VYPR

Geforce Experience

by Nvidia

CVEs (34)

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2016-8812HigNov 8, 2016
    risk 0.60cvss 8.8epss 0.02

    For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted…

  • CVE-2017-6250HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.

  • CVE-2017-0316HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

  • CVE-2016-5852HigNov 8, 2016
    risk 0.51cvss 7.8epss 0.00

    For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to…

  • CVE-2016-3161HigNov 8, 2016
    risk 0.51cvss 7.8epss 0.00

    For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to…

  • CVE-2017-0317HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.00

    All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via…

  • CVE-2016-4960HigNov 8, 2016
    risk 0.47cvss 7.3epss 0.00

    For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.

  • CVE-2018-6261HigOct 2, 2018
    risk 0.46cvss 7.0epss 0.00

    NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.

  • CVE-2018-6257HigAug 31, 2018
    risk 0.46cvss 7.0epss 0.00

    NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.

  • CVE-2016-8827MedDec 16, 2016
    risk 0.43cvss 6.5epss 0.05

    NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.

  • CVE-2016-4961MedNov 8, 2016
    risk 0.36cvss 5.5epss 0.00

    For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

  • CVE-2018-6258MedAug 31, 2018
    risk 0.31cvss 4.7epss 0.00

    NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.

  • CVE-2018-6262LowOct 2, 2018
    risk 0.16cvss 2.5epss 0.00

    NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

  • CVE-2018-6259LowAug 31, 2018
    risk 0.16cvss 2.5epss 0.00

    NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

  • CVE-2022-42292Feb 7, 2023
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of…

  • CVE-2022-31611Feb 7, 2023
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability…

  • CVE-2022-42291Feb 7, 2023
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the…

  • CVE-2021-23175Dec 23, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data…

  • CVE-2021-1073Jun 25, 2021
    risk 0.00cvss epss 0.01

    NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get…

Page 1 of 2