37 matches found
CVE-2017-14491
CVE-2017-14491 : Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to crash the service or potentially execute arbitrary code via a crafted DNS response. Affected component: dnsmasq. Root cause described as a heap overflow in the DNS reply-building path. Public details in ...
CVE-2019-5678
The CVE-2019-5678 issue affects NVIDIA GeForce Experience Web Helper. The vulnerability arises from input handling in the Web Helper component, where attacker-controlled input and local system access may allow code execution, denial of service, or information disclosure. The Lenovo advisory confi...
CVE-2019-5689
CVE-2019-5689 affects NVIDIA GeForce Experience (Windows) prior to 3.20.1, in the Downloader component with an input validation error that an attacker with local system access can exploit to download/save malicious files, potentially leading to code execution, denial of service, or information di...
CVE-2019-5701
CVE-2019-5701 affects NVIDIA GeForce Experience (all versions prior to 3.20.0.118). The issue arises when GameStream is enabled: an attacker with local access can cause binary planting by loading Intel graphics driver DLLs without validating the path or signature, potentially leading to denial of...
CVE-2021-1073
NVIDIA GeForce Experience (Windows) before version 3.23 is affected by CVE-2021-1073. The flaw occurs in the login flow when a user logs in via a browser while another browser tab is loading a page, allowing the page to access the user’s login token and potentially compromise the account. The iss...
CVE-2019-5676
CVE-2019-5676 affects NVIDIA Windows GPU Display Driver installer where DLLs are loaded without validating path or signature (binary planting). This local, pre-auth escalation could allow code execution if a malicious DLL is placed on the system. Documents identify affected drivers/updates, inclu...
CVE-2020-5957
NVIDIA CVE-2020-5957 affects the Windows GPU Display Driver, specifically the NVIDIA Control Panel component. A local attacker can corrupt a system file, yielding denial of service or privilege escalation. Affected products include NVIDIA GeForce/Quadro/NVS/Tesla drivers for Windows (all R440/R43...
CVE-2020-5958
CVE-2020-5958 affects NVIDIA Windows GPU Display Driver (control panel component). The vulnerability allows a local attacker with system access to plant a malicious DLL, potentially enabling code execution, denial of service, or information disclosure. The related NVIDIA security bulletin lists a...
CVE-2019-5695
The CVE-2019-5695 issue concerns NVIDIA GeForce Experience (pre-3.20.1) and Windows GPU Display Driver across all versions, where the local service provider component improperly loads Windows system DLLs without path/signature validation (a DLL preloading/binary planting flaw). This can enable a ...
CVE-2022-31611
CVE-2022-31611 affects NVIDIA GeForce Experience installers, where an uncontrolled search path vulnerability may allow a user-level attacker to cause the installer to load an arbitrary DLL, potentially enabling privilege escalation and code execution. Root cause: the installer searches an attacke...
CVE-2022-42291
CVE-2022-42291 affects NVIDIA GeForce Experience installers. The vulnerability in the installer could cause data tampering by deleting data in a linked location when the user runs the compromised installer from a specific directory. The issue requires user interaction (launching the installer) an...
CVE-2018-6257
GeForce Experience CVE-2018-6257 affects GeForce Experience 3.x on Windows prior to 3.14.1. The root cause is improper access control when GameStream is enabled, which NVIDIA’s bulletin associates with potential denial of service and privilege escalation (and information disclosure/impact to conf...
CVE-2019-5674
NVIDIA GeForce Experience prior to version 3.18 is vulnerable to a local privilege/remote code execution style issue where an attacker with system access can abuse a hard link write scenario (ShadowPlay/GameStream enabled) to potentially execute code, cause a denial of service, or escalate privil...
CVE-2020-5964
The CVE-2020-5964 issue affects the NVIDIA Windows GPU Display Driver and is described in multiple sources as a vulnerability in the service host component where the integrity check of application resources may be missed, potentially enabling code execution, denial of service, or information disc...
CVE-2021-23175
NVIDIA GeForce Experience vulnerability CVE-2021-23175 is a local privilege escalation in GameStream caused by improper per-user access controls. Affects GeForce Experience prior to version 3.24.0.126; with user intervention, may allow escalation of privileges, information disclosure, data tamper...
CVE-2018-6261
NVIDIA GeForce Experience vulnerability CVE-2018-6261 affects GeForce Experience prior to 3.15 when GameStream is enabled. The issue involves improper file permissions set on a file, which may allow code execution, denial of service, or privilege escalation by users with system access. Affected p...
CVE-2021-1072
CVE-2021-1072 affects NVIDIA GeForce Experience up to version 3.21, where the GameStream component (rxdiag.dll) mishandles log files, enabling an arbitrary file deletion that can cause a denial of service. The vulnerability is described across multiple sources as a local issue impacting the softw...
CVE-2018-6262
Summary of CVE-2018-6262 (NVIDIA GeForce Experience): The vulnerability affects GeForce Experience prior to version 3.15 when GameStream is enabled, allowing limited sensitive user information to be available to users with system access (information disclosure). Root cause described across connec...
CVE-2019-5702
Summary: CVE-2019-5702 affects NVIDIA GeForce Experience prior to 3.20.2. When GameStream is enabled, a local attacker with system access can corrupt a system file, leading to denial of service or privilege escalation. The vulnerability affects all versions before 3.20.2; exploitation requires lo...
