Skip to main content

Geforce Experience

34 CVEs product

Monthly

CVE-2021-23175 HIGH This Week

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Authentication Bypass Geforce Experience
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-1073 HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2021-1079 MEDIUM This Month

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Nvidia Denial Of Service Geforce Experience
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-1072 HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5990 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5978 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5977 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5964 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft RCE Nvidia Information Disclosure +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5958 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft RCE Nvidia Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5957 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Quadro Firmware Geforce Experience +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-5702 HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5695 MEDIUM POC PATCH This Month

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Nvidia Microsoft RCE +2
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-5701 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Information Disclosure Nvidia Intel RCE +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5689 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Information Disclosure RCE Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-5678 HIGH PATCH This Week

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Information Disclosure RCE Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-5676 MEDIUM This Month

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft RCE Gpu Display Driver Geforce Experience
NVD VulDB
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-5674 HIGH PATCH This Week

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service RCE Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-6266 MEDIUM PATCH This Month

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Nvidia Geforce Experience
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6265 HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Nvidia Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6263 HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Nvidia Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6262 LOW Monitor

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to. Rated low severity (CVSS 2.5). No vendor patch available.

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.0
2.5
EPSS
0.2%
CVE-2018-6261 HIGH This Week

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia RCE Denial Of Service Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-6259 LOW PATCH Monitor

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.0
2.5
EPSS
0.2%
CVE-2018-6258 MEDIUM PATCH This Month

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a. Rated medium severity (CVSS 4.7).

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-6257 HIGH PATCH This Week

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2017-0316 HIGH This Week

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-14491 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service RCE Dnsmasq +20
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.8%
Threat
5.2
CVE-2017-6250 HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Nvidia Geforce Experience
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-8827 MEDIUM This Month

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.1
6.5
EPSS
6.0%
CVE-2016-8812 HIGH POC PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Nvidia Buffer Overflow Geforce Experience
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-5852 HIGH PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Information Disclosure Microsoft Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-4961 MEDIUM PATCH This Month

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft Geforce Experience
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-4960 HIGH PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2016-3161 HIGH PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Information Disclosure Microsoft Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.1%
EPSS 0% CVSS 8.2
HIGH This Week

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure +2
NVD
EPSS 1% CVSS 8.3
HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Information Disclosure Geforce Experience
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Nvidia +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Nvidia Geforce Experience
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Nvidia +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft RCE +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft RCE +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Geforce Experience
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Nvidia +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Information Disclosure Nvidia +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Information Disclosure +2
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft RCE +2
NVD VulDB
EPSS 1% CVSS 7.0
HIGH PATCH This Week

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Nvidia +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Nvidia +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Nvidia +1
NVD
EPSS 0% CVSS 2.5
LOW Monitor

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to. Rated low severity (CVSS 2.5). No vendor patch available.

Nvidia Information Disclosure Geforce Experience
NVD
EPSS 0% CVSS 7.0
HIGH This Week

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia RCE Denial Of Service +1
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Information Disclosure Geforce Experience
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a. Rated medium severity (CVSS 4.7).

Nvidia Information Disclosure Geforce Experience
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service Geforce Experience
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
EPSS 58% 5.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service +22
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Nvidia Geforce Experience
NVD
EPSS 6% CVSS 6.5
MEDIUM This Month

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Nvidia Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Nvidia Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Nvidia Information Disclosure Geforce Experience
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Information Disclosure Microsoft +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy