CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2023-0184
https://notcve.org/view.php?id=CVE-2023-0184
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42292
https://notcve.org/view.php?id=CVE-2022-42292
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31611
https://notcve.org/view.php?id=CVE-2022-31611
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42291
https://notcve.org/view.php?id=CVE-2022-42291
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-34671
https://notcve.org/view.php?id=CVE-2022-34671
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service. NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa de modo de usuario, donde un usuario sin privilegios puede provocar una escritura fuera de los límites, lo que puede provocar la ejecución de código, la divulgación de información y la Denegación de Servicio (DoS). • https://nvidia.custhelp.com/app/answers/detail/a_id/5415 https://nvidia.custhelp.com/app/answers/detail/a_id/5468 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721 • CWE-787: Out-of-bounds Write •