CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5676
https://notcve.org/view.php?id=CVE-2019-5676
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. El software controlador de la GPU NVIDIA Windows Display para Windows (todas las versiones) contiene una vulnerabilidad en la que carga incorrectamente las DLL del sistema Windows sin validar la ruta o la firma (también conocido como ataque de colocación de binarios o ataque de precarga de DLL), lo que provoca una escalada de privilegios a través de la ejecución de código. • https://nvidia.custhelp.com/app/answers/detail/a_id/4797 https://nvidia.custhelp.com/app/answers/detail/a_id/4806 https://nvidia.custhelp.com/app/answers/detail/a_id/4841 https://support.lenovo.com/us/en/product_security/LEN-27815 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 1CVE-2018-3979
https://notcve.org/view.php?id=CVE-2018-3979
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5674
https://notcve.org/view.php?id=CVE-2019-5674
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. NVIDIA GeForce Experience, en versiones anteriores a la 3.18, contiene una vulnerabilidad cuando ShadowPlay o GameStream está habilitado. Cuando un atacante tiene acceso al sistema y crea un enlace físico, el software no comprueba si se han sufrido ataques de enlace físico. • http://support.lenovo.com/us/en/solutions/LEN-27096 http://www.securityfocus.com/bid/107621 https://nvidia.custhelp.com/app/answers/detail/a_id/4784 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6266
https://notcve.org/view.php?id=CVE-2018-6266
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 en Windows por la cual un usuario local podría obtener parámetros de integración de terceros, lo que podría conducir a una divulgación de información. • https://nvidia.custhelp.com/app/answers/detail/a_id/4740 https://support.lenovo.com/us/en/product_security/LEN-25444 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6265
https://notcve.org/view.php?id=CVE-2018-6265
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser. NVIDIA GeForce Experience contiene una vulnerabilidad en todas las versiones anteriores a la 3.16 durante la instalación de la aplicación en Windows 7 en modo de privilegios elevados, donde un usuario local que inicia una sesión del navegador podría obtener privilegios escalados en el navegador. • https://nvidia.custhelp.com/app/answers/detail/a_id/4740 https://support.lenovo.com/us/en/product_security/LEN-25444 •