CVE-2018-6258
CVE-2018-6258 affects NVIDIA GeForce Experience prior to 3.14.1. The vulnerability occurs during GameStream installation when an attacker with system access can perform a Man-in-the-Middle (MitM) attack to obtain sensitive information. Related Lenovo and NVIDIA advisories corroborate that multipl...
CVE-2018-6259
CVE-2018-6259 affects NVIDIA GeForce Experience prior to 3.14.1, with a vulnerability that can enable limited information disclosure when GameStream is enabled and an attacker has system access alongside certain system features. The consolidated sources (NVD entry, NVIDIA security bulletin, and L...
CVE-2020-5990
CVE-2020-5990 affects NVIDIA GeForce Experience on Windows prior to 3.20.5.70, due to a vulnerability in the ShadowPlay component that may lead to local privilege escalation, code execution, denial of service, or information disclosure. The NVIDIA security bulletin confirms the issue and lists 3....
CVE-2021-1079
CVE-2021-1079 affects NVIDIA GeForce Experience (all versions prior to 3.22) due to a GameStream plugin that creates log files with NT/System level permissions, enabling local impact such as code execution, denial of service, or local privilege escalation. The issue is tied to the log-file creati...
CVE-2017-6250
CVE-2017-6250 affects NVIDIA GeForce Experience, specifically the NVIDIA Web Helper.exe component. The issue permits local code execution through untrusted script execution, per the CVSS3 base metrics (High impact on confidentiality, integrity, and availability; local attack vector with low compl...
CVE-2016-5852
Summary: CVE-2016-5852 and related CVEs affect NVIDIA Quadro/NVS/GeForce Windows drivers (GFE GameStream/NVTray plugin and NVAPI/NVStreamKMS components). CVE-2016-5852 is an unquoted service path vulnerability in the NVTray Plugin that can be exploited locally via a malicious executable in the ro...
CVE-2020-5977
CVE-2020-5977 details (NVIDIA GeForce Experience Windows) : A vulnerability in the NVIDIA Web Helper NodeJS Web Server exists in GeForce Experience all versions before 3.20.5.70. The issue stems from an uncontrolled search path used to load a Node.js module, enabling a local attacker to potential...
CVE-2022-42292
NVIDIA GeForce Experience CVE-2022-42292 affects the NVContainer component. The vulnerability allows a non-admin user to create a symbolic link to a file that requires elevated privileges to write or modify, potentially leading to denial of service, privilege escalation, or limited data tampering...
CVE-2016-3161
CVE-2016-3161 affects NVIDIA Quadro/NVS/GeForce Windows drivers with GFE GameStream and NVTray Plugin unquoted service path, enabling code execution with SYSTEM/USER privileges on a vulnerable install. Root cause is an unquoted service path in the affected components; exploitation status is not d...
CVE-2016-4960
CVE-2016-4960 affects NVIDIA Quadro, NVS, and GeForce Windows drivers via the NVStreamKMS.sys driver. The root cause is improper validation of user-supplied data through API entry points, leading to local privilege escalation. The vulnerability is documented across multiple sources (NVD entry and...
CVE-2016-4961
CVE-2016-4961 affects NVIDIA Quadro, NVS, and GeForce Windows drivers. The root cause is improper sanitization of parameters in the NVStreamKMS.sys API layer, causing a denial-of-service (blue-screen crash). Affected component is the NVStreamKMS.sys driver; impact is high for availability with lo...
CVE-2020-5978
NVIDIA GeForce Experience prior to 3.20.5.70 is affected by a vulnerability in the nvcontainer.exe service where a folder is created by a normal user with LOCAL_SYSTEM privileges, potentially enabling denial of service or privilege escalation. Affected product: GeForce Experience (Windows). Root ...
CVE-2018-6263
CVE-2018-6263 concerns NVIDIA GeForce Experience prior to version 3.16 on Windows. The issue allows a local user to plant a malicious DLL during application installation, enabling privilege escalation. The NVIDIA Security Bulletin (and CNVD/CVE records) confirm the affected product and the local-...
CVE-2017-0316
GeForce Experience 3.x (GeForce Experience) On Windows, NVIDIA Installer Framework’s NVISystemService64 accepts user-supplied values without validation, affecting GeForce Experience 3.x prior to 3.10.0.55. This can lead to denial of service or privilege escalation. A fix is available in NVIDIA GF...
CVE-2018-6265
CVE-2018-6265 affects NVIDIA GeForce Experience prior to 3.16. The vulnerability occurs during Windows 7 application installation in elevated privilege mode, where a local user initiating a browser session may obtain escalation of privileges on the browser. Publicly documented details identify th...
CVE-2018-6266
CVE-2018-6266 refers to a local-info-disclosure vulnerability in NVIDIA GeForce Experience prior to version 3.16 on Windows, where a local user can obtain third party integration parameters. The issue is confirmed in multiple connected sources (e.g., NVIDIA security bulletin, Lenovo advisory) des...
CVE-2016-8812
CVE-2016-8812 affects NVIDIA Windows GPU drivers for NVIDIA Quadro/NVS/GeForce with GeForce Experience (GFE) R340 prior to 2.11.4.125 and R375 prior to 3.1.0.52. The issue is a kernel-mode stack buffer overflow in nvstreamkms.sys triggered by specially crafted executable paths, requiring GeForce ...
CVE-2016-8827
CVE-2016-8827 affects NVIDIA GeForce Experience 3.x before GFE 3.1.0.52. The vulnerability is in the NVIDIA Web Helper.exe local web API endpoint /VisualOPS/v.1.0./, which lacks proper access control and parameter validation, enabling information disclosure via a directory traversal attack. Impac...