CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6258
https://notcve.org/view.php?id=CVE-2018-6258
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information. NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial durante la instalación de GameStream en la que un atacante que tenga acceso al sistema puede llevar a cabo un ataque Man-in-the-Middle (MitM) para obtener información sensible. • https://nvidia.custhelp.com/app/answers/detail/a_id/4685 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6257
https://notcve.org/view.php?id=CVE-2018-6257
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.14.1, contiene una vulnerabilidad potencial cuando GameStream está habilitado, donde un control de acceso incorrecto podría conducir a una denegación de servicio (DoS), escalado de privilegios o ambos. • https://nvidia.custhelp.com/app/answers/detail/a_id/4685 •
CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6242
https://notcve.org/view.php?id=CVE-2018-6242
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. Algunas distribuciones de procesadores móviles NVIDIA Tegra anteriores al 2016 contienen una vulnerabilidad de desbordamiento de búfer en BootROM Recovery Mode (RCM). Un atacante con acceso físico al USB del dispositivo y la capacidad para forzar que el dispositivo se reinicie en RCM podría explotar esta vulnerabilidad para ejecutar código no verificado. • http://nvidia.custhelp.com/app/answers/detail/a_id/4660 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6250
https://notcve.org/view.php?id=CVE-2018-6250
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges. NVIDIA Windows GPU Display Driver contiene una vulnerabilidad en el controlador de capas del modo kernel (nvlddmkm.sys) para DxgkDdiEscape, lo que podría provocar una desreferencia de puntero NULL que condujera a una denegación de servicio o un posible escalado de privilegios. • http://nvidia.custhelp.com/app/answers/detail/a_id/4649 • CWE-476: NULL Pointer Dereference •