource": "CONFIRM",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2019-5682"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-08-06T20:15Z"
    }
  }
}

VAR-201908-0096

Vulnerability from variot - Updated: 2024-11-23 22:51

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. The NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. There is a security hole in the NVIDIA Shield TV Experience. An attacker could exploit the vulnerability to execute code or cause a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0096",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "shield experience",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "nvidia",
        "version": "8.0"
      },
      {
        "model": "shield tv experience",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "8.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:nvidia:shield_experience",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      }
    ]
  },
  "cve": "CVE-2019-5682",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-5682",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-28489",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-5682",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5682",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-5682",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-28489",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-444",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-5682",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5682"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. The NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. There is a security hole in the NVIDIA Shield TV Experience. An attacker could exploit the vulnerability to execute code or cause a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5682"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5682",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5682",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5682"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "id": "VAR-201908-0096",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      }
    ],
    "trust": 1.1625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:51:42.321000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Bulletin: NVIDIA SHIELD TV - August 2019",
        "trust": 0.8,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
      },
      {
        "title": "NVIDIA Shield TV Experience has an unexplained patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/176621"
      },
      {
        "title": "NVIDIA Shield TV Experience Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96181"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5682"
      },
      {
        "trust": 1.7,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5682"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5682"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5682"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "date": "2019-08-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5682"
      },
      {
        "date": "2019-08-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "date": "2019-08-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      },
      {
        "date": "2019-08-06T20:15:12.360000",
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-28489"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5682"
      },
      {
        "date": "2019-08-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      },
      {
        "date": "2024-11-21T04:45:20.357000",
        "db": "NVD",
        "id": "CVE-2019-5682"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA Shield TV Experience Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007529"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-444"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-28489

Vulnerability from cnvd - Published: 2019-08-22

Title

NVIDIA Shield TV Experience存在未明漏洞

Description

NVIDIA SHIELD TV娱乐主机是英伟达发布的一款客厅娱乐设备。 NVIDIA Shield TV Experience存在安全漏洞。攻击者可利用该漏洞执行代码或造成拒绝服务。

Severity

高

Patch Name

NVIDIA Shield TV Experience存在未明漏洞的补丁

Patch Description

NVIDIA SHIELD TV娱乐主机是英伟达发布的一款客厅娱乐设备。 NVIDIA Shield TV Experience存在安全漏洞。攻击者可利用该漏洞执行代码或造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://nvidia.custhelp.com/app/answers/detail/a_id/4804

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5682

Impacted products

Name
NVIDIA Shield TV Experience <8.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5682",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5682"
    }
  },
  "description": "NVIDIA SHIELD TV\u5a31\u4e50\u4e3b\u673a\u662f\u82f1\u4f1f\u8fbe\u53d1\u5e03\u7684\u4e00\u6b3e\u5ba2\u5385\u5a31\u4e50\u8bbe\u5907\u3002\n\nNVIDIA Shield TV Experience\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Leron Gray",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/4804",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-28489",
  "openTime": "2019-08-22",
  "patchDescription": "NVIDIA SHIELD TV\u5a31\u4e50\u4e3b\u673a\u662f\u82f1\u4f1f\u8fbe\u53d1\u5e03\u7684\u4e00\u6b3e\u5ba2\u5385\u5a31\u4e50\u8bbe\u5907\u3002\r\n\r\nNVIDIA Shield TV Experience\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA Shield TV Experience\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA Shield TV Experience \u003c8.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5682",
  "serverity": "\u9ad8",
  "submitTime": "2019-08-16",
  "title": "NVIDIA Shield TV Experience\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

GHSA-P7M7-C2RQ-36C6

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:34

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5682"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-06T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.",
  "id": "GHSA-p7m7-c2rq-36c6",
  "modified": "2024-04-04T01:34:10Z",
  "published": "2022-05-24T16:52:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5682"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-5682

Vulnerability from fkie_nvd - Published: 2019-08-06 20:15 - Updated: 2024-11-21 04:45

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/4804	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/4804	Vendor Advisory

Impacted products

Vendor	Product	Version
nvidia	shield_experience	*
google	android	8.0
google	android	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4913A5E8-2ED7-4AB4-838C-C6981B8FE787",
              "versionEndExcluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service."
    },
    {
      "lang": "es",
      "value": "Shield TV Experience de NVIDIA anterior a versi\u00f3n v8.0, contiene una vulnerabilidad en la aplicaci\u00f3n NVIDIA Games donde exporta inapropiadamente una Actividad pero no restringe apropiadamente qu\u00e9 aplicaciones pueden activar la Actividad, lo que puede conllevar a la ejecuci\u00f3n del c\u00f3digo o la denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2019-5682",
  "lastModified": "2024-11-21T04:45:20.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-06T20:15:12.360",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5682 (GCVE-0-2019-5682)

GSD-2019-5682

VAR-201908-0096

CNVD-2019-28489

GHSA-P7M7-C2RQ-36C6

FKIE_CVE-2019-5682

Tags

Sightings

Nomenclature