Security Bulletin: NVIDIA SHIELD TV Software Security Updates for Multiple Vulnerabilities

NVIDIA SHIELD TV vulnerabilities may lead to code execution, denial of service, escalation of privileges, or information disclosure Go to NVIDIA Product Security. Vulnerability Details This section summarizes the potential vulnerabilities. Descriptions use CWE™ and risk assessments follow the CVS...

Authentication flaw

IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication effectofbypassingauthentication via unspecified vectors...

CVE-2018-12445

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

CVE-2017-15854

CVE-2017-15854 concerns a local vulnerability in Qualcomm WLAN firmware used on Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android). The issue arises when fix_param->num_chans from firmware is too large, causing an integer overflow in wma_radio_chan_stats_event_handler() for ...

CVE-2018-5138

A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab a browser panel inside another app and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note:...

CVE-2017-6292

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for...

CVE-2018-5846

CVE-2018-5846 affects the IPA driver in Android CAF (Android for MSM, Firefox OS for MSM, QRD Android) on Linux kernels. The issue is a Use-After-Free in the IPA driver that can occur when IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EM...

The vulnerability of the mechanism for handling errors during the establishment of SSL connections for Qualcomm’s Android operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the error handling mechanism for establishing SSL connections in Qualcomm’s Android operating system is related to improper error handling of errors returned by the RNG function. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality,...

Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly

Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly. Precisely, it's your device manufacturer Android OEMs actually who takes time to roll out security patches for your devices and...

CVE-2015-9191

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler...

CVE-2015-9156

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, when making a high speed Dual Carrier...

CVE-2015-9140

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD...

CVE-2014-10045

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow...

Cross site request forgery (csrf)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled buffers...

Cross site request forgery (csrf)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's...

Code injection

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD...

CVE-2015-9111

CVE-2015-9111 affects Android on Qualcomm Snapdragon devices (SD 425/430/450/625/650/52/820/820A) where a QTEE syscall handler could dereference an untrusted pointer. This could enable remote code execution with network access and no user interaction. The vulnerability is documented as affecting ...

CVE-2015-9206

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread ma...

CVE-2016-10423

Mode C: CVE-2016-10423 describes a vulnerability in Android where, on Qualcomm Snapdragon Automotive and Mobile platforms (SD 425/430/450/625/650/52/820/820A), a Trusted Application that has opened the SPI bus to a device can be read by another Trusted Application due to non-exclusive access. The...

CVE-2016-10428

CVE-2016-10428 affects Android devices with Qualcomm Snapdragon Automotive and Snapdragon Mobile (SD 425, 430, 450, 625, 650/52, 820, 820A). The issue is in the HMAC verification of a counter file, where an insecure memcmp may enable a timing attack. Public details from NVD reiterate this descrip...