CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6257
https://notcve.org/view.php?id=CVE-2018-6257
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial cuando GameStream está habilitado, donde un control de acceso incorrecto podría conducir a una denegación de servicio (DoS), escalado de privilegios o ambos. • https://nvidia.custhelp.com/app/answers/detail/a_id/4685 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0316
https://notcve.org/view.php?id=CVE-2017-0316
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. En GeForce Experience (GFE) en versiones 3.x anteriores a la 3.10.0.55, NVIDIA Installer Framework contiene una vulnerabilidad en NVISystemService64 donde un valor pasado desde un usuario al controlador se usa sin validación, lo que podría conducir a una denegación de servicio o una posible escalada de privilegios. • http://nvidia.custhelp.com/app/answers/detail/a_id/4560 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 30%CPEs: 54EXPL: 3CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability. • https://www.exploit-db.com/exploits/42941 https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6250
https://notcve.org/view.php?id=CVE-2017-6250
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. NVIDIA GeForce Experience contiene una vulnerabilidad en NVIDIA Web Helper.exe, donde la ejecución de un script no confiable puede llevar a la violación de la política de ejecución de aplicaciones y a la ejecución de código local. • http://nvidia.custhelp.com/app/answers/detail/a_id/4459 http://www.securityfocus.com/bid/98393 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8827
https://notcve.org/view.php?id=CVE-2016-8827
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. NVIDIA GeForce Experience 3.x en versiones anteriores a GFE 3.1.0.52 contiene una vulnerabilidad en NVIDIA Web Helper.exe donde el punto final de una web local API, /VisualOPS/v.1.0./, carece de accesos de control apropiados y parámetros de validación, permitiendo divulgación de información a través de un ataque de salto de directorio. • http://nvidia.custhelp.com/app/answers/detail/a_id/4279 http://www.securityfocus.com/bid/94964 https://nvidia.custhelp.com/app/answers/detail/a_id/5033 https://nvidia.custhelp.com/app/answers/detail/a_id/5155 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •