Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Geforce_experience
(Nvidia)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-12-16 | CVE-2016-8827 | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | Geforce_experience | 6.5 | ||
| 2019-12-24 | CVE-2019-5702 | NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | Geforce_experience | N/A | ||
| 2019-11-09 | CVE-2019-5689 | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. | Geforce_experience | N/A | ||
| 2017-10-16 | CVE-2017-0316 | In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. | Geforce_experience | N/A | ||
| 2017-04-28 | CVE-2017-6250 | NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. | Geforce_experience | 8.8 | ||
| 2019-05-31 | CVE-2019-5678 | NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure. | Geforce_experience | 7.8 | ||
| 2019-03-28 | CVE-2019-5674 | NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. | Geforce_experience | 7.0 | ||
| 2018-11-27 | CVE-2018-6266 | NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | Geforce_experience | 5.5 | ||
| 2018-11-27 | CVE-2018-6265 | NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser. | Geforce_experience | 7.8 | ||
| 2018-11-27 | CVE-2018-6263 | NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges. | Geforce_experience | 7.8 |