CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6250
https://notcve.org/view.php?id=CVE-2017-6250
28 Apr 2017 — NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. NVIDIA GeForce Experience contiene una vulnerabilidad en NVIDIA Web Helper.exe, donde la ejecución de un script no confiable puede llevar a la violación de la política de ejecución de aplicaciones y a la ejecución de código local. • http://nvidia.custhelp.com/app/answers/detail/a_id/4459 •
CVSS: 6.5EPSS: 6%CPEs: 2EXPL: 0CVE-2016-8827
https://notcve.org/view.php?id=CVE-2016-8827
16 Dec 2016 — NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. NVIDIA GeForce Experience 3.x en versiones anteriores a GFE 3.1.0.52 contiene una vulnerabilidad en NVIDIA Web Helper.exe donde el punto final de una web local API, /VisualOPS/v.1.0./, carece de accesos de control apropiados y parámetro... • http://nvidia.custhelp.com/app/answers/detail/a_id/4279 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 40EXPL: 0CVE-2016-4960
https://notcve.org/view.php?id=CVE-2016-4960
08 Nov 2016 — For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege. Para los productos NVIDIA Quadro, NVS y GeForce, el componente de servicio NVIDIA NVStreamKMS.sys está validando incorrectamente los datos suministrados por el usuario a través de sus puntos de entrada de la API lo que causa una elevación de privilegios. • http://nvidia.custhelp.com/app/answers/detail/a_id/4213 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2016-4961
https://notcve.org/view.php?id=CVE-2016-4961
08 Nov 2016 — For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Para los productos NVIDIA Quadro, NVS y GeForce, desinfección inadecuada de los parámetros en la capa de la API NVStreamKMS.sys provoca una vulnerabilidad de denegación de servicio (caída de pantalla azul) dentro de los controladores de gráficos de NVIDIA Windows. • http://nvidia.custhelp.com/app/answers/detail/a_id/4213 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-3161
https://notcve.org/view.php?id=CVE-2016-3161
08 Nov 2016 — For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path. Para los productos NVIDIA Quadro, NVS y GeForce, vulnerabilidades de ruta de servicio no citadas GFE GameStream ... • http://nvidia.custhelp.com/app/answers/detail/a_id/4213 •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-5852
https://notcve.org/view.php?id=CVE-2016-5852
08 Nov 2016 — For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. Para los productos NVIDIA Quadro, NVS y GeForce, vulnerabilidades de ruta de servicio no citadas GFE GameStre... • http://nvidia.custhelp.com/app/answers/detail/a_id/4213 •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 2CVE-2016-8812 – NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8812
29 Oct 2016 — For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges. Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 before 342.00, R367 before 369.59, and R375 en versiones anteriores a 375.... • https://packetstorm.news/files/id/139391 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •