Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for NVIDIA GeForce Experience Software by NVIDIA

    CVE-2021-23175 (GCVE-0-2021-23175)

    Vulnerability from nvd – Published: 2021-12-23 16:05 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
    CWE
    • CWE:285 Improper Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.24.0.126
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.24.0.126"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE:285 Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-23T16:05:10.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.24.0.126"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.2,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE:285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23175",
        "datePublished": "2021-12-23T16:05:10.000Z",
        "dateReserved": "2021-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1073 (GCVE-0-2021-1073)

    Vulnerability from nvd – Published: 2021-06-25 19:25 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
    CWE
    • denial of service, information disclosure, or data loss
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service, information disclosure, or data loss",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-13T11:12:55.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service, information disclosure, or data loss"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1073",
        "datePublished": "2021-06-25T19:25:10.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1079 (GCVE-0-2021-1079)

    Vulnerability from nvd – Published: 2021-04-20 14:20 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
    CWE
    • code execution, denial of service, or local privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.22
    Create a notification for this product.
    Credits
    NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, or local privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-15T14:03:56.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, or local privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1079",
        "datePublished": "2021-04-20T14:20:11.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1072 (GCVE-0-2021-1072)

    Vulnerability from nvd – Published: 2021-02-05 19:40 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.21
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-05T19:40:12.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1072",
        "datePublished": "2021-02-05T19:40:12.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5990 (GCVE-0-2020-5990)

    Vulnerability from nvd – Published: 2020-10-23 17:35 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, escalation of privileges, and information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.20.5.70
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.5.70"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, escalation of privileges, and information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T17:35:16.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2020-5990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.5.70"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, escalation of privileges, and information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2020-5990",
        "datePublished": "2020-10-23T17:35:16.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5978 (GCVE-0-2020-5978)

    Vulnerability from nvd – Published: 2020-10-23 17:35 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • denial of service, escalation of privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.20.5.70
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.5.70"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service, escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T17:35:16.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2020-5978",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.5.70"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service, escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2020-5978",
        "datePublished": "2020-10-23T17:35:16.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.075Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5977 (GCVE-0-2020-5977)

    Vulnerability from nvd – Published: 2020-10-23 17:35 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, escalation of privileges, and information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.20.5.70
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.5.70"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, escalation of privileges, and information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T17:35:15.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2020-5977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.5.70"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, escalation of privileges, and information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2020-5977",
        "datePublished": "2020-10-23T17:35:15.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23175 (GCVE-0-2021-23175)

    Vulnerability from cvelistv5 – Published: 2021-12-23 16:05 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
    CWE
    • CWE:285 Improper Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.24.0.126
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.24.0.126"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE:285 Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-23T16:05:10.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.24.0.126"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.2,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE:285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5295"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23175",
        "datePublished": "2021-12-23T16:05:10.000Z",
        "dateReserved": "2021-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1073 (GCVE-0-2021-1073)

    Vulnerability from cvelistv5 – Published: 2021-06-25 19:25 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
    CWE
    • denial of service, information disclosure, or data loss
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service, information disclosure, or data loss",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-13T11:12:55.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user\u2019s account is compromised. This may lead to the targeted user\u2019s data being accessed, altered, or lost."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service, information disclosure, or data loss"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1073",
        "datePublished": "2021-06-25T19:25:10.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1079 (GCVE-0-2021-1079)

    Vulnerability from cvelistv5 – Published: 2021-04-20 14:20 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
    CWE
    • code execution, denial of service, or local privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.22
    Create a notification for this product.
    Credits
    NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, or local privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-15T14:03:56.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, or local privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5184"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1079",
        "datePublished": "2021-04-20T14:20:11.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1072 (GCVE-0-2021-1072)

    Vulnerability from cvelistv5 – Published: 2021-02-05 19:40 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.21
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-05T19:40:12.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5155"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1072",
        "datePublished": "2021-02-05T19:40:12.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5990 (GCVE-0-2020-5990)

    Vulnerability from cvelistv5 – Published: 2020-10-23 17:35 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, escalation of privileges, and information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.20.5.70
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.5.70"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, escalation of privileges, and information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T17:35:16.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2020-5990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.5.70"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, escalation of privileges, and information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2020-5990",
        "datePublished": "2020-10-23T17:35:16.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5978 (GCVE-0-2020-5978)

    Vulnerability from cvelistv5 – Published: 2020-10-23 17:35 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • denial of service, escalation of privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.20.5.70
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.5.70"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service, escalation of privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T17:35:16.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2020-5978",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.5.70"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service, escalation of privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2020-5978",
        "datePublished": "2020-10-23T17:35:16.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.075Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5977 (GCVE-0-2020-5977)

    Vulnerability from cvelistv5 – Published: 2020-10-23 17:35 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
    Severity
    No CVSS data available.
    CWE
    • code execution, denial of service, escalation of privileges, and information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GeForce Experience Software Affected: All versions prior to 3.20.5.70
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GeForce Experience Software",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.20.5.70"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "code execution, denial of service, escalation of privileges, and information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T17:35:15.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2020-5977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GeForce Experience Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.20.5.70"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "code execution, denial of service, escalation of privileges, and information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2020-5977",
        "datePublished": "2020-10-23T17:35:15.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }