CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2012-0946 – Nvidia Linux Driver - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0946
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. El controlador de NVIDIA UNIX antes de v295.40, permite a usuarios locales acceder a posiciones de memoria de su elección mediante el aprovechamiento de privilegios de lectura/escritura del nodo-dispositivo GPU. • https://www.exploit-db.com/exploits/20201 http://nvidia.custhelp.com/app/answers/detail/a_id/3109 http://secunia.com/advisories/48650 http://secunia.com/advisories/48793 http://www.ubuntu.com/usn/usn-1420-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/74822 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4784
https://notcve.org/view.php?id=CVE-2011-4784
The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application. El driver NVIDIA Stereoscopic 3D anterior a v7.17.12.7565 no maneja adecuadamente comandos enviados a una tubería (pipe), lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada. • http://secunia.com/advisories/47324 http://technet.microsoft.com/en-us/security/msvr/msvr11-016 http://www.osvdb.org/77974 http://www.securityfocus.com/bid/51148 https://exchange.xforce.ibmcloud.com/vulnerabilities/71930 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2011-2602
https://notcve.org/view.php?id=CVE-2011-2602
The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. El controlador NVIDIA Geforce 310 v6.14.12.7061 en Windows XP SP3 permite a atacantes remotos causar una denegación de servicio (caída del sistema) a través de una página web manipulada que se visite con Google Chrome o Mozilla Firefox, como se demuestra con la página de prueba lots-of-polys-example.html test page en Khronos WebGL SDK. • http://www.contextis.com/resources/blog/webgl http://www.contextis.com/resources/blog/webgl2 http://www.securityfocus.com/bid/48319 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2011-2603
https://notcve.org/view.php?id=CVE-2011-2603
The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. El driver NVIDIA 9400M v6.2.6 en Mac OS X v10.6.7 permite a atacantes remotos provocar una denegación de servicio (desktop hang) a través de una página web manipulada que es visitada con Google Chrome o Moilla Firefox, como se demostró con la página de prueba lots-of-polys-example.html en el "Khronos WebGL SDK". • http://www.contextis.com/resources/blog/webgl http://www.contextis.com/resources/blog/webgl2 http://www.securityfocus.com/bid/48319 • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0636
https://notcve.org/view.php?id=CVE-2011-0636
The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations. Las funciones (1) cudaHostAlloc y (2) cuMemHostAlloc de los controladores de desarrollador NVIDIA CUDA Toolkit 3.2 para Linux 260.19.26, y posiblemente otras versiones, no inicializan la memoria de tipo "pinned" (que nunca se mueve a almacenamiento secundario), lo que permite a usuarios locales leer datos de memoria como fragmentos de archivos durante las operaciones de lectura o escritura. • http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm http://forums.nvidia.com/index.php? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •