CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2016-7386 – NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace
https://notcve.org/view.php?id=CVE-2016-7386
29 Oct 2016 — For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer. Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 en versiones anteriores a 342.00 y R375 en versiones anteriores a 375.63 contiene una vulnerabil... • https://packetstorm.news/files/id/139386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7866
https://notcve.org/view.php?id=CVE-2015-7866
24 Nov 2015 — Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe. Vulnerabilidad de ruta de búsqueda sin entrecomillar en Windows en el Smart Maximize Helper (nvSmartMaxApp.exe) en el Control Panel en el controlador de gráficos NVIDIA GPU R340 en versi... • http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8328
https://notcve.org/view.php?id=CVE-2015-8328
24 Nov 2015 — Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types and affected versions. Vulnerabilidad no especificada en la capa de soporte NVAPI en el driver de gráficos NV... • http://nvidia.custhelp.com/app/answers/detail/a_id/3808/kw/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 3CVE-2015-7865 – Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
https://notcve.org/view.php?id=CVE-2015-7865
24 Nov 2015 — nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. nvSCPAPISvr.exe en el Stereoscopic 3D Driver Service en el controlador de gráficos ... • https://packetstorm.news/files/id/134520 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-7869 – Ubuntu Security Notice USN-2814-1
https://notcve.org/view.php?id=CVE-2015-7869
19 Nov 2015 — Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due... • http://nvidia.custhelp.com/app/answers/detail/a_id/3808/kw/security • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2015-5950 – HP Security Bulletin HPSBHF03513
https://notcve.org/view.php?id=CVE-2015-5950
28 Sep 2015 — The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call. Vulnerabilidad en el controlador de pantalla NVIDIA R352 en versiones anteriores a 353.82 y R340 en versiones anteriores a 341.81 en Windows; R304 en versiones anteriores a 304.128, R340 ... • http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3625
https://notcve.org/view.php?id=CVE-2015-3625
18 Jul 2015 — The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted pointer dereference. El controlador de NVIDIA GPU para FreeBSD R352 anterior a 352.09, 346 anterior a 346.72, R349 anterior a 349.16, R343 anterior a 343.36, R... • http://nvidia.custhelp.com/app/answers/detail/a_id/3693 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 1%CPEs: 11EXPL: 0CVE-2014-8298 – Ubuntu Security Notice USN-2438-1
https://notcve.org/view.php?id=CVE-2014-8298
10 Dec 2014 — The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request. Los controladores NVIDIA Linux Discrete GPU en versiones anteriores a R304.125, R331.x en versiones an... • http://nvidia.custhelp.com/app/answers/detail/a_id/3610 • CWE-19: Data Processing Errors •