CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42291
https://notcve.org/view.php?id=CVE-2022-42291
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42290
https://notcve.org/view.php?id=CVE-2022-42290
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42289
https://notcve.org/view.php?id=CVE-2022-42289
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42288
https://notcve.org/view.php?id=CVE-2022-42288
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. NVIDIA BMC contiene una vulnerabilidad en el controlador IPMI, donde un atacante no autorizado puede utilizar ciertos oráculos para adivinar un nombre de usuario de BMC válido, lo que puede dar lugar a una divulgación de información. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42287
https://notcve.org/view.php?id=CVE-2022-42287
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en el controlador IPMI, donde un atacante autorizado puede cargar y descargar archivos arbitrarios bajo ciertas circunstancias, lo que puede provocar denegación de servicio, escalada de privilegios, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •