All the vulnerabilites related to nvidia - geforce_experience
Vulnerability from fkie_nvd
Published
2018-08-31 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA8B08E-D1C4-4A49-9491-09DA503F0AE3",
"versionEndExcluding": "3.14.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial cuando GameStream est\u00e1 habilitado, un atacante tiene acceso al sistema y ciertas funcionalidades del sistema est\u00e1n habilitadas, en la que podr\u00eda ser posible una divulgaci\u00f3n de informaci\u00f3n limitada."
}
],
"id": "CVE-2018-6259",
"lastModified": "2024-11-21T04:10:23.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-31T20:29:00.493",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-07 03:15
Modified
2024-11-21 07:24
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4E85F1-21B1-45B8-88FC-5A4BB22DD16F",
"versionEndExcluding": "3.27.0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nNVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.\n\n"
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad en el instalador, donde un usuario que instala el software NVIDIA GeForce Experience puede eliminar datos de una ubicaci\u00f3n vinculada sin darse cuenta, lo que puede provocar manipulaci\u00f3n de datos. Un atacante no tiene control expl\u00edcito sobre la explotaci\u00f3n de esta vulnerabilidad, lo que requiere que el usuario inicie expl\u00edcitamente el instalador desde el directorio comprometido."
}
],
"id": "CVE-2022-42291",
"lastModified": "2024-11-21T07:24:41.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-07T03:15:08.627",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1386"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-20 16:15
Modified
2024-11-21 05:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8DB3F6E-CB0B-452F-A870-70C771D4471C",
"versionEndExcluding": "3.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.22, contiene una vulnerabilidad en los plugins GameStream en la que los archivos de registro se crean utilizando permisos de nivel NT/System, lo que puede conducir a la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio o la escalada de privilegios local. El atacante no tiene control sobre la consecuencia de una modificaci\u00f3n ni podr\u00eda filtrar informaci\u00f3n como resultado directo de la sobreescritura"
}
],
"id": "CVE-2021-1079",
"lastModified": "2024-11-21T05:43:33.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-20T16:15:10.260",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-05 20:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro | - | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "398C6C71-66C1-4042-9C8B-99B0D9269498",
"versionEndExcluding": "392.59",
"versionStartIncluding": "390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54A8E8DF-D2F6-4F6F-9FDB-3C0B4810303C",
"versionEndExcluding": "426.50",
"versionStartIncluding": "418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A860C36-DCAD-480B-84F4-E3B01089281F",
"versionEndExcluding": "432.28",
"versionStartIncluding": "430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7563EB9-444F-4651-B822-8B8EAE0CC479",
"versionEndExcluding": "442.50",
"versionStartIncluding": "440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B56258A7-E289-426E-B8D1-309CCB54E893",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "103F9C50-3CB0-427D-832F-7ABCC2BC5E10",
"versionEndExcluding": "442.50",
"versionStartIncluding": "440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F857E7D-4FB7-4619-8038-20E92519AF40",
"versionEndExcluding": "440.33.01",
"versionStartIncluding": "440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA Windows GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el componente NVIDIA Control Panel en la cual un atacante con acceso al sistema local puede corromper un archivo del sistema, lo que puede conllevar a una denegaci\u00f3n del servicio o una escalada de privilegios."
}
],
"id": "CVE-2020-5957",
"lastModified": "2024-11-21T05:34:54.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-05T20:15:11.783",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-25 20:15
Modified
2024-11-21 05:43
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82885F19-70A7-438B-B540-5BEF9BCB8E6D",
"versionEndExcluding": "3.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.23, contiene una vulnerabilidad en el flujo de inicio de sesi\u00f3n cuando un usuario intenta iniciar la sesi\u00f3n utilizando un navegador, mientras, al mismo tiempo, se carga cualquier otra p\u00e1gina web en otras pesta\u00f1as del mismo navegador. En esta situaci\u00f3n, la p\u00e1gina web puede obtener acceso al token de la sesi\u00f3n de inicio de sesi\u00f3n del usuario, lo que conlleva la posibilidad de que la cuenta del usuario se vea comprometida. Esto puede llevar a que se acceda a los datos del usuario objetivo, se alteren o se pierdan"
}
],
"id": "CVE-2021-1073",
"lastModified": "2024-11-21T05:43:32.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T20:15:08.190",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:53
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F36E098A-0BCE-41CF-8AF6-3C32E18C8256",
"versionEndIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26641568-53CE-4606-B2CA-C25A97795A50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A831E4-1119-45F0-B9A0-4D948ECD47E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F50D6AC-3D1E-4E54-8422-B717456F6257",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBD29C-A606-45DE-B2FB-8572B986A4F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BF5DC1-4609-4F34-9511-785F7B119ADE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3724F083-A7FC-4069-AC35-FB8AA08B6CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C9365F-B4A5-4EA2-917B-2F07457017EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D835EE77-6031-40D6-8305-F962F42E7018",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E884CEDD-CAA5-489D-A526-B628BB3DE460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3455DE-4408-4603-86B2-5ECE76ED459C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAB33B6-E270-4C11-8E57-2BE127C86134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B376C04-8A35-42E7-8937-1A466E89639A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F13EE983-724F-472B-BCF5-B416D1DF27E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41B48700-10AB-4194-94BC-D0F177D0B56A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B47E-8787-45D2-96B3-BF4892780F35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316C9573-7C7D-4429-8563-B74FD752AC51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ABA317-6621-4D57-874F-307451EC9C2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477D72B5-A3EA-440A-B495-8A09E8564E8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E707A80B-6482-47DD-8BF3-6E58BC2C697A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED233BC3-6982-41E1-9205-5159C17A4A56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C186F38-89C7-4616-A424-201804F842C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60176B23-2751-4415-A0D3-DF1BE640F6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers."
},
{
"lang": "es",
"value": "Para los productos NVIDIA Quadro, NVS y GeForce, desinfecci\u00f3n inadecuada de los par\u00e1metros en la capa de la API NVStreamKMS.sys provoca una vulnerabilidad de denegaci\u00f3n de servicio (ca\u00edda de pantalla azul) dentro de los controladores de gr\u00e1ficos de NVIDIA Windows."
}
],
"id": "CVE-2016-4961",
"lastModified": "2024-11-21T02:53:18.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-08T20:59:03.583",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "psirt@nvidia.com",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2025-01-14 19:29
Severity ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B85D7A28-8CBA-4D77-AD30-DB3CA49F2F98",
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0FC411C9-9A8A-49D0-B704-2207674778CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
"matchCriteriaId": "B2F3699A-38E4-4E9D-9414-411F71D9E371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54DF7A22-DF8B-4272-8EC6-48173E8860B8",
"versionEndExcluding": "r21.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "810B05A3-29CF-464F-9E63-8238AA0651AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22159717-67FD-4A10-9F65-4434FEC1F922",
"versionEndExcluding": "r24.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1FDAD-C594-43D9-9BF6-F7461177AB91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5454038C-F1F0-4061-8B5C-04A8CF1658C6",
"versionEndExcluding": "3.10.0.55",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF744446-5C60-4C66-BE6B-DD108487B46C",
"versionEndExcluding": "jimmy-al00ac00b135",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B543AF24-5D59-4A46-AC76-0EFF314E3D1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E861FF18-4E42-4092-81B6-0BB32679B2CF",
"versionEndIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DED50F-C1ED-43EB-9E63-B65F4F287F41",
"versionEndExcluding": "4.16.13m",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F144E5-EFB1-47E7-A2D2-28DEE6045CF6",
"versionEndExcluding": "4.17.8m",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1A3AF8-D105-4F13-8921-D94DCC7DE1AF",
"versionEndIncluding": "4.18.4.2f",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63C108C5-0EF5-4C6D-8D83-ADB5EED24A6F",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "284DF779-D900-48B4-A177-7281CD445AB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25B682B-83F5-4903-9138-16907DC7A859",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB9921A-5204-40A3-88AB-B7755F5C6875",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B2D681-1FBF-4013-B223-9878F4F1DB27",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE55F796-FA73-4992-9826-57A00F77F6CA",
"versionEndExcluding": "6.5.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE6B116-71BB-49BF-A5EF-4460D9089511",
"versionEndExcluding": "6.3.1.25",
"versionStartIncluding": "6.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "193354A0-B108-4CA4-A1C3-F5F23147A295",
"versionEndExcluding": "6.4.4.16",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D1AB4F-0922-49AF-9AE5-AEB4019E652C",
"versionEndExcluding": "6.5.1.9",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5D03FA-CE4E-4888-88E2-384986A890BA",
"versionEndExcluding": "6.5.3.3",
"versionStartIncluding": "6.5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E39B25F2-C65B-457F-A36E-14FC8285A004",
"versionEndExcluding": "6.5.4.2",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E53FE9-EA96-456A-B522-FC81DD0CCE3E",
"versionEndExcluding": "8.1.0.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46261C28-E276-4639-BA3D-A735B02599F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01527614-8A68-48DC-B0A0-F4AA99489221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65372FA7-B54B-4298-99BF-483E9FEBA253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D04EA1A-F8E0-415B-8786-1C8C0F08E132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegaci\u00f3n de servicio (cierre inesperado) o ejecutar c\u00f3digo arbitrario utilizando una respuesta DNS manipulada."
}
],
"id": "CVE-2017-14491",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-04T01:29:02.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-23 18:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F546EAF-141A-4671-AF50-F7B902F016F2",
"versionEndExcluding": "3.20.5.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en sus servicios en que es creada una carpeta mediante el archivo nvcontainer.exe bajo el acceso de usuario normal con privilegios LOCAL_SYSTEM, lo que puede conllevar a una denegaci\u00f3n de servicio o a una escalada de privilegios"
}
],
"id": "CVE-2020-5978",
"lastModified": "2024-11-21T05:34:56.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-23T18:15:16.997",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-27 18:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85994A15-E9D3-47D7-81D8-6FDE3A902232",
"versionEndExcluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 en Windows por la cual un atacante con acceso a la cuenta de usuario local puede colocar un DLL (Dynamic Link Library) malicioso durante la instalaci\u00f3n de la aplicaci\u00f3n, lo que podr\u00eda conducir al escalado de privilegios."
}
],
"id": "CVE-2018-6263",
"lastModified": "2024-11-21T04:10:24.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-27T18:29:02.157",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2024-11-21 07:24
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4E85F1-21B1-45B8-88FC-5A4BB22DD16F",
"versionEndExcluding": "3.27.0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nNVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.\n\n"
}
],
"id": "CVE-2022-42292",
"lastModified": "2024-11-21T07:24:41.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T04:15:15.753",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-16 21:29
Modified
2024-11-21 03:02
Severity ?
Summary
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://nvidia.custhelp.com/app/answers/detail/a_id/4560 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://nvidia.custhelp.com/app/answers/detail/a_id/4560 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5454038C-F1F0-4061-8B5C-04A8CF1658C6",
"versionEndExcluding": "3.10.0.55",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
},
{
"lang": "es",
"value": "En GeForce Experience (GFE) en versiones 3.x anteriores a la 3.10.0.55, NVIDIA Installer Framework contiene una vulnerabilidad en NVISystemService64 donde un valor pasado desde un usuario al controlador se usa sin validaci\u00f3n, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio o una posible escalada de privilegios."
}
],
"id": "CVE-2017-0316",
"lastModified": "2024-11-21T03:02:45.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-16T21:29:00.213",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 03:00
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://nvidia.custhelp.com/app/answers/detail/a_id/4247 | Patch, Vendor Advisory | |
| psirt@nvidia.com | http://www.securityfocus.com/bid/93986 | Third Party Advisory, VDB Entry | |
| psirt@nvidia.com | https://www.exploit-db.com/exploits/40660/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://nvidia.custhelp.com/app/answers/detail/a_id/4247 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93986 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40660/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F36E098A-0BCE-41CF-8AF6-3C32E18C8256",
"versionEndIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26641568-53CE-4606-B2CA-C25A97795A50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A831E4-1119-45F0-B9A0-4D948ECD47E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F50D6AC-3D1E-4E54-8422-B717456F6257",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBD29C-A606-45DE-B2FB-8572B986A4F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BF5DC1-4609-4F34-9511-785F7B119ADE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3724F083-A7FC-4069-AC35-FB8AA08B6CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C9365F-B4A5-4EA2-917B-2F07457017EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D835EE77-6031-40D6-8305-F962F42E7018",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E884CEDD-CAA5-489D-A526-B628BB3DE460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3455DE-4408-4603-86B2-5ECE76ED459C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAB33B6-E270-4C11-8E57-2BE127C86134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B376C04-8A35-42E7-8937-1A466E89639A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F13EE983-724F-472B-BCF5-B416D1DF27E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41B48700-10AB-4194-94BC-D0F177D0B56A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B47E-8787-45D2-96B3-BF4892780F35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316C9573-7C7D-4429-8563-B74FD752AC51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ABA317-6621-4D57-874F-307451EC9C2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477D72B5-A3EA-440A-B495-8A09E8564E8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E707A80B-6482-47DD-8BF3-6E58BC2C697A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED233BC3-6982-41E1-9205-5159C17A4A56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C186F38-89C7-4616-A424-201804F842C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60176B23-2751-4415-A0D3-DF1BE640F6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges."
},
{
"lang": "es",
"value": "Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 before 342.00, R367 before 369.59, and R375 en versiones anteriores a 375.63 contiene una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgDdiEscape ID 0x7000014 donde un valor pasado de un usuario al controlador es utilizado sin validaci\u00f3n como el \u00edndice de una matriz interna, conduciendo a una denegaci\u00f3n de servicio o potencial escalada de privilegios."
}
],
"id": "CVE-2016-8812",
"lastModified": "2024-11-21T03:00:08.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-08T20:59:25.850",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93986"
},
{
"source": "psirt@nvidia.com",
"url": "https://www.exploit-db.com/exploits/40660/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40660/"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-02 17:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A13DFB-C0D1-40AE-97E7-49FF71FD84FD",
"versionEndExcluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience en versiones anteriores a la 3.15 contiene una vulnerabilidad cuando GameStream est\u00e1 habilitado, lo que asigna permisos incorrectos en un archivo. Esto podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio (DoS) o escalado de privilegios por parte de usuarios con acceso al sistema."
}
],
"id": "CVE-2018-6261",
"lastModified": "2024-11-21T04:10:23.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-02T17:29:00.297",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 16:15
Modified
2024-11-21 05:51
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A425C6-BFF3-48C6-98F9-B5D72816584E",
"versionEndExcluding": "3.24.0.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad en la autorizaci\u00f3n de usuarios, en la que GameStream no aplica correctamente los controles de acceso individuales para los usuarios del mismo dispositivo, lo que, con la intervenci\u00f3n del usuario, puede conllevar a una escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n, manipulaci\u00f3n de datos y denegaci\u00f3n de servicio, afectando a otros recursos m\u00e1s all\u00e1 de la autoridad de seguridad prevista de GameStream"
}
],
"id": "CVE-2021-23175",
"lastModified": "2024-11-21T05:51:19.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T16:15:07.863",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 21:59
Modified
2024-11-21 03:29
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F63050F7-B1D4-4645-A3A8-7CC776FC978D",
"versionEndIncluding": "gfe_3.6.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad en NVIDIA Web Helper.exe, donde la ejecuci\u00f3n de un script no confiable puede llevar a la violaci\u00f3n de la pol\u00edtica de ejecuci\u00f3n de aplicaciones y a la ejecuci\u00f3n de c\u00f3digo local."
}
],
"id": "CVE-2017-6250",
"lastModified": "2024-11-21T03:29:19.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T21:59:00.153",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
},
{
"source": "psirt@nvidia.com",
"url": "http://www.securityfocus.com/bid/98393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98393"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-12 21:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| nvidia | gpu_driver | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3627005A-4CB9-4881-AB6C-F2145AA138DC",
"versionEndExcluding": "3.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18C44215-3940-4A5C-BC6F-0F0E4B7A91DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience (versiones anteriores a 3.20.1) y Windows GPU Display Driver (todas las versiones), contienen una vulnerabilidad en el componente del proveedor de servicios local en la que un atacante con sistema local y acceso privilegiado puede cargar incorrectamente las DLL del sistema Windows sin comprobar la ruta o la firma (tambi\u00e9n se conoce como ataque de siembra binaria o de precarga de DLL), lo que puede conllevar a una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n por medio de una ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2019-5695",
"lastModified": "2024-11-21T04:45:21.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-12T21:15:12.037",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-09 02:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3627005A-4CB9-4881-AB6C-F2145AA138DC",
"versionEndExcluding": "3.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.1, contiene una vulnerabilidad en el componente Downloader en el que un usuario con acceso al sistema local puede dise\u00f1ar entradas que pueden permitir que archivos maliciosos sean descargados y guardados. Este comportamiento puede conducir a una ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio o divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2019-5689",
"lastModified": "2024-11-21T04:45:21.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-09T02:15:11.537",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-23 18:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F546EAF-141A-4671-AF50-F7B902F016F2",
"versionEndExcluding": "3.20.5.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en NVIDIA Web Helper NodeJS Web Server en la que es usada una ruta de b\u00fasqueda no controlada para cargar un m\u00f3dulo de nodo, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo, una denegaci\u00f3n de servicio, una escalada de privilegios y una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2020-5977",
"lastModified": "2024-11-21T05:34:56.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-23T18:15:16.450",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:49
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F36E098A-0BCE-41CF-8AF6-3C32E18C8256",
"versionEndIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26641568-53CE-4606-B2CA-C25A97795A50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A831E4-1119-45F0-B9A0-4D948ECD47E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F50D6AC-3D1E-4E54-8422-B717456F6257",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBD29C-A606-45DE-B2FB-8572B986A4F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BF5DC1-4609-4F34-9511-785F7B119ADE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3724F083-A7FC-4069-AC35-FB8AA08B6CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C9365F-B4A5-4EA2-917B-2F07457017EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D835EE77-6031-40D6-8305-F962F42E7018",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E884CEDD-CAA5-489D-A526-B628BB3DE460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3455DE-4408-4603-86B2-5ECE76ED459C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAB33B6-E270-4C11-8E57-2BE127C86134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B376C04-8A35-42E7-8937-1A466E89639A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F13EE983-724F-472B-BCF5-B416D1DF27E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41B48700-10AB-4194-94BC-D0F177D0B56A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B47E-8787-45D2-96B3-BF4892780F35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316C9573-7C7D-4429-8563-B74FD752AC51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ABA317-6621-4D57-874F-307451EC9C2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477D72B5-A3EA-440A-B495-8A09E8564E8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E707A80B-6482-47DD-8BF3-6E58BC2C697A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED233BC3-6982-41E1-9205-5159C17A4A56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C186F38-89C7-4616-A424-201804F842C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60176B23-2751-4415-A0D3-DF1BE640F6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path."
},
{
"lang": "es",
"value": "Para los productos NVIDIA Quadro, NVS y GeForce, vulnerabilidades de ruta de servicio no citadas GFE GameStream y NVTray Plugin son ejemplos de la vulnerabilidad de ruta de servicio no citado en Windows. Una explotaci\u00f3n exitosa de una instalaci\u00f3n de servicio vulnerable puede habilitar c\u00f3digo malicioso para ejecutarse en el sistema en el nivel de privilegios sistema/usuario. La ID CVE-2016-3161 es para la ruta de servicio no citada GameStream."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/428.html\"\u003eCWE-428: Unquoted Search Path or Element\u003c/a\u003e",
"id": "CVE-2016-3161",
"lastModified": "2024-11-21T02:49:30.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-08T20:59:00.177",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "psirt@nvidia.com",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-23 18:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F546EAF-141A-4671-AF50-F7B902F016F2",
"versionEndExcluding": "3.20.5.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en el componente ShadowPlay que puede conllevar a una escalada local de privilegios, una ejecuci\u00f3n de c\u00f3digo, una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2020-5990",
"lastModified": "2024-11-21T05:34:57.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-23T18:15:17.450",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-11 22:30
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro | - | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "398C6C71-66C1-4042-9C8B-99B0D9269498",
"versionEndExcluding": "392.59",
"versionStartIncluding": "390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54A8E8DF-D2F6-4F6F-9FDB-3C0B4810303C",
"versionEndExcluding": "426.50",
"versionStartIncluding": "418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A860C36-DCAD-480B-84F4-E3B01089281F",
"versionEndExcluding": "432.28",
"versionStartIncluding": "430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7563EB9-444F-4651-B822-8B8EAE0CC479",
"versionEndExcluding": "442.50",
"versionStartIncluding": "440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B56258A7-E289-426E-B8D1-309CCB54E893",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "103F9C50-3CB0-427D-832F-7ABCC2BC5E10",
"versionEndExcluding": "442.50",
"versionStartIncluding": "440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F857E7D-4FB7-4619-8038-20E92519AF40",
"versionEndExcluding": "440.33.01",
"versionStartIncluding": "440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure."
},
{
"lang": "es",
"value": "El controlador de pantalla NVIDIA Windows GPU, todas las versiones, contiene una vulnerabilidad en el componente Control Panel de NVIDIA en el que un atacante con acceso al sistema local puede plantar una biblioteca DLL maliciosa, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio o divulgaci\u00f3n de la informaci\u00f3n."
}
],
"id": "CVE-2020-5958",
"lastModified": "2024-11-21T05:34:54.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-11T22:30:20.263",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-02 17:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A13DFB-C0D1-40AE-97E7-49FF71FD84FD",
"versionEndExcluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience en versiones anteriores a la 3.15 contiene una vulnerabilidad cuando GameStream est\u00e1 habilitado, lo que hace que informaci\u00f3n limitada sensible del usuario est\u00e9 disponible a usuarios con acceso al sistema. Esto podr\u00eda conducir a una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2018-6262",
"lastModified": "2024-11-21T04:10:24.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-02T17:29:00.423",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-10 21:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | gpu_display_driver | * | |
| nvidia | gpu_display_driver | * | |
| nvidia | gpu_display_driver | * | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "46442A04-15FD-42DA-B82C-3A0450868F1D",
"versionEndExcluding": "412.36",
"versionStartIncluding": "410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66D3718F-174C-4D4C-B8AD-ACFB1A667787",
"versionEndExcluding": "425.51",
"versionStartIncluding": "418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CD2E6016-FD91-4BCC-AA68-8C344F5319C8",
"versionEndExcluding": "430.64",
"versionStartIncluding": "430",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7583B2E-0C11-4D18-9E89-85EFD88C81CF",
"versionEndExcluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution."
},
{
"lang": "es",
"value": "El software controlador de la GPU NVIDIA Windows Display para Windows (todas las versiones) contiene una vulnerabilidad en la que carga incorrectamente las DLL del sistema Windows sin validar la ruta o la firma (tambi\u00e9n conocido como ataque de colocaci\u00f3n de binarios o ataque de precarga de DLL), lo que provoca una escalada de privilegios a trav\u00e9s de la ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2019-5676",
"lastModified": "2024-11-21T04:45:19.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-10T21:29:00.583",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-09 02:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md | Third Party Advisory | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CE60CF-70D1-4715-9FCD-06705DD82690",
"versionEndExcluding": "3.20.0.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, todas las versiones anteriores a la versi\u00f3n 3.20.0.118, contiene una vulnerabilidad cuando GameStream est\u00e1 habilitado en el que un atacante con acceso al sistema local puede cargar las DLL del controlador de gr\u00e1ficos Intel sin validar la ruta o la firma (tambi\u00e9n conocida como plantaci\u00f3n binaria o precarga de DLL ataque), que puede conducir a la denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n o escalada de privilegios a trav\u00e9s de la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2019-5701",
"lastModified": "2024-11-21T04:45:22.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-09T02:15:12.083",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-27 18:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85994A15-E9D3-47D7-81D8-6FDE3A902232",
"versionEndExcluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 en Windows por la cual un usuario local podr\u00eda obtener par\u00e1metros de integraci\u00f3n de terceros, lo que podr\u00eda conducir a una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2018-6266",
"lastModified": "2024-11-21T04:10:24.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-27T18:29:02.233",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-16 21:59
Modified
2024-11-21 03:00
Severity ?
Summary
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://nvidia.custhelp.com/app/answers/detail/a_id/4279 | Vendor Advisory | |
| psirt@nvidia.com | http://www.securityfocus.com/bid/94964 | Third Party Advisory, VDB Entry | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5033 | Vendor Advisory | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://nvidia.custhelp.com/app/answers/detail/a_id/4279 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94964 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5033 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACE3256-2032-4E8C-B688-FBC8AE6AFB67",
"versionEndExcluding": "3.1.0.52",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience 3.x en versiones anteriores a GFE 3.1.0.52 contiene una vulnerabilidad en NVIDIA Web Helper.exe donde el punto final de una web local API, /VisualOPS/v.1.0./, carece de accesos de control apropiados y par\u00e1metros de validaci\u00f3n, permitiendo divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de un ataque de salto de directorio."
}
],
"id": "CVE-2016-8827",
"lastModified": "2024-11-21T03:00:10.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-16T21:59:00.707",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94964"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Not Applicable"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-31 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA8B08E-D1C4-4A49-9491-09DA503F0AE3",
"versionEndExcluding": "3.14.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial cuando GameStream est\u00e1 habilitado, donde un control de acceso incorrecto podr\u00eda conducir a una denegaci\u00f3n de servicio (DoS), escalado de privilegios o ambos."
}
],
"id": "CVE-2018-6257",
"lastModified": "2024-11-21T04:10:23.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-31T20:29:00.227",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-27 18:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows_7 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85994A15-E9D3-47D7-81D8-6FDE3A902232",
"versionEndExcluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 durante la instalaci\u00f3n de la aplicaci\u00f3n en Windows 7 en modo de privilegios elevados, donde un usuario local que inicia una sesi\u00f3n del navegador podr\u00eda obtener privilegios escalados en el navegador."
}
],
"id": "CVE-2018-6265",
"lastModified": "2024-11-21T04:10:24.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-27T18:29:02.187",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-31 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA8B08E-D1C4-4A49-9491-09DA503F0AE3",
"versionEndExcluding": "3.14.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial durante la instalaci\u00f3n de GameStream en la que un atacante que tenga acceso al sistema puede llevar a cabo un ataque Man-in-the-Middle (MitM) para obtener informaci\u00f3n sensible."
}
],
"id": "CVE-2018-6258",
"lastModified": "2024-11-21T04:10:23.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-31T20:29:00.367",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-05 20:15
Modified
2024-11-21 05:43
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91402050-426D-45B6-9A40-A4ABBD3B66EA",
"versionEndExcluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en todas las versiones anteriores a 3.21, contiene una vulnerabilidad en GameStream (la biblioteca rxdiag.dll) en la que un borrado arbitrario de archivos debido a una gesti\u00f3n inapropiada de los archivos de registro puede conllevar a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-1072",
"lastModified": "2024-11-21T05:43:32.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-05T20:15:13.293",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:53
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC7A2F9-5F65-4203-B171-6109E61B5F2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26641568-53CE-4606-B2CA-C25A97795A50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A831E4-1119-45F0-B9A0-4D948ECD47E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F50D6AC-3D1E-4E54-8422-B717456F6257",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBD29C-A606-45DE-B2FB-8572B986A4F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BF5DC1-4609-4F34-9511-785F7B119ADE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3724F083-A7FC-4069-AC35-FB8AA08B6CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C9365F-B4A5-4EA2-917B-2F07457017EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D835EE77-6031-40D6-8305-F962F42E7018",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E884CEDD-CAA5-489D-A526-B628BB3DE460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3455DE-4408-4603-86B2-5ECE76ED459C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAB33B6-E270-4C11-8E57-2BE127C86134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B376C04-8A35-42E7-8937-1A466E89639A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F13EE983-724F-472B-BCF5-B416D1DF27E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41B48700-10AB-4194-94BC-D0F177D0B56A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B47E-8787-45D2-96B3-BF4892780F35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316C9573-7C7D-4429-8563-B74FD752AC51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ABA317-6621-4D57-874F-307451EC9C2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477D72B5-A3EA-440A-B495-8A09E8564E8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E707A80B-6482-47DD-8BF3-6E58BC2C697A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED233BC3-6982-41E1-9205-5159C17A4A56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C186F38-89C7-4616-A424-201804F842C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60176B23-2751-4415-A0D3-DF1BE640F6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege."
},
{
"lang": "es",
"value": "Para los productos NVIDIA Quadro, NVS y GeForce, el componente de servicio NVIDIA NVStreamKMS.sys est\u00e1 validando incorrectamente los datos suministrados por el usuario a trav\u00e9s de sus puntos de entrada de la API lo que causa una elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2016-4960",
"lastModified": "2024-11-21T02:53:18.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-08T20:59:02.567",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "psirt@nvidia.com",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-08 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F36E098A-0BCE-41CF-8AF6-3C32E18C8256",
"versionEndIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26641568-53CE-4606-B2CA-C25A97795A50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BAA7E2-E4F5-44C9-BEDF-7425B0C56578",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A831E4-1119-45F0-B9A0-4D948ECD47E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F50D6AC-3D1E-4E54-8422-B717456F6257",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBD29C-A606-45DE-B2FB-8572B986A4F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BF5DC1-4609-4F34-9511-785F7B119ADE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3724F083-A7FC-4069-AC35-FB8AA08B6CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72BBAC-CEBD-4405-B1EC-7535794FF5EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C9365F-B4A5-4EA2-917B-2F07457017EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D835EE77-6031-40D6-8305-F962F42E7018",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E884CEDD-CAA5-489D-A526-B628BB3DE460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3455DE-4408-4603-86B2-5ECE76ED459C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAB33B6-E270-4C11-8E57-2BE127C86134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0C08C8-AC1B-4A01-903A-FB56B75CAE55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B376C04-8A35-42E7-8937-1A466E89639A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F13EE983-724F-472B-BCF5-B416D1DF27E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF0898-E092-42BA-A777-FB7C5FFC4D3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41B48700-10AB-4194-94BC-D0F177D0B56A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3B7EE4-080F-4E3C-8304-0837AC20ECCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3896B47E-8787-45D2-96B3-BF4892780F35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316C9573-7C7D-4429-8563-B74FD752AC51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ABA317-6621-4D57-874F-307451EC9C2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477D72B5-A3EA-440A-B495-8A09E8564E8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B507EE-F005-4806-A8FC-8C8D9A31B0DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E707A80B-6482-47DD-8BF3-6E58BC2C697A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED233BC3-6982-41E1-9205-5159C17A4A56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C186F38-89C7-4616-A424-201804F842C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60176B23-2751-4415-A0D3-DF1BE640F6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FABA79A-A70A-40A5-ADA7-893EAB42FE9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path."
},
{
"lang": "es",
"value": "Para los productos NVIDIA Quadro, NVS y GeForce, vulnerabilidades de ruta de servicio no citadas GFE GameStream y NVTray Plugin son ejemplos de la vulnerabilidad de ruta de servicio no citado en Windows. Una explotaci\u00f3n exitosa de una instalaci\u00f3n de servicio vulnerable puede habilitar c\u00f3digo malicioso para ejecutar en el sistema en el nivel de privilegios sistema/usuario. La ID CVE-2016-5852 es para la ruta de servicio no citada NVTray Plugin."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/428.html\"\u003eCWE-428: Unquoted Search Path or Element\u003c/a\u003e",
"id": "CVE-2016-5852",
"lastModified": "2024-11-21T02:55:08.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-08T20:59:05.787",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "psirt@nvidia.com",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-07 03:15
Modified
2024-11-21 07:04
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4E85F1-21B1-45B8-88FC-5A4BB22DD16F",
"versionEndExcluding": "3.27.0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nNVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.\n\n"
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience contiene una vulnerabilidad de uncontrolled search path en todos sus instaladores de clientes, donde un atacante con privilegios de nivel de usuario puede hacer que el instalador cargue una DLL arbitraria cuando se inicia. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a una escalada de privilegios y ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2022-31611",
"lastModified": "2024-11-21T07:04:50.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.5,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-07T03:15:08.490",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-31 22:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7583B2E-0C11-4D18-9E89-85EFD88C81CF",
"versionEndExcluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience versiones anteriores a 3.19 contiene una vulnerabilidad en el componente Web Helper, en la que un atacante con acceso al sistema local puede crear una entrada que puede no estar validada apropiadamente. Dicho ataque puede conllevar a la ejecuci\u00f3n de c\u00f3digo, la Denegaci\u00f3n de Servicio (DoS) o la Divulgaci\u00f3n de Informaci\u00f3n."
}
],
"id": "CVE-2019-5678",
"lastModified": "2024-11-21T04:45:19.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-31T22:29:01.270",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"source": "psirt@nvidia.com",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-28 15:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | http://support.lenovo.com/us/en/solutions/LEN-27096 | ||
| psirt@nvidia.com | http://www.securityfocus.com/bid/107621 | Third Party Advisory, VDB Entry | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/4784 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lenovo.com/us/en/solutions/LEN-27096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107621 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/4784 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCB6F21-7822-4CEE-96F5-F8712D2E1F2A",
"versionEndExcluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, en versiones anteriores a la 3.18, contiene una vulnerabilidad cuando ShadowPlay o GameStream est\u00e1 habilitado. Cuando un atacante tiene acceso al sistema y crea un enlace f\u00edsico, el software no comprueba si se han sufrido ataques de enlace f\u00edsico. Este comportamiento puede conducir a una ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio (DoS) o escalado de privilegios."
}
],
"id": "CVE-2019-5674",
"lastModified": "2024-11-21T04:45:19.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-28T15:29:00.467",
"references": [
{
"source": "psirt@nvidia.com",
"url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107621"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-25 00:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro_firmware | * | |
| nvidia | quadro | - | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla_firmware | * | |
| nvidia | tesla | - | |
| nvidia | geforce_experience | * | |
| microsoft | windows | - | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs_firmware | * | |
| nvidia | nvs | - | |
| nvidia | geforce_firmware | * | |
| nvidia | geforce | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3BB4C3-E77E-4841-A436-E9033FEE5011",
"versionEndExcluding": "392.61",
"versionStartIncluding": "390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "021A11A4-23AE-4C5F-A3F0-357481BC1C91",
"versionEndExcluding": "426.78",
"versionStartIncluding": "418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9195AEC-3EB3-4991-947B-E68817B8902A",
"versionEndExcluding": "443.18",
"versionStartIncluding": "440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA19971-9415-4D00-9090-21788E753CEE",
"versionEndExcluding": "451.48",
"versionStartIncluding": "450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B56258A7-E289-426E-B8D1-309CCB54E893",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C11F4D2B-A251-4D15-9902-9E2AB23C58D5",
"versionEndExcluding": "426.78",
"versionStartIncluding": "418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8EEDE5-CF37-4CC3-B556-EA329027CC4C",
"versionEndExcluding": "443.18",
"versionStartIncluding": "440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A65412-DD0C-410A-AFFA-3A7774053B5A",
"versionEndExcluding": "451.48",
"versionStartIncluding": "450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF79957-D4AF-4CCD-8F55-7CA9829FD0B1",
"versionEndExcluding": "3.20.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E71ACEF-7A5B-4C77-81A5-539BB4D86E47",
"versionEndExcluding": "392.61",
"versionStartIncluding": "390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A611598-0D67-49A8-B6A5-87EE823E2619",
"versionEndExcluding": "426.78",
"versionStartIncluding": "418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01F0E734-BA49-4119-998C-142860430AB4",
"versionEndExcluding": "443.18",
"versionStartIncluding": "440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40537521-3B8D-4B2D-94D5-B79C219D7BF6",
"versionEndExcluding": "451.48",
"versionStartIncluding": "450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:nvs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C60D8825-B4F5-47DC-ACC3-137D6FC5F12F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:geforce_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8472A4C6-922C-44F5-AF22-1BD3F45E70CA",
"versionEndExcluding": "451.48",
"versionStartIncluding": "450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure."
},
{
"lang": "es",
"value": "NVIDIA Windows GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el componente service host, en el que se puede pasar por alto la comprobaci\u00f3n de integridad de los recursos de la aplicaci\u00f3n. Tal ataque puede conllevar a una ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio o divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2020-5964",
"lastModified": "2024-11-21T05:34:54.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-25T00:15:10.383",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5038"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-24 22:15
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | geforce_experience | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20474D51-D05A-4E27-8ACC-126CBA68E6D8",
"versionEndExcluding": "3.20.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.2, contiene una vulnerabilidad cuando GameStream est\u00e1 habilitado en la que un atacante con acceso al sistema local puede corromper un archivo del sistema, lo que puede conllevar a una denegaci\u00f3n de servicio o una escalada de privilegios."
}
],
"id": "CVE-2019-5702",
"lastModified": "2024-11-21T04:45:22.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-24T22:15:11.403",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4954"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-42291
Vulnerability from cvelistv5
Published
2023-02-07 02:16
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | GeForce Experience |
Version: All versions prior to 3.27.0.112 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.27.0.112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.\u003c/span\u003e\n\n"
}
],
"value": "\nNVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Data Tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386: Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T02:16:07.803Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-42291",
"datePublished": "2023-02-07T02:16:07.803Z",
"dateReserved": "2022-10-03T14:20:26.210Z",
"dateUpdated": "2024-08-03T13:03:45.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42292
Vulnerability from cvelistv5
Published
2023-02-07 02:31
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | GeForce Experience |
Version: All versions prior to 3.27.0.112 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.27.0.112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.\u003c/span\u003e\n\n"
}
],
"value": "\nNVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service, Data Tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T01:45:42.615671Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-42292",
"datePublished": "2023-02-07T02:31:42.937Z",
"dateReserved": "2022-10-03T14:20:26.210Z",
"dateUpdated": "2024-08-03T13:03:45.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5689
Vulnerability from cvelistv5
Published
2019-11-09 01:37
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience |
Version: All versions prior to 3.20.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.20.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service, or information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-09T01:37:35",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.1"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, or information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5689",
"datePublished": "2019-11-09T01:37:35",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6263
Vulnerability from cvelistv5
Published
2018-11-27 18:00
Modified
2024-09-17 02:00
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4740 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-25444 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.16 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.16"
}
]
}
],
"datePublic": "2018-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T18:06:07",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-11-19T00:00:00",
"ID": "CVE-2018-6263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.16"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6263",
"datePublished": "2018-11-27T18:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T02:00:32.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6261
Vulnerability from cvelistv5
Published
2018-10-02 17:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4725 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.15 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.15"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution, denial of service, or escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T16:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-6261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.15"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code execution, denial of service, or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6261",
"datePublished": "2018-10-02T17:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T02:06:44.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5678
Vulnerability from cvelistv5
Published
2019-05-31 21:12
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4806 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-27815 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience |
Version: 3.19 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "3.19"
}
]
}
],
"datePublic": "2019-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service, information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T03:06:04",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.19"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-27815",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5678",
"datePublished": "2019-05-31T21:12:01",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8812
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93986 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40660/ | exploit, x_refsource_EXPLOIT-DB | |
| http://nvidia.custhelp.com/app/answers/detail/a_id/4247 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Quadro, NVS, and GeForce (all versions) |
Version: Quadro, NVS, and GeForce (all versions) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:01.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93986"
},
{
"name": "40660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40660/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quadro, NVS, and GeForce (all versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Quadro, NVS, and GeForce (all versions)"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"name": "93986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93986"
},
{
"name": "40660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40660/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-8812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, and GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, and GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93986"
},
{
"name": "40660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40660/"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2016-8812",
"datePublished": "2016-11-08T20:37:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:01.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5958
Vulnerability from cvelistv5
Published
2020-03-11 21:14
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4996 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: ALL |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GPU Display Driver ",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "ALL"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service or escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T21:14:18",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2020-5958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver ",
"version": {
"version_data": [
{
"version_value": "ALL"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service or escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996",
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2020-5958",
"datePublished": "2020-03-11T21:14:18",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:41.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5695
Vulnerability from cvelistv5
Published
2019-11-12 20:14
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4907 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | x_refsource_CONFIRM | |
| https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience |
Version: prior to 3.20.1 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "prior to 3.20.1"
}
]
},
{
"product": "NVIDIA Windows GPU Display Driver",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service or information disclosure through code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-18T18:28:04",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "prior to 3.20.1"
}
]
}
},
{
"product_name": "NVIDIA Windows GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or information disclosure through code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"name": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695",
"refsource": "MISC",
"url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5695",
"datePublished": "2019-11-12T20:14:54",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6258
Vulnerability from cvelistv5
Published
2018-08-31 21:00
Modified
2024-09-17 02:26
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | NVIDIA GeForce Experience |
Version: All versions prior to 3.14.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.14.1"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-31T20:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-08-30T00:00:00",
"ID": "CVE-2018-6258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.14.1"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6258",
"datePublished": "2018-08-31T21:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T02:26:31.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5978
Vulnerability from cvelistv5
Published
2020-10-23 17:35
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.20.5.70 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.20.5.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service, escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T17:35:16",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2020-5978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.5.70"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service, escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2020-5978",
"datePublished": "2020-10-23T17:35:16",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:41.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5676
Vulnerability from cvelistv5
Published
2019-05-10 20:21
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4797 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/4806 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-27815 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/4841 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GPU Display Driver",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2019-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privileges, code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T18:06:06",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privileges, code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-27815",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5676",
"datePublished": "2019-05-10T20:21:18",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4960
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quadro, NVS, GeForce (all versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Quadro, NVS, GeForce (all versions)"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-13T17:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-4960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"name": "https://support.lenovo.com/us/en/product_security/ps500070",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2016-4960",
"datePublished": "2016-11-08T20:37:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5674
Vulnerability from cvelistv5
Published
2019-03-28 14:09
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4784 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107621 | vdb-entry, x_refsource_BID | |
| http://support.lenovo.com/us/en/solutions/LEN-27096 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA Corporation | GeForce Experience |
Version: before 3.18 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
},
{
"name": "107621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "NVIDIA Corporation",
"versions": [
{
"status": "affected",
"version": "before 3.18"
}
]
}
],
"datePublic": "2019-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service, or escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T18:06:08",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
},
{
"name": "107621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "before 3.18"
}
]
}
}
]
},
"vendor_name": "NVIDIA Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784"
},
{
"name": "107621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107621"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-27096",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-27096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5674",
"datePublished": "2019-03-28T14:09:11",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5964
Vulnerability from cvelistv5
Published
2020-06-25 00:00
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5031 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5038 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GPU Display Driver",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution or denial of service or information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T21:06:16",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2020-5964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution or denial of service or information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5038",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2020-5964",
"datePublished": "2020-06-25T00:00:18",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:40.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5701
Vulnerability from cvelistv5
Published
2019-11-09 01:48
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | x_refsource_CONFIRM | |
| https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience |
Version: before 3.20.0.118 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "before 3.20.0.118"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service, information disclosure, or escalation of privileges through code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T19:03:15",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "before 3.20.0.118"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service, information disclosure, or escalation of privileges through code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
},
{
"name": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md",
"refsource": "MISC",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5701",
"datePublished": "2019-11-09T01:48:50",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5852
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quadro, NVS, GeForce (all versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Quadro, NVS, GeForce (all versions)"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-13T17:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-5852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"name": "https://support.lenovo.com/us/en/product_security/ps500070",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2016-5852",
"datePublished": "2016-11-08T20:37:00",
"dateReserved": "2016-06-28T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1079
Vulnerability from cvelistv5
Published
2021-04-20 14:20
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5184 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.22 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:55:18.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service, or local privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-15T14:03:56",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2021-1079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.22"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, or local privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2021-1079",
"datePublished": "2021-04-20T14:20:11",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-08-03T15:55:18.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5977
Vulnerability from cvelistv5
Published
2020-10-23 17:35
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.20.5.70 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.20.5.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service, escalation of privileges, and information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T17:35:15",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2020-5977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.5.70"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, escalation of privileges, and information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2020-5977",
"datePublished": "2020-10-23T17:35:15",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:40.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5990
Vulnerability from cvelistv5
Published
2020-10-23 17:35
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5076 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.20.5.70 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.20.5.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution, denial of service, escalation of privileges, and information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T17:35:16",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2020-5990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.5.70"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, escalation of privileges, and information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2020-5990",
"datePublished": "2020-10-23T17:35:16",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:40.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1073
Vulnerability from cvelistv5
Published
2021-06-25 19:25
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5199 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.23 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:55:18.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service, information disclosure, or data loss",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:12:55",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2021-1073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.23"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"credit": [
{
"lang": "eng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service, information disclosure, or data loss"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2021-1073",
"datePublished": "2021-06-25T19:25:10",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-08-03T15:55:18.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31611
Vulnerability from cvelistv5
Published
2023-02-07 02:22
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | GeForce Experience |
Version: All versions prior to 3.27.0.112 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.27.0.112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.\u003c/span\u003e\n\n"
}
],
"value": "\nNVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code Execution, Denial of Service, Escalation of Privileges, Information Disclosure, Data Tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T02:22:19.812Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-31611",
"datePublished": "2023-02-07T02:22:19.812Z",
"dateReserved": "2022-05-24T16:39:32.002Z",
"dateUpdated": "2024-08-03T07:26:00.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6266
Vulnerability from cvelistv5
Published
2018-11-27 18:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4740 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-25444 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.16 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.16"
}
]
}
],
"datePublic": "2018-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T18:06:07",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-11-19T00:00:00",
"ID": "CVE-2018-6266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.16"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6266",
"datePublished": "2018-11-27T18:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-16T22:45:56.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8827
Vulnerability from cvelistv5
Published
2016-12-16 21:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94964 | vdb-entry, x_refsource_BID | |
| http://nvidia.custhelp.com/app/answers/detail/a_id/4279 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5033 | x_refsource_CONFIRM | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: All |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T02:06:54",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"name": "94964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-8827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94964"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4279"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5033"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2016-8827",
"datePublished": "2016-12-16T21:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1072
Vulnerability from cvelistv5
Published
2021-02-05 19:40
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5155 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.21 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:55:18.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T19:40:12",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2021-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.21"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2021-1072",
"datePublished": "2021-02-05T19:40:12",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-08-03T15:55:18.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6259
Vulnerability from cvelistv5
Published
2018-08-31 21:00
Modified
2024-09-17 01:20
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | NVIDIA GeForce Experience |
Version: All versions prior to 3.14.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.14.1"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-31T20:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-08-30T00:00:00",
"ID": "CVE-2018-6259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.14.1"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6259",
"datePublished": "2018-08-31T21:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T01:20:55.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6265
Vulnerability from cvelistv5
Published
2018-11-27 18:00
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4740 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/LEN-25444 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.16 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.16"
}
]
}
],
"datePublic": "2018-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T18:06:07",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-11-19T00:00:00",
"ID": "CVE-2018-6265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.16"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-25444",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6265",
"datePublished": "2018-11-27T18:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-16T18:55:53.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23175
Vulnerability from cvelistv5
Published
2021-12-23 16:05
Modified
2024-08-03 19:05
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5295 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GeForce Experience Software |
Version: All versions prior to 3.24.0.126 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience Software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.24.0.126"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE:285 Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T16:05:10",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2021-23175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience Software",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.24.0.126"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE:285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2021-23175",
"datePublished": "2021-12-23T16:05:10",
"dateReserved": "2021-12-09T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6262
Vulnerability from cvelistv5
Published
2018-10-02 17:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4725 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.15 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.15"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T16:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.15"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6262",
"datePublished": "2018-10-02T17:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-16T16:59:01.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4961
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quadro, NVS, GeForce (all versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Quadro, NVS, GeForce (all versions)"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-13T17:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-4961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"name": "https://support.lenovo.com/us/en/product_security/ps500070",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2016-4961",
"datePublished": "2016-11-08T20:37:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0316
Vulnerability from cvelistv5
Published
2017-10-16 21:00
Modified
2024-09-16 19:21
Severity ?
EPSS score ?
Summary
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4560 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.x"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service, Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-16T20:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2017-10-16T00:00:00",
"ID": "CVE-2017-0316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.x"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2017-0316",
"datePublished": "2017-10-16T21:00:00Z",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-09-16T19:21:07.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6257
Vulnerability from cvelistv5
Published
2018-08-31 21:00
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4685 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | NVIDIA GeForce Experience |
Version: All versions prior to 3.14.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.14.1"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-31T20:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-08-30T00:00:00",
"ID": "CVE-2018-6257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.14.1"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6257",
"datePublished": "2018-08-31T21:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-16T17:43:39.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14491
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 19:27
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039474",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name": "101085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name": "USN-3430-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"name": "101977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name": "RHSA-2017:2838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"name": "VU#973527",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name": "GLSA-201710-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name": "RHSA-2017:2840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"name": "USN-3430-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name": "RHSA-2017:2839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"name": "RHSA-2017:2836",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name": "RHSA-2017:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"name": "42941",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "RHSA-2017:2841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"name": "openSUSE-SU-2017:2633",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"name": "FEDORA-2017-515264ae24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"name": "FEDORA-2017-24f067299e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"name": "USN-3430-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"name": "SUSE-SU-2017:2619",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"name": "FEDORA-2017-7106a157f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"name": "SUSE-SU-2017:2616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"name": "SUSE-SU-2017:2617",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:42:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039474",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name": "101085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name": "USN-3430-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"name": "101977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name": "RHSA-2017:2838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"name": "VU#973527",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name": "GLSA-201710-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name": "RHSA-2017:2840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"name": "USN-3430-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name": "RHSA-2017:2839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"name": "RHSA-2017:2836",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name": "RHSA-2017:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"name": "42941",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "RHSA-2017:2841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"name": "openSUSE-SU-2017:2633",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"name": "FEDORA-2017-515264ae24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"name": "FEDORA-2017-24f067299e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"name": "USN-3430-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"name": "SUSE-SU-2017:2619",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"name": "FEDORA-2017-7106a157f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"name": "SUSE-SU-2017:2616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"name": "SUSE-SU-2017:2617",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039474",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039474"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name": "DSA-3989",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/3199382",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name": "101085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name": "USN-3430-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"name": "101977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name": "RHSA-2017:2838",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"name": "VU#973527",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name": "GLSA-201710-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name": "RHSA-2017:2840",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"name": "USN-3430-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name": "RHSA-2017:2839",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"name": "RHSA-2017:2836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name": "RHSA-2017:2837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"name": "42941",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "RHSA-2017:2841",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"name": "openSUSE-SU-2017:2633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"name": "FEDORA-2017-515264ae24",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"name": "FEDORA-2017-24f067299e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"name": "USN-3430-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"name": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"name": "SUSE-SU-2017:2619",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"name": "FEDORA-2017-7106a157f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"name": "SUSE-SU-2017:2616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"name": "SUSE-SU-2017:2617",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"name": "DSA-3989",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14491",
"datePublished": "2017-10-02T21:00:00",
"dateReserved": "2017-09-15T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5957
Vulnerability from cvelistv5
Published
2020-03-05 19:55
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4996 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: ALL |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GPU Display Driver",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "ALL"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service or escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-05T19:55:26",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2020-5957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "ALL"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996",
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2020-5957",
"datePublished": "2020-03-05T19:55:26",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:41.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5702
Vulnerability from cvelistv5
Published
2019-12-24 21:05
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/4954 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NVIDIA | GeForce Experience |
Version: All versions prior to 3.20.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 3.20.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service or escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T21:05:26",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2019-5702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.2"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4954",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2019-5702",
"datePublished": "2019-12-24T21:05:26",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3161
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4213 | x_refsource_CONFIRM | |
| https://support.lenovo.com/us/en/product_security/ps500070 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93251 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Quadro, NVS, GeForce (all versions) |
Version: Quadro, NVS, GeForce (all versions) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quadro, NVS, GeForce (all versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Quadro, NVS, GeForce (all versions)"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-13T17:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-3161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"name": "https://support.lenovo.com/us/en/product_security/ps500070",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"name": "93251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2016-3161",
"datePublished": "2016-11-08T20:37:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6250
Vulnerability from cvelistv5
Published
2017-04-28 21:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4459 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98393 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nvidia Corporation | GeForce Experience |
Version: 3.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
},
{
"name": "98393",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98393"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeForce Experience",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "3.x"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Violation of application execution policy and local code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-19T09:57:02",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
},
{
"name": "98393",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98393"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-6250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce Experience",
"version": {
"version_data": [
{
"version_value": "3.x"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Violation of application execution policy and local code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4459"
},
{
"name": "98393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98393"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2017-6250",
"datePublished": "2017-04-28T21:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}