Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for NVIDIA GeForce Experience by NVIDIA

    CVE-2019-5695 (GCVE-0-2019-5695)

    Vulnerability from nvd – Published: 2019-11-12 20:14 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
    Severity
    No CVSS data available.
    CWE
    • denial of service or information disclosure through code execution
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 3.20.1"
                }
              ]
            },
            {
              "product": "NVIDIA Windows GPU Display Driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service or information disclosure through code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-18T18:28:04.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 3.20.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NVIDIA Windows GPU Display Driver",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service or information disclosure through code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
                },
                {
                  "name": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695",
                  "refsource": "MISC",
                  "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5695",
        "datePublished": "2019-11-12T20:14:54.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5701 (GCVE-0-2019-5701)

    Vulnerability from nvd – Published: 2019-11-09 01:48 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
    Severity
    No CVSS data available.
    CWE
    • denial of service, information disclosure, or escalation of privileges through code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Affected: before 3.20.0.118
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 3.20.0.118"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service, information disclosure, or escalation of privileges through code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T19:03:15.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 3.20.0.118"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service, information disclosure, or escalation of privileges through code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
                },
                {
                  "name": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md",
                  "refsource": "MISC",
                  "url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5701",
        "datePublished": "2019-11-09T01:48:50.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5689 (GCVE-0-2019-5689)

    Vulnerability from nvd – Published: 2019-11-09 01:37 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, or information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Affected: All versions prior to 3.20.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, or information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-09T01:37:35.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, or information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5689",
        "datePublished": "2019-11-09T01:37:35.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5678 (GCVE-0-2019-5678)

    Vulnerability from nvd – Published: 2019-05-31 21:12 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, information disclosure
    Assigner
    References
    Impacted products
    Date Public
    2019-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.047Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.19"
                }
              ]
            }
          ],
          "datePublic": "2019-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-19T03:06:04.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-27815",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5678",
        "datePublished": "2019-05-31T21:12:01.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5695 (GCVE-0-2019-5695)

    Vulnerability from cvelistv5 – Published: 2019-11-12 20:14 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
    Severity
    No CVSS data available.
    CWE
    • denial of service or information disclosure through code execution
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 3.20.1"
                }
              ]
            },
            {
              "product": "NVIDIA Windows GPU Display Driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service or information disclosure through code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-18T18:28:04.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 3.20.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NVIDIA Windows GPU Display Driver",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service or information disclosure through code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
                },
                {
                  "name": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695",
                  "refsource": "MISC",
                  "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5695",
        "datePublished": "2019-11-12T20:14:54.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5701 (GCVE-0-2019-5701)

    Vulnerability from cvelistv5 – Published: 2019-11-09 01:48 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
    Severity
    No CVSS data available.
    CWE
    • denial of service, information disclosure, or escalation of privileges through code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Affected: before 3.20.0.118
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 3.20.0.118"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service, information disclosure, or escalation of privileges through code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T19:03:15.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 3.20.0.118"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service, information disclosure, or escalation of privileges through code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
                },
                {
                  "name": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md",
                  "refsource": "MISC",
                  "url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5701",
        "datePublished": "2019-11-09T01:48:50.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5689 (GCVE-0-2019-5689)

    Vulnerability from cvelistv5 – Published: 2019-11-09 01:37 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, or information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Affected: All versions prior to 3.20.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, or information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-09T01:37:35.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, or information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5689",
        "datePublished": "2019-11-09T01:37:35.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5678 (GCVE-0-2019-5678)

    Vulnerability from cvelistv5 – Published: 2019-05-31 21:12 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, information disclosure
    Assigner
    References
    Impacted products
    Date Public
    2019-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:52.047Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.19"
                }
              ]
            }
          ],
          "datePublic": "2019-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-19T03:06:04.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-27815",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-27815"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5678",
        "datePublished": "2019-05-31T21:12:01.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:52.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }