Vulnerabilites related to nvidia - geforce_experience
cve-2020-5964
Vulnerability from cvelistv5
Published
2020-06-25 00:00
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5031 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5038 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver |
Version: All |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:47:40.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5038", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GPU Display Driver", vendor: "NVIDIA", versions: [ { status: "affected", version: "All", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "code execution or denial of service or information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-07T21:06:16", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5038", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2020-5964", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GPU Display Driver", version: { version_data: [ { version_value: "All", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution or denial of service or information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5038", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5038", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2020-5964", datePublished: "2020-06-25T00:00:18", dateReserved: "2020-01-07T00:00:00", dateUpdated: "2024-08-04T08:47:40.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6262
Vulnerability from cvelistv5
Published
2018-10-02 17:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4725 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.15 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.321Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.15", }, ], }, ], datePublic: "2018-09-27T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-02T16:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-09-27T00:00:00", ID: "CVE-2018-6262", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.15", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6262", datePublished: "2018-10-02T17:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-16T16:59:01.642Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23175
Vulnerability from cvelistv5
Published
2021-12-23 16:05
Modified
2024-08-03 19:05
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5295 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.24.0.126 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:05:55.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5295", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.24.0.126", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE:285 Improper Authorization", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T16:05:10", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5295", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2021-23175", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.24.0.126", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.", }, ], }, impact: { cvss: { baseScore: 8.2, baseSeverity: "High", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE:285 Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5295", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5295", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2021-23175", datePublished: "2021-12-23T16:05:10", dateReserved: "2021-12-09T00:00:00", dateUpdated: "2024-08-03T19:05:55.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5676
Vulnerability from cvelistv5
Published
2019-05-10 20:21
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4797 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/4806 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-27815 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/4841 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver |
Version: All |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GPU Display Driver", vendor: "NVIDIA", versions: [ { status: "affected", version: "All", }, ], }, ], datePublic: "2019-05-09T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.", }, ], problemTypes: [ { descriptions: [ { description: "escalation of privileges, code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-02T18:06:06", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5676", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GPU Display Driver", version: { version_data: [ { version_value: "All", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "escalation of privileges, code execution", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { name: "https://support.lenovo.com/us/en/product_security/LEN-27815", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5676", datePublished: "2019-05-10T20:21:18", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5977
Vulnerability from cvelistv5
Published
2020-10-23 17:35
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.20.5.70 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:47:40.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.20.5.70", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service, escalation of privileges, and information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-23T17:35:15", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2020-5977", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.20.5.70", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service, escalation of privileges, and information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2020-5977", datePublished: "2020-10-23T17:35:15", dateReserved: "2020-01-07T00:00:00", dateUpdated: "2024-08-04T08:47:40.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6258
Vulnerability from cvelistv5
Published
2018-08-31 21:00
Modified
2024-09-17 02:26
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | NVIDIA GeForce Experience |
Version: All versions prior to 3.14.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.304Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "All versions prior to 3.14.1", }, ], }, ], datePublic: "2018-08-30T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-31T20:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-08-30T00:00:00", ID: "CVE-2018-6258", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "All versions prior to 3.14.1", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6258", datePublished: "2018-08-31T21:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-17T02:26:31.877Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6257
Vulnerability from cvelistv5
Published
2018-08-31 21:00
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | NVIDIA GeForce Experience |
Version: All versions prior to 3.14.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.316Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "All versions prior to 3.14.1", }, ], }, ], datePublic: "2018-08-30T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-31T20:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-08-30T00:00:00", ID: "CVE-2018-6257", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "All versions prior to 3.14.1", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6257", datePublished: "2018-08-31T21:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-16T17:43:39.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5701
Vulnerability from cvelistv5
Published
2019-11-09 01:48
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | x_refsource_CONFIRM | |
| https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience |
Version: before 3.20.0.118 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.147Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "before 3.20.0.118", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service, information disclosure, or escalation of privileges through code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-18T19:03:15", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5701", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "before 3.20.0.118", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service, information disclosure, or escalation of privileges through code execution", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { name: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md", refsource: "MISC", url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5701", datePublished: "2019-11-09T01:48:50", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.147Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42292
Vulnerability from cvelistv5
Published
2023-02-07 02:31
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | GeForce Experience |
Version: All versions prior to 3.27.0.112 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:03:45.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.27.0.112", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.</span>\n\n", }, ], value: "\nNVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.\n\n", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Denial of Service, Data Tampering", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-12T01:45:42.615671Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2022-42292", datePublished: "2023-02-07T02:31:42.937Z", dateReserved: "2022-10-03T14:20:26.210Z", dateUpdated: "2024-08-03T13:03:45.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42291
Vulnerability from cvelistv5
Published
2023-02-07 02:16
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | GeForce Experience |
Version: All versions prior to 3.27.0.112 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:03:45.944Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.27.0.112", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.</span>\n\n", }, ], value: "\nNVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.\n\n", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Data Tampering", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1386", description: "CWE-1386: Insecure Operation on Windows Junction / Mount Point", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-07T02:16:07.803Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], source: { discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2022-42291", datePublished: "2023-02-07T02:16:07.803Z", dateReserved: "2022-10-03T14:20:26.210Z", dateUpdated: "2024-08-03T13:03:45.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4961
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:39.870Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93251", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Quadro, NVS, GeForce (all versions)", vendor: "n/a", versions: [ { status: "affected", version: "Quadro, NVS, GeForce (all versions)", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-13T17:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93251", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2016-4961", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Quadro, NVS, GeForce (all versions)", version: { version_data: [ { version_value: "Quadro, NVS, GeForce (all versions)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { name: "https://support.lenovo.com/us/en/product_security/ps500070", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", refsource: "BID", url: "http://www.securityfocus.com/bid/93251", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2016-4961", datePublished: "2016-11-08T20:37:00", dateReserved: "2016-05-23T00:00:00", dateUpdated: "2024-08-06T00:46:39.870Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14491
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 19:27
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:27:40.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039474", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039474", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { name: "101085", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101085", }, { name: "USN-3430-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { name: "101977", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101977", }, { name: "RHSA-2017:2838", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { name: "VU#973527", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { name: "GLSA-201710-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-27", }, { name: "RHSA-2017:2840", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { name: "USN-3430-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { name: "RHSA-2017:2839", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { name: "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { name: "RHSA-2017:2836", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { name: "RHSA-2017:2837", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { name: "42941", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/42941/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { name: "RHSA-2017:2841", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { name: "openSUSE-SU-2017:2633", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { name: "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { name: "FEDORA-2017-515264ae24", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { name: "FEDORA-2017-24f067299e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { name: "USN-3430-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { name: "SUSE-SU-2017:2619", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { name: "FEDORA-2017-7106a157f5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { name: "SUSE-SU-2017:2616", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { name: "SUSE-SU-2017:2617", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-02T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-08T11:42:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1039474", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039474", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { name: "101085", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101085", }, { name: "USN-3430-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { name: "101977", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101977", }, { name: "RHSA-2017:2838", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { name: "VU#973527", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { name: "GLSA-201710-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-27", }, { name: "RHSA-2017:2840", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { name: "USN-3430-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { name: "RHSA-2017:2839", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { name: "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { name: "RHSA-2017:2836", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { name: "RHSA-2017:2837", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { name: "42941", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/42941/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { name: "RHSA-2017:2841", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { name: "openSUSE-SU-2017:2633", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { tags: [ "x_refsource_MISC", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { name: "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { name: "FEDORA-2017-515264ae24", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { name: "FEDORA-2017-24f067299e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { name: "USN-3430-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { name: "SUSE-SU-2017:2619", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { name: "FEDORA-2017-7106a157f5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { name: "SUSE-SU-2017:2616", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { name: "SUSE-SU-2017:2617", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14491", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1039474", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039474", }, { name: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { name: "DSA-3989", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3989", }, { name: "https://access.redhat.com/security/vulnerabilities/3199382", refsource: "CONFIRM", url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { name: "101085", refsource: "BID", url: "http://www.securityfocus.com/bid/101085", }, { name: "USN-3430-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3430-1", }, { name: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", refsource: "CONFIRM", url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { name: "101977", refsource: "BID", url: "http://www.securityfocus.com/bid/101977", }, { name: "RHSA-2017:2838", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { name: "VU#973527", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/973527", }, { name: "GLSA-201710-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-27", }, { name: "RHSA-2017:2840", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { name: "USN-3430-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3430-2", }, { name: "RHSA-2017:2839", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { name: "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", refsource: "MLIST", url: "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html", }, { name: "RHSA-2017:2836", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { name: "RHSA-2017:2837", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { name: "42941", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/42941/", }, { name: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", refsource: "CONFIRM", url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { name: "RHSA-2017:2841", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { name: "openSUSE-SU-2017:2633", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { name: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", refsource: "MISC", url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { name: "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", refsource: "MLIST", url: "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { name: "FEDORA-2017-515264ae24", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { name: "FEDORA-2017-24f067299e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { name: "USN-3430-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3430-3", }, { name: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { name: "SUSE-SU-2017:2619", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { name: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", refsource: "CONFIRM", url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { name: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", refsource: "CONFIRM", url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { name: "FEDORA-2017-7106a157f5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { name: "SUSE-SU-2017:2616", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { name: "SUSE-SU-2017:2617", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { name: "DSA-3989", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-3989", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14491", datePublished: "2017-10-02T21:00:00", dateReserved: "2017-09-15T00:00:00", dateUpdated: "2024-08-05T19:27:40.755Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1073
Vulnerability from cvelistv5
Published
2021-06-25 19:25
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5199 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.23 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:55:18.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5199", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.23", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "denial of service, information disclosure, or data loss", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-13T11:12:55", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5199", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2021-1073", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.23", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, credit: [ { lang: "eng", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service, information disclosure, or data loss", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5199", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5199", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2021-1073", datePublished: "2021-06-25T19:25:10", dateReserved: "2020-11-12T00:00:00", dateUpdated: "2024-08-03T15:55:18.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5852
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:15:10.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93251", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Quadro, NVS, GeForce (all versions)", vendor: "n/a", versions: [ { status: "affected", version: "Quadro, NVS, GeForce (all versions)", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-13T17:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93251", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2016-5852", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Quadro, NVS, GeForce (all versions)", version: { version_data: [ { version_value: "Quadro, NVS, GeForce (all versions)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privileges", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { name: "https://support.lenovo.com/us/en/product_security/ps500070", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", refsource: "BID", url: "http://www.securityfocus.com/bid/93251", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2016-5852", datePublished: "2016-11-08T20:37:00", dateReserved: "2016-06-28T00:00:00", dateUpdated: "2024-08-06T01:15:10.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6261
Vulnerability from cvelistv5
Published
2018-10-02 17:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4725 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.15 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.15", }, ], }, ], datePublic: "2018-09-27T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.", }, ], problemTypes: [ { descriptions: [ { description: "Code execution, denial of service, or escalation of privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-02T16:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-09-27T00:00:00", ID: "CVE-2018-6261", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.15", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Code execution, denial of service, or escalation of privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6261", datePublished: "2018-10-02T17:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-17T02:06:44.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5702
Vulnerability from cvelistv5
Published
2019-12-24 21:05
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4954 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | GeForce Experience |
Version: All versions prior to 3.20.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4954", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.20.2", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service or escalation of privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-24T21:05:26", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4954", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5702", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "All versions prior to 3.20.2", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of service or escalation of privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4954", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4954", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5702", datePublished: "2019-12-24T21:05:26", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6250
Vulnerability from cvelistv5
Published
2017-04-28 21:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4459 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98393 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.x |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:48.881Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4459", }, { name: "98393", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98393", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.x", }, ], }, ], datePublic: "2017-04-28T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Violation of application execution policy and local code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-19T09:57:02", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4459", }, { name: "98393", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98393", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2017-6250", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.x", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Violation of application execution policy and local code execution", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4459", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4459", }, { name: "98393", refsource: "BID", url: "http://www.securityfocus.com/bid/98393", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2017-6250", datePublished: "2017-04-28T21:00:00", dateReserved: "2017-02-23T00:00:00", dateUpdated: "2024-08-05T15:25:48.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6266
Vulnerability from cvelistv5
Published
2018-11-27 18:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4740 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-25444 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.243Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.16", }, ], }, ], datePublic: "2018-11-19T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-04T18:06:07", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-11-19T00:00:00", ID: "CVE-2018-6266", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.16", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { name: "https://support.lenovo.com/us/en/product_security/LEN-25444", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6266", datePublished: "2018-11-27T18:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-16T22:45:56.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3161
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93251", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Quadro, NVS, GeForce (all versions)", vendor: "n/a", versions: [ { status: "affected", version: "Quadro, NVS, GeForce (all versions)", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-13T17:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93251", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2016-3161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Quadro, NVS, GeForce (all versions)", version: { version_data: [ { version_value: "Quadro, NVS, GeForce (all versions)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privileges", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { name: "https://support.lenovo.com/us/en/product_security/ps500070", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", refsource: "BID", url: "http://www.securityfocus.com/bid/93251", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2016-3161", datePublished: "2016-11-08T20:37:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:57.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6265
Vulnerability from cvelistv5
Published
2018-11-27 18:00
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4740 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-25444 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.16", }, ], }, ], datePublic: "2018-11-19T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-04T18:06:07", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-11-19T00:00:00", ID: "CVE-2018-6265", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.16", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { name: "https://support.lenovo.com/us/en/product_security/LEN-25444", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6265", datePublished: "2018-11-27T18:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-16T18:55:53.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5990
Vulnerability from cvelistv5
Published
2020-10-23 17:35
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.20.5.70 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:47:40.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.20.5.70", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service, escalation of privileges, and information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-23T17:35:16", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2020-5990", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.20.5.70", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service, escalation of privileges, and information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2020-5990", datePublished: "2020-10-23T17:35:16", dateReserved: "2020-01-07T00:00:00", dateUpdated: "2024-08-04T08:47:40.876Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1072
Vulnerability from cvelistv5
Published
2021-02-05 19:40
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:55:18.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.21", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T19:40:12", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2021-1072", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.21", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2021-1072", datePublished: "2021-02-05T19:40:12", dateReserved: "2020-11-12T00:00:00", dateUpdated: "2024-08-03T15:55:18.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5957
Vulnerability from cvelistv5
Published
2020-03-05 19:55
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4996 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver |
Version: ALL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:47:41.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GPU Display Driver", vendor: "NVIDIA", versions: [ { status: "affected", version: "ALL", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service or escalation of privileges.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-05T19:55:26", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2020-5957", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GPU Display Driver", version: { version_data: [ { version_value: "ALL", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service or escalation of privileges.", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", refsource: "MISC", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2020-5957", datePublished: "2020-03-05T19:55:26", dateReserved: "2020-01-07T00:00:00", dateUpdated: "2024-08-04T08:47:41.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6263
Vulnerability from cvelistv5
Published
2018-11-27 18:00
Modified
2024-09-17 02:00
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4740 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-25444 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.476Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.16", }, ], }, ], datePublic: "2018-11-19T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-04T18:06:07", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-11-19T00:00:00", ID: "CVE-2018-6263", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.16", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { name: "https://support.lenovo.com/us/en/product_security/LEN-25444", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6263", datePublished: "2018-11-27T18:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-17T02:00:32.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8812
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93986 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40660/ | exploit, x_refsource_EXPLOIT-DB | |
| http://nvidia.custhelp.com/app/answers/detail/a_id/4247 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Quadro, NVS, and GeForce (all versions) |
Version: Quadro, NVS, and GeForce (all versions) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:35:01.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93986", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93986", }, { name: "40660", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40660/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Quadro, NVS, and GeForce (all versions)", vendor: "n/a", versions: [ { status: "affected", version: "Quadro, NVS, and GeForce (all versions)", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-02T09:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { name: "93986", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93986", }, { name: "40660", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40660/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2016-8812", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Quadro, NVS, and GeForce (all versions)", version: { version_data: [ { version_value: "Quadro, NVS, and GeForce (all versions)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "93986", refsource: "BID", url: "http://www.securityfocus.com/bid/93986", }, { name: "40660", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40660/", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2016-8812", datePublished: "2016-11-08T20:37:00", dateReserved: "2016-10-18T00:00:00", dateUpdated: "2024-08-06T02:35:01.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4960
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:39.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93251", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Quadro, NVS, GeForce (all versions)", vendor: "n/a", versions: [ { status: "affected", version: "Quadro, NVS, GeForce (all versions)", }, ], }, ], datePublic: "2016-11-08T00:00:00", descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-13T17:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93251", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2016-4960", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Quadro, NVS, GeForce (all versions)", version: { version_data: [ { version_value: "Quadro, NVS, GeForce (all versions)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privileges", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { name: "https://support.lenovo.com/us/en/product_security/ps500070", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { name: "93251", refsource: "BID", url: "http://www.securityfocus.com/bid/93251", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2016-4960", datePublished: "2016-11-08T20:37:00", dateReserved: "2016-05-23T00:00:00", dateUpdated: "2024-08-06T00:46:39.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5958
Vulnerability from cvelistv5
Published
2020-03-11 21:14
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4996 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver |
Version: ALL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:47:41.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GPU Display Driver ", vendor: "NVIDIA", versions: [ { status: "affected", version: "ALL", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service or escalation of privileges.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T21:14:18", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2020-5958", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GPU Display Driver ", version: { version_data: [ { version_value: "ALL", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service or escalation of privileges.", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", refsource: "MISC", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2020-5958", datePublished: "2020-03-11T21:14:18", dateReserved: "2020-01-07T00:00:00", dateUpdated: "2024-08-04T08:47:41.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6259
Vulnerability from cvelistv5
Published
2018-08-31 21:00
Modified
2024-09-17 01:20
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | NVIDIA GeForce Experience |
Version: All versions prior to 3.14.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.184Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "All versions prior to 3.14.1", }, ], }, ], datePublic: "2018-08-30T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-31T20:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2018-08-30T00:00:00", ID: "CVE-2018-6259", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "All versions prior to 3.14.1", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2018-6259", datePublished: "2018-08-31T21:00:00Z", dateReserved: "2018-01-25T00:00:00", dateUpdated: "2024-09-17T01:20:55.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1079
Vulnerability from cvelistv5
Published
2021-04-20 14:20
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5184 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.22 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:55:18.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5184", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.22", }, ], }, ], credits: [ { lang: "en", value: "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service, or local privilege escalation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-15T14:03:56", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5184", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2021-1079", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.22", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, credit: [ { lang: "eng", value: "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service, or local privilege escalation", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5184", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5184", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2021-1079", datePublished: "2021-04-20T14:20:11", dateReserved: "2020-11-12T00:00:00", dateUpdated: "2024-08-03T15:55:18.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5678
Vulnerability from cvelistv5
Published
2019-05-31 21:12
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4806 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-27815 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience |
Version: 3.19 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.047Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "3.19", }, ], }, ], datePublic: "2019-05-30T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service, information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-19T03:06:04", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5678", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "3.19", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service, information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { name: "https://support.lenovo.com/us/en/product_security/LEN-27815", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5678", datePublished: "2019-05-31T21:12:01", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5978
Vulnerability from cvelistv5
Published
2020-10-23 17:35
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.20.5.70 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:47:41.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience Software", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.20.5.70", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service, escalation of privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-23T17:35:16", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2020-5978", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience Software", version: { version_data: [ { version_value: "All versions prior to 3.20.5.70", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service, escalation of privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2020-5978", datePublished: "2020-10-23T17:35:16", dateReserved: "2020-01-07T00:00:00", dateUpdated: "2024-08-04T08:47:41.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5674
Vulnerability from cvelistv5
Published
2019-03-28 14:09
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4784 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107621 | vdb-entry, x_refsource_BID | |
| http://support.lenovo.com/us/en/solutions/LEN-27096 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA Corporation | GeForce Experience |
Version: before 3.18 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.193Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", }, { name: "107621", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107621", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/solutions/LEN-27096", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "NVIDIA Corporation", versions: [ { status: "affected", version: "before 3.18", }, ], }, ], datePublic: "2019-03-26T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service, or escalation of privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-18T18:06:08", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", }, { name: "107621", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107621", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/solutions/LEN-27096", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5674", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "before 3.18", }, ], }, }, ], }, vendor_name: "NVIDIA Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service, or escalation of privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", }, { name: "107621", refsource: "BID", url: "http://www.securityfocus.com/bid/107621", }, { name: "http://support.lenovo.com/us/en/solutions/LEN-27096", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/solutions/LEN-27096", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5674", datePublished: "2019-03-28T14:09:11", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5689
Vulnerability from cvelistv5
Published
2019-11-09 01:37
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GeForce Experience |
Version: All versions prior to 3.20.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.20.1", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "code execution, denial of service, or information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-09T01:37:35", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5689", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "All versions prior to 3.20.1", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "code execution, denial of service, or information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5689", datePublished: "2019-11-09T01:37:35", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-0316
Vulnerability from cvelistv5
Published
2017-10-16 21:00
Modified
2024-09-16 19:21
Severity ?
EPSS score ?
Summary
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4560 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: 3.x |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:03:56.605Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "3.x", }, ], }, ], datePublic: "2017-10-16T00:00:00", descriptions: [ { lang: "en", value: "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service, Escalation of Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-16T20:57:01", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", DATE_PUBLIC: "2017-10-16T00:00:00", ID: "CVE-2017-0316", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "3.x", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service, Escalation of Privileges", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2017-0316", datePublished: "2017-10-16T21:00:00Z", dateReserved: "2016-11-23T00:00:00", dateUpdated: "2024-09-16T19:21:07.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8827
Vulnerability from cvelistv5
Published
2016-12-16 21:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94964 | vdb-entry, x_refsource_BID | |
| http://nvidia.custhelp.com/app/answers/detail/a_id/4279 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5033 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GeForce Experience |
Version: All |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:35:02.274Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94964", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94964", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4279", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5033", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GeForce Experience", vendor: "Nvidia Corporation", versions: [ { status: "affected", version: "All", }, ], }, ], datePublic: "2016-12-14T00:00:00", descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.", }, ], problemTypes: [ { descriptions: [ { description: "Directory Traversal", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-06T02:06:54", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { name: "94964", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94964", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4279", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5033", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2016-8827", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GeForce Experience", version: { version_data: [ { version_value: "All", }, ], }, }, ], }, vendor_name: "Nvidia Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Directory Traversal", }, ], }, ], }, references: { reference_data: [ { name: "94964", refsource: "BID", url: "http://www.securityfocus.com/bid/94964", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4279", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4279", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5033", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5033", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2016-8827", datePublished: "2016-12-16T21:00:00", dateReserved: "2016-10-18T00:00:00", dateUpdated: "2024-08-06T02:35:02.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5695
Vulnerability from cvelistv5
Published
2019-11-12 20:14
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4907 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | x_refsource_CONFIRM | |
| https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience |
Version: prior to 3.20.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.051Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "prior to 3.20.1", }, ], }, { product: "NVIDIA Windows GPU Display Driver", vendor: "NVIDIA", versions: [ { status: "affected", version: "all versions", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service or information disclosure through code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-18T18:28:04", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { tags: [ "x_refsource_MISC", ], url: "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@nvidia.com", ID: "CVE-2019-5695", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NVIDIA GeForce Experience", version: { version_data: [ { version_value: "prior to 3.20.1", }, ], }, }, { product_name: "NVIDIA Windows GPU Display Driver", version: { version_data: [ { version_value: "all versions", }, ], }, }, ], }, vendor_name: "NVIDIA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service or information disclosure through code execution", }, ], }, ], }, references: { reference_data: [ { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { name: "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", refsource: "MISC", url: "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2019-5695", datePublished: "2019-11-12T20:14:54", dateReserved: "2019-01-07T00:00:00", dateUpdated: "2024-08-04T20:01:52.051Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31611
Vulnerability from cvelistv5
Published
2023-02-07 02:22
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | GeForce Experience |
Version: All versions prior to 3.27.0.112 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:00.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "GeForce Experience", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to 3.27.0.112", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.</span>\n\n", }, ], value: "\nNVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.\n\n", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Code Execution, Denial of Service, Escalation of Privileges, Information Disclosure, Data Tampering", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427 Uncontrolled Search Path Element", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-07T02:22:19.812Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2022-31611", datePublished: "2023-02-07T02:22:19.812Z", dateReserved: "2022-05-24T16:39:32.002Z", dateUpdated: "2024-08-03T07:26:00.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-11-27 18:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "85994A15-E9D3-47D7-81D8-6FDE3A902232", versionEndExcluding: "3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 en Windows por la cual un atacante con acceso a la cuenta de usuario local puede colocar un DLL (Dynamic Link Library) malicioso durante la instalación de la aplicación, lo que podría conducir al escalado de privilegios.", }, ], id: "CVE-2018-6263", lastModified: "2024-11-21T04:10:24.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-27T18:29:02.157", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 16:15
Modified
2024-11-21 05:51
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "C7A425C6-BFF3-48C6-98F9-B5D72816584E", versionEndExcluding: "3.24.0.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad en la autorización de usuarios, en la que GameStream no aplica correctamente los controles de acceso individuales para los usuarios del mismo dispositivo, lo que, con la intervención del usuario, puede conllevar a una escalada de privilegios, divulgación de información, manipulación de datos y denegación de servicio, afectando a otros recursos más allá de la autoridad de seguridad prevista de GameStream", }, ], id: "CVE-2021-23175", lastModified: "2024-11-21T05:51:19.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T16:15:07.863", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5295", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2025-01-14 19:29
Severity ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", matchCriteriaId: "B85D7A28-8CBA-4D77-AD30-DB3CA49F2F98", versionEndIncluding: "2.77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", matchCriteriaId: "588D4F37-0A56-47A4-B710-4D5F3D214FB9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "7B21E9A8-CE63-42C2-A11A-94D977A96DF1", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", matchCriteriaId: "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*", matchCriteriaId: "58D3B6FD-B474-4B09-B644-A8634A629280", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", matchCriteriaId: "F892F1B0-514C-42F7-90AE-12ACDFDC1033", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", matchCriteriaId: "0FC411C9-9A8A-49D0-B704-2207674778CB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", matchCriteriaId: "B12243B2-D726-404C-ABFF-F1AB51BA1783", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", matchCriteriaId: "B2F3699A-38E4-4E9D-9414-411F71D9E371", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*", matchCriteriaId: "54DF7A22-DF8B-4272-8EC6-48173E8860B8", versionEndExcluding: "r21.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*", matchCriteriaId: "810B05A3-29CF-464F-9E63-8238AA0651AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*", matchCriteriaId: "22159717-67FD-4A10-9F65-4434FEC1F922", versionEndExcluding: "r24.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", matchCriteriaId: "86D1FDAD-C594-43D9-9BF6-F7461177AB91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "5454038C-F1F0-4061-8B5C-04A8CF1658C6", versionEndExcluding: "3.10.0.55", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF744446-5C60-4C66-BE6B-DD108487B46C", versionEndExcluding: "jimmy-al00ac00b135", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*", matchCriteriaId: "B543AF24-5D59-4A46-AC76-0EFF314E3D1A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "E861FF18-4E42-4092-81B6-0BB32679B2CF", versionEndIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DED50F-C1ED-43EB-9E63-B65F4F287F41", versionEndExcluding: "4.16.13m", versionStartIncluding: "4.16", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "B5F144E5-EFB1-47E7-A2D2-28DEE6045CF6", versionEndExcluding: "4.17.8m", versionStartIncluding: "4.17", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8F1A3AF8-D105-4F13-8921-D94DCC7DE1AF", versionEndIncluding: "4.18.4.2f", versionStartIncluding: "4.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63C108C5-0EF5-4C6D-8D83-ADB5EED24A6F", versionEndExcluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*", matchCriteriaId: "284DF779-D900-48B4-A177-7281CD445AB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E25B682B-83F5-4903-9138-16907DC7A859", versionEndExcluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", matchCriteriaId: "DFB9921A-5204-40A3-88AB-B7755F5C6875", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8B2D681-1FBF-4013-B223-9878F4F1DB27", versionEndExcluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", matchCriteriaId: "E917CBBB-EF41-4113-B0CA-EB91889235E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE55F796-FA73-4992-9826-57A00F77F6CA", versionEndExcluding: "6.5.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", matchCriteriaId: "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "CFE6B116-71BB-49BF-A5EF-4460D9089511", versionEndExcluding: "6.3.1.25", versionStartIncluding: "6.3.1", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "193354A0-B108-4CA4-A1C3-F5F23147A295", versionEndExcluding: "6.4.4.16", versionStartIncluding: "6.4.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "47D1AB4F-0922-49AF-9AE5-AEB4019E652C", versionEndExcluding: "6.5.1.9", versionStartIncluding: "6.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "8F5D03FA-CE4E-4888-88E2-384986A890BA", versionEndExcluding: "6.5.3.3", versionStartIncluding: "6.5.3.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "E39B25F2-C65B-457F-A36E-14FC8285A004", versionEndExcluding: "6.5.4.2", versionStartIncluding: "6.5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "00E53FE9-EA96-456A-B522-FC81DD0CCE3E", versionEndExcluding: "8.1.0.4", versionStartIncluding: "8.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*", matchCriteriaId: "46261C28-E276-4639-BA3D-A735B02599F8", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", matchCriteriaId: "01527614-8A68-48DC-B0A0-F4AA99489221", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "65372FA7-B54B-4298-99BF-483E9FEBA253", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "3D04EA1A-F8E0-415B-8786-1C8C0F08E132", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", }, { lang: "es", value: "Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada.", }, ], id: "CVE-2017-14491", lastModified: "2025-01-14T19:29:55.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-04T01:29:02.870", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { source: "cve@mitre.org", url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101085", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101977", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1039474", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42941/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { source: "cve@mitre.org", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { source: "cve@mitre.org", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101977", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1039474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42941/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "FAA8B08E-D1C4-4A49-9491-09DA503F0AE3", versionEndExcluding: "3.14.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.", }, { lang: "es", value: "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial durante la instalación de GameStream en la que un atacante que tenga acceso al sistema puede llevar a cabo un ataque Man-in-the-Middle (MitM) para obtener información sensible.", }, ], id: "CVE-2018-6258", lastModified: "2024-11-21T04:10:23.500", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T20:29:00.367", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "FAA8B08E-D1C4-4A49-9491-09DA503F0AE3", versionEndExcluding: "3.14.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.", }, { lang: "es", value: "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial cuando GameStream está habilitado, un atacante tiene acceso al sistema y ciertas funcionalidades del sistema están habilitadas, en la que podría ser posible una divulgación de información limitada.", }, ], id: "CVE-2018-6259", lastModified: "2024-11-21T04:10:23.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T20:29:00.493", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-27 18:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "85994A15-E9D3-47D7-81D8-6FDE3A902232", versionEndExcluding: "3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 en Windows por la cual un usuario local podría obtener parámetros de integración de terceros, lo que podría conducir a una divulgación de información.", }, ], id: "CVE-2018-6266", lastModified: "2024-11-21T04:10:24.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-27T18:29:02.233", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-09 02:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md | Third Party Advisory | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "86CE60CF-70D1-4715-9FCD-06705DD82690", versionEndExcluding: "3.20.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.", }, { lang: "es", value: "NVIDIA GeForce Experience, todas las versiones anteriores a la versión 3.20.0.118, contiene una vulnerabilidad cuando GameStream está habilitado en el que un atacante con acceso al sistema local puede cargar las DLL del controlador de gráficos Intel sin validar la ruta o la firma (también conocida como plantación binaria o precarga de DLL ataque), que puede conducir a la denegación de servicio, divulgación de información o escalada de privilegios a través de la ejecución del código.", }, ], id: "CVE-2019-5701", lastModified: "2024-11-21T04:45:22.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-09T02:15:12.083", references: [ { source: "psirt@nvidia.com", tags: [ "Third Party Advisory", ], url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md", }, { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-23 18:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "3F546EAF-141A-4671-AF50-F7B902F016F2", versionEndExcluding: "3.20.5.70", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.", }, { lang: "es", value: "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en NVIDIA Web Helper NodeJS Web Server en la que es usada una ruta de búsqueda no controlada para cargar un módulo de nodo, lo que puede conllevar a una ejecución de código, una denegación de servicio, una escalada de privilegios y una divulgación de información", }, ], id: "CVE-2020-5977", lastModified: "2024-11-21T05:34:56.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-23T18:15:16.450", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-20 16:15
Modified
2024-11-21 05:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "C8DB3F6E-CB0B-452F-A870-70C771D4471C", versionEndExcluding: "3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.", }, { lang: "es", value: "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.22, contiene una vulnerabilidad en los plugins GameStream en la que los archivos de registro se crean utilizando permisos de nivel NT/System, lo que puede conducir a la ejecución de código, la denegación de servicio o la escalada de privilegios local. El atacante no tiene control sobre la consecuencia de una modificación ni podría filtrar información como resultado directo de la sobreescritura", }, ], id: "CVE-2021-1079", lastModified: "2024-11-21T05:43:33.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-20T16:15:10.260", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5184", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-05 20:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro | - | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "398C6C71-66C1-4042-9C8B-99B0D9269498", versionEndExcluding: "392.59", versionStartIncluding: "390", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54A8E8DF-D2F6-4F6F-9FDB-3C0B4810303C", versionEndExcluding: "426.50", versionStartIncluding: "418", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A860C36-DCAD-480B-84F4-E3B01089281F", versionEndExcluding: "432.28", versionStartIncluding: "430", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D7563EB9-444F-4651-B822-8B8EAE0CC479", versionEndExcluding: "442.50", versionStartIncluding: "440", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*", matchCriteriaId: "B56258A7-E289-426E-B8D1-309CCB54E893", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "103F9C50-3CB0-427D-832F-7ABCC2BC5E10", versionEndExcluding: "442.50", versionStartIncluding: "440", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3F857E7D-4FB7-4619-8038-20E92519AF40", versionEndExcluding: "440.33.01", versionStartIncluding: "440", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", matchCriteriaId: "75C6DE26-88F2-428E-B761-754BD027E015", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.", }, { lang: "es", value: "NVIDIA Windows GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el componente NVIDIA Control Panel en la cual un atacante con acceso al sistema local puede corromper un archivo del sistema, lo que puede conllevar a una denegación del servicio o una escalada de privilegios.", }, ], id: "CVE-2020-5957", lastModified: "2024-11-21T05:34:54.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-05T20:15:11.783", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-16 21:29
Modified
2024-11-21 03:02
Severity ?
