CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31611
https://notcve.org/view.php?id=CVE-2022-31611
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42291
https://notcve.org/view.php?id=CVE-2022-42291
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42290
https://notcve.org/view.php?id=CVE-2022-42290
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42289
https://notcve.org/view.php?id=CVE-2022-42289
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42288
https://notcve.org/view.php?id=CVE-2022-42288
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. NVIDIA BMC contiene una vulnerabilidad en el controlador IPMI, donde un atacante no autorizado puede utilizar ciertos oráculos para adivinar un nombre de usuario de BMC válido, lo que puede dar lugar a una divulgación de información. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •