Total
35 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5676 | 2 Microsoft, Nvidia | 3 Windows, Geforce Experience, Gpu Display Driver | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | |||||
CVE-2019-5674 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. | |||||
CVE-2018-6266 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | |||||
CVE-2018-6265 | 2 Microsoft, Nvidia | 2 Windows 7, Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser. | |||||
CVE-2018-6263 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges. | |||||
CVE-2018-6262 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 1.9 LOW | 2.5 LOW |
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure. | |||||
CVE-2018-6261 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access. | |||||
CVE-2018-6259 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 1.9 LOW | 2.5 LOW |
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible. | |||||
CVE-2018-6258 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information. | |||||
CVE-2018-6257 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. | |||||
CVE-2017-6250 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. | |||||
CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 29 Eos, Arubaos, Ubuntu Linux and 26 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | |||||
CVE-2017-0316 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. | |||||
CVE-2016-8827 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | |||||
CVE-2016-8812 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges. | |||||
CVE-2016-5852 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. | |||||
CVE-2016-4961 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. | |||||
CVE-2016-4960 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege. | |||||
CVE-2016-3161 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path. | |||||
CVE-2022-42292 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-02-04 | N/A | 7.8 HIGH |
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. |