Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Geforce_experience
(Nvidia)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 37 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-03-11 | CVE-2020-5958 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure. | Geforce_experience, Quadro_firmware, Tesla_firmware | 7.8 | ||
2020-06-25 | CVE-2020-5964 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. | Geforce_experience, Geforce_firmware, Nvs_firmware, Quadro_firmware, Tesla_firmware | 7.8 | ||
2020-10-23 | CVE-2020-5977 | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | Geforce_experience | 7.8 | ||
2021-04-20 | CVE-2021-1079 | NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite. | Geforce_experience | 6.1 | ||
2016-12-16 | CVE-2016-8827 | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | Geforce_experience | 6.5 | ||
2021-02-05 | CVE-2021-1072 | NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service. | Geforce_experience | 7.1 | ||
2020-10-23 | CVE-2020-5978 | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. | Geforce_experience | 7.8 | ||
2020-10-23 | CVE-2020-5990 | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | Geforce_experience | 7.8 | ||
2019-12-24 | CVE-2019-5702 | NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | Geforce_experience | N/A | ||
2019-11-09 | CVE-2019-5689 | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. | Geforce_experience | N/A |