Summary
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://nvidia.custhelp.com/app/answers/detail/a_id/4560 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://nvidia.custhelp.com/app/answers/detail/a_id/4560 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "5454038C-F1F0-4061-8B5C-04A8CF1658C6", versionEndExcluding: "3.10.0.55", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.", }, { lang: "es", value: "En GeForce Experience (GFE) en versiones 3.x anteriores a la 3.10.0.55, NVIDIA Installer Framework contiene una vulnerabilidad en NVISystemService64 donde un valor pasado desde un usuario al controlador se usa sin validación, lo que podría conducir a una denegación de servicio o una posible escalada de privilegios.", }, ], id: "CVE-2017-0316", lastModified: "2024-11-21T03:02:45.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-16T21:29:00.213", references: [ { source: "psirt@nvidia.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-09 02:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "3627005A-4CB9-4881-AB6C-F2145AA138DC", versionEndExcluding: "3.20.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.", }, { lang: "es", value: "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.1, contiene una vulnerabilidad en el componente Downloader en el que un usuario con acceso al sistema local puede diseñar entradas que pueden permitir que archivos maliciosos sean descargados y guardados. Este comportamiento puede conducir a una ejecución de código, denegación de servicio o divulgación de información.", }, ], id: "CVE-2019-5689", lastModified: "2024-11-21T04:45:21.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-09T02:15:11.537", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:53
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "F36E098A-0BCE-41CF-8AF6-3C32E18C8256", versionEndIncluding: "-", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*", matchCriteriaId: "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*", matchCriteriaId: "26641568-53CE-4606-B2CA-C25A97795A50", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*", matchCriteriaId: "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*", matchCriteriaId: "05A831E4-1119-45F0-B9A0-4D948ECD47E6", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*", matchCriteriaId: "1F50D6AC-3D1E-4E54-8422-B717456F6257", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*", matchCriteriaId: "03CBD29C-A606-45DE-B2FB-8572B986A4F0", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*", matchCriteriaId: "44BF5DC1-4609-4F34-9511-785F7B119ADE", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*", matchCriteriaId: "3724F083-A7FC-4069-AC35-FB8AA08B6CCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*", matchCriteriaId: "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*", matchCriteriaId: "A2C9365F-B4A5-4EA2-917B-2F07457017EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*", matchCriteriaId: "D835EE77-6031-40D6-8305-F962F42E7018", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*", matchCriteriaId: "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*", matchCriteriaId: "E884CEDD-CAA5-489D-A526-B628BB3DE460", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3455DE-4408-4603-86B2-5ECE76ED459C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*", matchCriteriaId: "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*", matchCriteriaId: "3EAB33B6-E270-4C11-8E57-2BE127C86134", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*", matchCriteriaId: "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*", matchCriteriaId: "2B376C04-8A35-42E7-8937-1A466E89639A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*", matchCriteriaId: "F13EE983-724F-472B-BCF5-B416D1DF27E1", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*", matchCriteriaId: "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*", matchCriteriaId: "41B48700-10AB-4194-94BC-D0F177D0B56A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*", matchCriteriaId: "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*", matchCriteriaId: "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*", matchCriteriaId: "3896B47E-8787-45D2-96B3-BF4892780F35", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*", matchCriteriaId: "316C9573-7C7D-4429-8563-B74FD752AC51", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*", matchCriteriaId: "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*", matchCriteriaId: "76ABA317-6621-4D57-874F-307451EC9C2E", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*", matchCriteriaId: "477D72B5-A3EA-440A-B495-8A09E8564E8D", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*", matchCriteriaId: "E707A80B-6482-47DD-8BF3-6E58BC2C697A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*", matchCriteriaId: "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*", matchCriteriaId: "ED233BC3-6982-41E1-9205-5159C17A4A56", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*", matchCriteriaId: "7C186F38-89C7-4616-A424-201804F842C9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*", matchCriteriaId: "60176B23-2751-4415-A0D3-DF1BE640F6C3", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*", matchCriteriaId: "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.", }, { lang: "es", value: "Para los productos NVIDIA Quadro, NVS y GeForce, desinfección inadecuada de los parámetros en la capa de la API NVStreamKMS.sys provoca una vulnerabilidad de denegación de servicio (caída de pantalla azul) dentro de los controladores de gráficos de NVIDIA Windows.", }, ], id: "CVE-2016-4961", lastModified: "2024-11-21T02:53:18.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-08T20:59:03.583", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "psirt@nvidia.com", url: "http://www.securityfocus.com/bid/93251", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-05 20:15
Modified
2024-11-21 05:43
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "91402050-426D-45B6-9A40-A4ABBD3B66EA", versionEndExcluding: "3.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.", }, { lang: "es", value: "NVIDIA GeForce Experience, en todas las versiones anteriores a 3.21, contiene una vulnerabilidad en GameStream (la biblioteca rxdiag.dll) en la que un borrado arbitrario de archivos debido a una gestión inapropiada de los archivos de registro puede conllevar a una denegación de servicio", }, ], id: "CVE-2021-1072", lastModified: "2024-11-21T05:43:32.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-05T20:15:13.293", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:53
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:-:*:*:*:*:*:*:*", matchCriteriaId: "4DC7A2F9-5F65-4203-B171-6109E61B5F2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*", matchCriteriaId: "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*", matchCriteriaId: "26641568-53CE-4606-B2CA-C25A97795A50", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*", matchCriteriaId: "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*", matchCriteriaId: "05A831E4-1119-45F0-B9A0-4D948ECD47E6", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*", matchCriteriaId: "1F50D6AC-3D1E-4E54-8422-B717456F6257", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*", matchCriteriaId: "03CBD29C-A606-45DE-B2FB-8572B986A4F0", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*", matchCriteriaId: "44BF5DC1-4609-4F34-9511-785F7B119ADE", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*", matchCriteriaId: "3724F083-A7FC-4069-AC35-FB8AA08B6CCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*", matchCriteriaId: "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*", matchCriteriaId: "A2C9365F-B4A5-4EA2-917B-2F07457017EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*", matchCriteriaId: "D835EE77-6031-40D6-8305-F962F42E7018", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*", matchCriteriaId: "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*", matchCriteriaId: "E884CEDD-CAA5-489D-A526-B628BB3DE460", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3455DE-4408-4603-86B2-5ECE76ED459C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*", matchCriteriaId: "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*", matchCriteriaId: "3EAB33B6-E270-4C11-8E57-2BE127C86134", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*", matchCriteriaId: "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*", matchCriteriaId: "2B376C04-8A35-42E7-8937-1A466E89639A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*", matchCriteriaId: "F13EE983-724F-472B-BCF5-B416D1DF27E1", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*", matchCriteriaId: "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*", matchCriteriaId: "41B48700-10AB-4194-94BC-D0F177D0B56A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*", matchCriteriaId: "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*", matchCriteriaId: "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*", matchCriteriaId: "3896B47E-8787-45D2-96B3-BF4892780F35", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*", matchCriteriaId: "316C9573-7C7D-4429-8563-B74FD752AC51", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*", matchCriteriaId: "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*", matchCriteriaId: "76ABA317-6621-4D57-874F-307451EC9C2E", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*", matchCriteriaId: "477D72B5-A3EA-440A-B495-8A09E8564E8D", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*", matchCriteriaId: "E707A80B-6482-47DD-8BF3-6E58BC2C697A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*", matchCriteriaId: "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*", matchCriteriaId: "ED233BC3-6982-41E1-9205-5159C17A4A56", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*", matchCriteriaId: "7C186F38-89C7-4616-A424-201804F842C9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*", matchCriteriaId: "60176B23-2751-4415-A0D3-DF1BE640F6C3", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*", matchCriteriaId: "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.", }, { lang: "es", value: "Para los productos NVIDIA Quadro, NVS y GeForce, el componente de servicio NVIDIA NVStreamKMS.sys está validando incorrectamente los datos suministrados por el usuario a través de sus puntos de entrada de la API lo que causa una elevación de privilegios.", }, ], id: "CVE-2016-4960", lastModified: "2024-11-21T02:53:18.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-08T20:59:02.567", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "psirt@nvidia.com", url: "http://www.securityfocus.com/bid/93251", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "FAA8B08E-D1C4-4A49-9491-09DA503F0AE3", versionEndExcluding: "3.14.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.", }, { lang: "es", value: "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial cuando GameStream está habilitado, donde un control de acceso incorrecto podría conducir a una denegación de servicio (DoS), escalado de privilegios o ambos.", }, ], id: "CVE-2018-6257", lastModified: "2024-11-21T04:10:23.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T20:29:00.227", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-07 03:15
Modified
2024-11-21 07:24
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4E85F1-21B1-45B8-88FC-5A4BB22DD16F", versionEndExcluding: "3.27.0.112", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nNVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.\n\n", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad en el instalador, donde un usuario que instala el software NVIDIA GeForce Experience puede eliminar datos de una ubicación vinculada sin darse cuenta, lo que puede provocar manipulación de datos. Un atacante no tiene control explícito sobre la explotación de esta vulnerabilidad, lo que requiere que el usuario inicie explícitamente el instalador desde el directorio comprometido.", }, ], id: "CVE-2022-42291", lastModified: "2024-11-21T07:24:41.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.8, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-07T03:15:08.627", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1386", }, ], source: "psirt@nvidia.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-28 15:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://support.lenovo.com/us/en/solutions/LEN-27096 | ||
| psirt@nvidia.com | http://www.securityfocus.com/bid/107621 | Third Party Advisory, VDB Entry | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4784 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lenovo.com/us/en/solutions/LEN-27096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107621 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4784 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "0FCB6F21-7822-4CEE-96F5-F8712D2E1F2A", versionEndExcluding: "3.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.", }, { lang: "es", value: "NVIDIA GeForce Experience, en versiones anteriores a la 3.18, contiene una vulnerabilidad cuando ShadowPlay o GameStream está habilitado. Cuando un atacante tiene acceso al sistema y crea un enlace físico, el software no comprueba si se han sufrido ataques de enlace físico. Este comportamiento puede conducir a una ejecución de código, denegación de servicio (DoS) o escalado de privilegios.", }, ], id: "CVE-2019-5674", lastModified: "2024-11-21T04:45:19.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-28T15:29:00.467", references: [ { source: "psirt@nvidia.com", url: "http://support.lenovo.com/us/en/solutions/LEN-27096", }, { source: "psirt@nvidia.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107621", }, { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.lenovo.com/us/en/solutions/LEN-27096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-07 03:15
Modified
2024-11-21 07:04
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4E85F1-21B1-45B8-88FC-5A4BB22DD16F", versionEndExcluding: "3.27.0.112", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nNVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.\n\n", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad de uncontrolled search path en todos sus instaladores de clientes, donde un atacante con privilegios de nivel de usuario puede hacer que el instalador cargue una DLL arbitraria cuando se inicia. Una explotación exitosa de esta vulnerabilidad podría conducir a una escalada de privilegios y ejecución de código.", }, ], id: "CVE-2022-31611", lastModified: "2024-11-21T07:04:50.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 5.5, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-07T03:15:08.490", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "psirt@nvidia.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-25 00:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro | - | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla | - | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs | - | |
| nvidia | geforce_firmware | * | |
| nvidia | geforce | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2F3BB4C3-E77E-4841-A436-E9033FEE5011", versionEndExcluding: "392.61", versionStartIncluding: "390", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "021A11A4-23AE-4C5F-A3F0-357481BC1C91", versionEndExcluding: "426.78", versionStartIncluding: "418", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E9195AEC-3EB3-4991-947B-E68817B8902A", versionEndExcluding: "443.18", versionStartIncluding: "440", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FCA19971-9415-4D00-9090-21788E753CEE", versionEndExcluding: "451.48", versionStartIncluding: "450", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*", matchCriteriaId: "B56258A7-E289-426E-B8D1-309CCB54E893", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11F4D2B-A251-4D15-9902-9E2AB23C58D5", versionEndExcluding: "426.78", versionStartIncluding: "418", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA8EEDE5-CF37-4CC3-B556-EA329027CC4C", versionEndExcluding: "443.18", versionStartIncluding: "440", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6A65412-DD0C-410A-AFFA-3A7774053B5A", versionEndExcluding: "451.48", versionStartIncluding: "450", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", matchCriteriaId: "75C6DE26-88F2-428E-B761-754BD027E015", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "AFF79957-D4AF-4CCD-8F55-7CA9829FD0B1", versionEndExcluding: "3.20.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8E71ACEF-7A5B-4C77-81A5-539BB4D86E47", versionEndExcluding: "392.61", versionStartIncluding: "390", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A611598-0D67-49A8-B6A5-87EE823E2619", versionEndExcluding: "426.78", versionStartIncluding: "418", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F0E734-BA49-4119-998C-142860430AB4", versionEndExcluding: "443.18", versionStartIncluding: "440", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40537521-3B8D-4B2D-94D5-B79C219D7BF6", versionEndExcluding: "451.48", versionStartIncluding: "450", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:nvs:-:*:*:*:*:*:*:*", matchCriteriaId: "C60D8825-B4F5-47DC-ACC3-137D6FC5F12F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:geforce_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8472A4C6-922C-44F5-AF22-1BD3F45E70CA", versionEndExcluding: "451.48", versionStartIncluding: "450", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", matchCriteriaId: "6B30520A-D378-4CC8-812D-3B443740D6E3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.", }, { lang: "es", value: "NVIDIA Windows GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el componente service host, en el que se puede pasar por alto la comprobación de integridad de los recursos de la aplicación. Tal ataque puede conllevar a una ejecución de código, denegación de servicio o divulgación de información", }, ], id: "CVE-2020-5964", lastModified: "2024-11-21T05:34:54.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-25T00:15:10.383", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", }, { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5038", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-02 17:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "04A13DFB-C0D1-40AE-97E7-49FF71FD84FD", versionEndExcluding: "3.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.", }, { lang: "es", value: "NVIDIA GeForce Experience en versiones anteriores a la 3.15 contiene una vulnerabilidad cuando GameStream está habilitado, lo que asigna permisos incorrectos en un archivo. Esto podría conducir a la ejecución de código, denegación de servicio (DoS) o escalado de privilegios por parte de usuarios con acceso al sistema.", }, ], id: "CVE-2018-6261", lastModified: "2024-11-21T04:10:23.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-02T17:29:00.297", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-10 21:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | gpu_display_driver | * | |
| nvidia | gpu_display_driver | * | |
| nvidia | gpu_display_driver | * | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", matchCriteriaId: "46442A04-15FD-42DA-B82C-3A0450868F1D", versionEndExcluding: "412.36", versionStartIncluding: "410", vulnerable: true, }, { criteria: "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", matchCriteriaId: "66D3718F-174C-4D4C-B8AD-ACFB1A667787", versionEndExcluding: "425.51", versionStartIncluding: "418", vulnerable: true, }, { criteria: "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", matchCriteriaId: "CD2E6016-FD91-4BCC-AA68-8C344F5319C8", versionEndExcluding: "430.64", versionStartIncluding: "430", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "A7583B2E-0C11-4D18-9E89-85EFD88C81CF", versionEndExcluding: "3.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.", }, { lang: "es", value: "El software controlador de la GPU NVIDIA Windows Display para Windows (todas las versiones) contiene una vulnerabilidad en la que carga incorrectamente las DLL del sistema Windows sin validar la ruta o la firma (también conocido como ataque de colocación de binarios o ataque de precarga de DLL), lo que provoca una escalada de privilegios a través de la ejecución de código.", }, ], id: "CVE-2019-5676", lastModified: "2024-11-21T04:45:19.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-10T21:29:00.583", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", }, { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", }, { source: "psirt@nvidia.com", tags: [ "Third Party Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-23 18:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "3F546EAF-141A-4671-AF50-F7B902F016F2", versionEndExcluding: "3.20.5.70", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.", }, { lang: "es", value: "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en sus servicios en que es creada una carpeta mediante el archivo nvcontainer.exe bajo el acceso de usuario normal con privilegios LOCAL_SYSTEM, lo que puede conllevar a una denegación de servicio o a una escalada de privilegios", }, ], id: "CVE-2020-5978", lastModified: "2024-11-21T05:34:56.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-23T18:15:16.997", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-25 20:15
Modified
2024-11-21 05:43
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "82885F19-70A7-438B-B540-5BEF9BCB8E6D", versionEndExcluding: "3.23", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.", }, { lang: "es", value: "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.23, contiene una vulnerabilidad en el flujo de inicio de sesión cuando un usuario intenta iniciar la sesión utilizando un navegador, mientras, al mismo tiempo, se carga cualquier otra página web en otras pestañas del mismo navegador. En esta situación, la página web puede obtener acceso al token de la sesión de inicio de sesión del usuario, lo que conlleva la posibilidad de que la cuenta del usuario se vea comprometida. Esto puede llevar a que se acceda a los datos del usuario objetivo, se alteren o se pierdan", }, ], id: "CVE-2021-1073", lastModified: "2024-11-21T05:43:32.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-25T20:15:08.190", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5199", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5199", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-12 21:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| nvidia | gpu_driver | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "3627005A-4CB9-4881-AB6C-F2145AA138DC", versionEndExcluding: "3.20.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "18C44215-3940-4A5C-BC6F-0F0E4B7A91DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.", }, { lang: "es", value: "NVIDIA GeForce Experience (versiones anteriores a 3.20.1) y Windows GPU Display Driver (todas las versiones), contienen una vulnerabilidad en el componente del proveedor de servicios local en la que un atacante con sistema local y acceso privilegiado puede cargar incorrectamente las DLL del sistema Windows sin comprobar la ruta o la firma (también se conoce como ataque de siembra binaria o de precarga de DLL), lo que puede conllevar a una denegación de servicio o una divulgación de información por medio de una ejecución de código.", }, ], id: "CVE-2019-5695", lastModified: "2024-11-21T04:45:21.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-12T21:15:12.037", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", }, { source: "psirt@nvidia.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-16 21:59
Modified
2024-11-21 03:00
Severity ?
Summary
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://nvidia.custhelp.com/app/answers/detail/a_id/4279 | Vendor Advisory | |
| psirt@nvidia.com | http://www.securityfocus.com/bid/94964 | Third Party Advisory, VDB Entry | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5033 | Vendor Advisory | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://nvidia.custhelp.com/app/answers/detail/a_id/4279 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94964 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5033 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACE3256-2032-4E8C-B688-FBC8AE6AFB67", versionEndExcluding: "3.1.0.52", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.", }, { lang: "es", value: "NVIDIA GeForce Experience 3.x en versiones anteriores a GFE 3.1.0.52 contiene una vulnerabilidad en NVIDIA Web Helper.exe donde el punto final de una web local API, /VisualOPS/v.1.0./, carece de accesos de control apropiados y parámetros de validación, permitiendo divulgación de información a través de un ataque de salto de directorio.", }, ], id: "CVE-2016-8827", lastModified: "2024-11-21T03:00:10.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-16T21:59:00.707", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4279", }, { source: "psirt@nvidia.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94964", }, { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5033", }, { source: "psirt@nvidia.com", tags: [ "Not Applicable", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94964", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5155", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2024-11-21 07:24
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4E85F1-21B1-45B8-88FC-5A4BB22DD16F", versionEndExcluding: "3.27.0.112", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nNVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.\n\n", }, ], id: "CVE-2022-42292", lastModified: "2024-11-21T07:24:41.237", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 4.2, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-12T04:15:15.753", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5384", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "psirt@nvidia.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-31 22:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "A7583B2E-0C11-4D18-9E89-85EFD88C81CF", versionEndExcluding: "3.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.", }, { lang: "es", value: "NVIDIA GeForce Experience versiones anteriores a 3.19 contiene una vulnerabilidad en el componente Web Helper, en la que un atacante con acceso al sistema local puede crear una entrada que puede no estar validada apropiadamente. Dicho ataque puede conllevar a la ejecución de código, la Denegación de Servicio (DoS) o la Divulgación de Información.", }, ], id: "CVE-2019-5678", lastModified: "2024-11-21T04:45:19.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-31T22:29:01.270", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/LEN-27815", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-02 17:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "04A13DFB-C0D1-40AE-97E7-49FF71FD84FD", versionEndExcluding: "3.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.", }, { lang: "es", value: "NVIDIA GeForce Experience en versiones anteriores a la 3.15 contiene una vulnerabilidad cuando GameStream está habilitado, lo que hace que información limitada sensible del usuario esté disponible a usuarios con acceso al sistema. Esto podría conducir a una divulgación de información.", }, ], id: "CVE-2018-6262", lastModified: "2024-11-21T04:10:24.003", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-02T17:29:00.423", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-28 21:59
Modified
2024-11-21 03:29
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "F63050F7-B1D4-4645-A3A8-7CC776FC978D", versionEndIncluding: "gfe_3.6.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad en NVIDIA Web Helper.exe, donde la ejecución de un script no confiable puede llevar a la violación de la política de ejecución de aplicaciones y a la ejecución de código local.", }, ], id: "CVE-2017-6250", lastModified: "2024-11-21T03:29:19.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-28T21:59:00.153", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4459", }, { source: "psirt@nvidia.com", url: "http://www.securityfocus.com/bid/98393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/98393", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "F36E098A-0BCE-41CF-8AF6-3C32E18C8256", versionEndIncluding: "-", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*", matchCriteriaId: "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*", matchCriteriaId: "26641568-53CE-4606-B2CA-C25A97795A50", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*", matchCriteriaId: "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*", matchCriteriaId: "05A831E4-1119-45F0-B9A0-4D948ECD47E6", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*", matchCriteriaId: "1F50D6AC-3D1E-4E54-8422-B717456F6257", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*", matchCriteriaId: "03CBD29C-A606-45DE-B2FB-8572B986A4F0", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*", matchCriteriaId: "44BF5DC1-4609-4F34-9511-785F7B119ADE", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*", matchCriteriaId: "3724F083-A7FC-4069-AC35-FB8AA08B6CCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*", matchCriteriaId: "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*", matchCriteriaId: "A2C9365F-B4A5-4EA2-917B-2F07457017EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*", matchCriteriaId: "D835EE77-6031-40D6-8305-F962F42E7018", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*", matchCriteriaId: "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*", matchCriteriaId: "E884CEDD-CAA5-489D-A526-B628BB3DE460", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3455DE-4408-4603-86B2-5ECE76ED459C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*", matchCriteriaId: "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*", matchCriteriaId: "3EAB33B6-E270-4C11-8E57-2BE127C86134", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*", matchCriteriaId: "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*", matchCriteriaId: "2B376C04-8A35-42E7-8937-1A466E89639A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*", matchCriteriaId: "F13EE983-724F-472B-BCF5-B416D1DF27E1", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*", matchCriteriaId: "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*", matchCriteriaId: "41B48700-10AB-4194-94BC-D0F177D0B56A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*", matchCriteriaId: "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*", matchCriteriaId: "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*", matchCriteriaId: "3896B47E-8787-45D2-96B3-BF4892780F35", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*", matchCriteriaId: "316C9573-7C7D-4429-8563-B74FD752AC51", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*", matchCriteriaId: "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*", matchCriteriaId: "76ABA317-6621-4D57-874F-307451EC9C2E", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*", matchCriteriaId: "477D72B5-A3EA-440A-B495-8A09E8564E8D", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*", matchCriteriaId: "E707A80B-6482-47DD-8BF3-6E58BC2C697A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*", matchCriteriaId: "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*", matchCriteriaId: "ED233BC3-6982-41E1-9205-5159C17A4A56", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*", matchCriteriaId: "7C186F38-89C7-4616-A424-201804F842C9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*", matchCriteriaId: "60176B23-2751-4415-A0D3-DF1BE640F6C3", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*", matchCriteriaId: "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.", }, { lang: "es", value: "Para los productos NVIDIA Quadro, NVS y GeForce, vulnerabilidades de ruta de servicio no citadas GFE GameStream y NVTray Plugin son ejemplos de la vulnerabilidad de ruta de servicio no citado en Windows. Una explotación exitosa de una instalación de servicio vulnerable puede habilitar código malicioso para ejecutar en el sistema en el nivel de privilegios sistema/usuario. La ID CVE-2016-5852 es para la ruta de servicio no citada NVTray Plugin.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/428.html\">CWE-428: Unquoted Search Path or Element</a>", id: "CVE-2016-5852", lastModified: "2024-11-21T02:55:08.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-08T20:59:05.787", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "psirt@nvidia.com", url: "http://www.securityfocus.com/bid/93251", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-11 22:30
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro | - | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "398C6C71-66C1-4042-9C8B-99B0D9269498", versionEndExcluding: "392.59", versionStartIncluding: "390", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54A8E8DF-D2F6-4F6F-9FDB-3C0B4810303C", versionEndExcluding: "426.50", versionStartIncluding: "418", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A860C36-DCAD-480B-84F4-E3B01089281F", versionEndExcluding: "432.28", versionStartIncluding: "430", vulnerable: true, }, { criteria: "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D7563EB9-444F-4651-B822-8B8EAE0CC479", versionEndExcluding: "442.50", versionStartIncluding: "440", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*", matchCriteriaId: "B56258A7-E289-426E-B8D1-309CCB54E893", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "103F9C50-3CB0-427D-832F-7ABCC2BC5E10", versionEndExcluding: "442.50", versionStartIncluding: "440", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3F857E7D-4FB7-4619-8038-20E92519AF40", versionEndExcluding: "440.33.01", versionStartIncluding: "440", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", matchCriteriaId: "75C6DE26-88F2-428E-B761-754BD027E015", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.", }, { lang: "es", value: "El controlador de pantalla NVIDIA Windows GPU, todas las versiones, contiene una vulnerabilidad en el componente Control Panel de NVIDIA en el que un atacante con acceso al sistema local puede plantar una biblioteca DLL maliciosa, lo que puede conllevar a una ejecución de código, denegación de servicio o divulgación de la información.", }, ], id: "CVE-2020-5958", lastModified: "2024-11-21T05:34:54.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-11T22:30:20.263", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-23 18:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "3F546EAF-141A-4671-AF50-F7B902F016F2", versionEndExcluding: "3.20.5.70", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.", }, { lang: "es", value: "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en el componente ShadowPlay que puede conllevar a una escalada local de privilegios, una ejecución de código, una denegación de servicio o una divulgación de información", }, ], id: "CVE-2020-5990", lastModified: "2024-11-21T05:34:57.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-23T18:15:17.450", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-24 22:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "20474D51-D05A-4E27-8ACC-126CBA68E6D8", versionEndExcluding: "3.20.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.", }, { lang: "es", value: "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.2, contiene una vulnerabilidad cuando GameStream está habilitado en la que un atacante con acceso al sistema local puede corromper un archivo del sistema, lo que puede conllevar a una denegación de servicio o una escalada de privilegios.", }, ], id: "CVE-2019-5702", lastModified: "2024-11-21T04:45:22.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-24T22:15:11.403", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4954", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-27 18:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows_7 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "85994A15-E9D3-47D7-81D8-6FDE3A902232", versionEndExcluding: "3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", matchCriteriaId: "E33796DB-4523-4F04-B564-ADF030553D51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.", }, { lang: "es", value: "NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 durante la instalación de la aplicación en Windows 7 en modo de privilegios elevados, donde un usuario local que inicia una sesión del navegador podría obtener privilegios escalados en el navegador.", }, ], id: "CVE-2018-6265", lastModified: "2024-11-21T04:10:24.247", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-27T18:29:02.187", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/LEN-25444", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 03:00
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://nvidia.custhelp.com/app/answers/detail/a_id/4247 | Patch, Vendor Advisory | |
| psirt@nvidia.com | http://www.securityfocus.com/bid/93986 | Third Party Advisory, VDB Entry | |
| psirt@nvidia.com | https://www.exploit-db.com/exploits/40660/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://nvidia.custhelp.com/app/answers/detail/a_id/4247 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93986 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40660/ |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "F36E098A-0BCE-41CF-8AF6-3C32E18C8256", versionEndIncluding: "-", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*", matchCriteriaId: "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*", matchCriteriaId: "26641568-53CE-4606-B2CA-C25A97795A50", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*", matchCriteriaId: "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*", matchCriteriaId: "05A831E4-1119-45F0-B9A0-4D948ECD47E6", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*", matchCriteriaId: "1F50D6AC-3D1E-4E54-8422-B717456F6257", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*", matchCriteriaId: "03CBD29C-A606-45DE-B2FB-8572B986A4F0", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*", matchCriteriaId: "44BF5DC1-4609-4F34-9511-785F7B119ADE", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*", matchCriteriaId: "3724F083-A7FC-4069-AC35-FB8AA08B6CCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*", matchCriteriaId: "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*", matchCriteriaId: "A2C9365F-B4A5-4EA2-917B-2F07457017EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*", matchCriteriaId: "D835EE77-6031-40D6-8305-F962F42E7018", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*", matchCriteriaId: "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*", matchCriteriaId: "E884CEDD-CAA5-489D-A526-B628BB3DE460", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3455DE-4408-4603-86B2-5ECE76ED459C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*", matchCriteriaId: "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*", matchCriteriaId: "3EAB33B6-E270-4C11-8E57-2BE127C86134", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*", matchCriteriaId: "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*", matchCriteriaId: "2B376C04-8A35-42E7-8937-1A466E89639A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*", matchCriteriaId: "F13EE983-724F-472B-BCF5-B416D1DF27E1", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*", matchCriteriaId: "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*", matchCriteriaId: "41B48700-10AB-4194-94BC-D0F177D0B56A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*", matchCriteriaId: "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*", matchCriteriaId: "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*", matchCriteriaId: "3896B47E-8787-45D2-96B3-BF4892780F35", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*", matchCriteriaId: "316C9573-7C7D-4429-8563-B74FD752AC51", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*", matchCriteriaId: "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*", matchCriteriaId: "76ABA317-6621-4D57-874F-307451EC9C2E", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*", matchCriteriaId: "477D72B5-A3EA-440A-B495-8A09E8564E8D", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*", matchCriteriaId: "E707A80B-6482-47DD-8BF3-6E58BC2C697A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*", matchCriteriaId: "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*", matchCriteriaId: "ED233BC3-6982-41E1-9205-5159C17A4A56", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*", matchCriteriaId: "7C186F38-89C7-4616-A424-201804F842C9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*", matchCriteriaId: "60176B23-2751-4415-A0D3-DF1BE640F6C3", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*", matchCriteriaId: "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.", }, { lang: "es", value: "Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 before 342.00, R367 before 369.59, and R375 en versiones anteriores a 375.63 contiene una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgDdiEscape ID 0x7000014 donde un valor pasado de un usuario al controlador es utilizado sin validación como el índice de una matriz interna, conduciendo a una denegación de servicio o potencial escalada de privilegios.", }, ], id: "CVE-2016-8812", lastModified: "2024-11-21T03:00:08.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-08T20:59:25.850", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", }, { source: "psirt@nvidia.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93986", }, { source: "psirt@nvidia.com", url: "https://www.exploit-db.com/exploits/40660/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/40660/", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:49
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "F36E098A-0BCE-41CF-8AF6-3C32E18C8256", versionEndIncluding: "-", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*", matchCriteriaId: "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*", matchCriteriaId: "26641568-53CE-4606-B2CA-C25A97795A50", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*", matchCriteriaId: "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*", matchCriteriaId: "05A831E4-1119-45F0-B9A0-4D948ECD47E6", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*", matchCriteriaId: "1F50D6AC-3D1E-4E54-8422-B717456F6257", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*", matchCriteriaId: "03CBD29C-A606-45DE-B2FB-8572B986A4F0", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*", matchCriteriaId: "44BF5DC1-4609-4F34-9511-785F7B119ADE", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*", matchCriteriaId: "3724F083-A7FC-4069-AC35-FB8AA08B6CCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*", matchCriteriaId: "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*", matchCriteriaId: "A2C9365F-B4A5-4EA2-917B-2F07457017EB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*", matchCriteriaId: "D835EE77-6031-40D6-8305-F962F42E7018", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*", matchCriteriaId: "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*", matchCriteriaId: "E884CEDD-CAA5-489D-A526-B628BB3DE460", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3455DE-4408-4603-86B2-5ECE76ED459C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*", matchCriteriaId: "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*", matchCriteriaId: "3EAB33B6-E270-4C11-8E57-2BE127C86134", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*", matchCriteriaId: "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*", matchCriteriaId: "2B376C04-8A35-42E7-8937-1A466E89639A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*", matchCriteriaId: "F13EE983-724F-472B-BCF5-B416D1DF27E1", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*", matchCriteriaId: "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*", matchCriteriaId: "41B48700-10AB-4194-94BC-D0F177D0B56A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*", matchCriteriaId: "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*", matchCriteriaId: "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*", matchCriteriaId: "3896B47E-8787-45D2-96B3-BF4892780F35", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*", matchCriteriaId: "316C9573-7C7D-4429-8563-B74FD752AC51", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*", matchCriteriaId: "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*", matchCriteriaId: "76ABA317-6621-4D57-874F-307451EC9C2E", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*", matchCriteriaId: "477D72B5-A3EA-440A-B495-8A09E8564E8D", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*", matchCriteriaId: "E707A80B-6482-47DD-8BF3-6E58BC2C697A", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*", matchCriteriaId: "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*", matchCriteriaId: "ED233BC3-6982-41E1-9205-5159C17A4A56", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*", matchCriteriaId: "7C186F38-89C7-4616-A424-201804F842C9", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*", matchCriteriaId: "60176B23-2751-4415-A0D3-DF1BE640F6C3", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*", matchCriteriaId: "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.", }, { lang: "es", value: "Para los productos NVIDIA Quadro, NVS y GeForce, vulnerabilidades de ruta de servicio no citadas GFE GameStream y NVTray Plugin son ejemplos de la vulnerabilidad de ruta de servicio no citado en Windows. Una explotación exitosa de una instalación de servicio vulnerable puede habilitar código malicioso para ejecutarse en el sistema en el nivel de privilegios sistema/usuario. La ID CVE-2016-3161 es para la ruta de servicio no citada GameStream.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/428.html\">CWE-428: Unquoted Search Path or Element</a>", id: "CVE-2016-3161", lastModified: "2024-11-21T02:49:30.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-08T20:59:00.177", references: [ { source: "psirt@nvidia.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "psirt@nvidia.com", url: "http://www.securityfocus.com/bid/93251", }, { source: "psirt@nvidia.com", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.lenovo.com/us/en/product_security/ps500070", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }