CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42292
https://notcve.org/view.php?id=CVE-2022-42292
07 Feb 2023 — NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31611
https://notcve.org/view.php?id=CVE-2022-31611
07 Feb 2023 — NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42291
https://notcve.org/view.php?id=CVE-2022-42291
07 Feb 2023 — NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. • https://nvidia.custhelp.com/app/answers/detail/a_id/5384 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23175
https://notcve.org/view.php?id=CVE-2021-23175
23 Dec 2021 — NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. NVIDIA GeForce Experience contiene una vulnerabilidad en la autorización de usuarios, en la que GameStream no aplica corre... • https://nvidia.custhelp.com/app/answers/detail/a_id/5295 • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1073
https://notcve.org/view.php?id=CVE-2021-1073
25 Jun 2021 — NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost. NVIDIA GeForce Experience, en todas las version... • https://nvidia.custhelp.com/app/answers/detail/a_id/5199 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1079
https://notcve.org/view.php?id=CVE-2021-1079
20 Apr 2021 — NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite. NVIDIA GeForce Experience, en todas las versiones anteriores a la 3.22, contiene una vulnerabilidad en los pl... • https://nvidia.custhelp.com/app/answers/detail/a_id/5184 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1072
https://notcve.org/view.php?id=CVE-2021-1072
05 Feb 2021 — NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service. NVIDIA GeForce Experience, en todas las versiones anteriores a 3.21, contiene una vulnerabilidad en GameStream (la biblioteca rxdiag.dll) en la que un borrado arbitrario de archivos debido a una gestión inapropiada de los archivos de registro puede conllevar a una denegación de servicio • https://nvidia.custhelp.com/app/answers/detail/a_id/5155 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5978
https://notcve.org/view.php?id=CVE-2020-5978
23 Oct 2020 — NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en sus servicios en que es creada una carpeta mediante el archivo nvcontainer.exe bajo el acceso de usuario normal con privilegios LOCAL_SYSTEM... • https://nvidia.custhelp.com/app/answers/detail/a_id/5076 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5990
https://notcve.org/view.php?id=CVE-2020-5990
23 Oct 2020 — NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en el componente ShadowPlay que puede conllevar a una escalada local de privilegios, una ejecución de código, una denegación de servicio o una divulgación de información • https://nvidia.custhelp.com/app/answers/detail/a_id/5076 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5977
https://notcve.org/view.php?id=CVE-2020-5977
23 Oct 2020 — NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. NVIDIA GeForce Experience, todas las versiones anteriores a 3.20.5.70, contienen una vulnerabilidad en NVIDIA Web Helper NodeJS Web Server en la que es usada una ruta de búsqueda no controlada para cargar un módul... • https://nvidia.custhelp.com/app/answers/detail/a_id/5076 • CWE-426: Untrusted Search Path •