cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-42292,https://securityvulnerability.io/vulnerability/CVE-2022-42292,Symbolic Link Vulnerability in NVIDIA GeForce Experience,"NVIDIA GeForce Experience is vulnerable due to a flaw in the NVContainer component, allowing non-administrative users to create symbolic links to files that require elevated privileges. This improper handling can enable users to perform unauthorized actions, potentially leading to denial of service, privilege escalation, or limited tampering with data. Organizations utilizing GeForce Experience should assess their security posture and apply appropriate mitigations to protect against exploitation of this vulnerability.",Nvidia,Geforce Experience,5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-12T04:15:00.000Z,0
CVE-2022-31611,https://securityvulnerability.io/vulnerability/CVE-2022-31611,Uncontrolled Search Path Vulnerability in NVIDIA GeForce Experience Installers,"NVIDIA GeForce Experience is affected by an uncontrolled search path vulnerability in its client installers. This issue allows an attacker with user-level privileges to manipulate the installer, potentially causing it to load an arbitrary Dynamic Link Library (DLL) upon launch. Should the exploit be successful, it may result in privilege escalation and unauthorized code execution, posing serious risks to users' systems and data security.",Nvidia,Geforce Experience,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-07T02:22:19.812Z,0
CVE-2022-42291,https://securityvulnerability.io/vulnerability/CVE-2022-42291,Data Tampering Risk in NVIDIA GeForce Experience Installer,"NVIDIA GeForce Experience has a vulnerability in its installer that could allow users to unintentionally delete data from a connected location during the installation process. This vulnerability arises when users run the installer from a compromised directory. While an attacker does not have direct control over the exploitation, awareness of the installation source is crucial to prevent unintended data loss.",Nvidia,Geforce Experience,8.2,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-02-07T02:16:07.803Z,0
CVE-2021-23175,https://securityvulnerability.io/vulnerability/CVE-2021-23175,NVIDIA GeForce Experience User Authorization Vulnerability,"NVIDIA GeForce Experience suffers from a vulnerability in its user authorization mechanisms. The GameStream feature inadequately enforces individual user access controls, which may allow users on the same device, with the right circumstances, to escalate their privileges. This could lead to unauthorized access to sensitive information, data tampering, or even denial of service, thereby affecting resources beyond the intended security scope of GameStream.",Nvidia,Nvidia Geforce Experience Software,8.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-23T16:05:10.000Z,0
CVE-2021-1073,https://securityvulnerability.io/vulnerability/CVE-2021-1073,Session Hijacking Vulnerability in NVIDIA GeForce Experience,"A vulnerability exists in NVIDIA GeForce Experience that arises during user login via a browser while other web pages are active in different tabs. This issue can allow malicious web pages to access the token associated with the user's session, potentially leading to unauthorized access to the user's account. Compromised accounts may result in sensitive data being accessed, altered, or permanently lost, thereby posing significant risks to user security.",Nvidia,Nvidia Geforce Experience Software,8.3,HIGH,0.001990000018849969,false,,false,false,false,,,false,false,,2021-06-25T19:25:10.000Z,0
CVE-2021-1079,https://securityvulnerability.io/vulnerability/CVE-2021-1079,Code Execution and Privilege Escalation in NVIDIA GeForce Experience,"NVIDIA GeForce Experience, prior to version 3.22, contains a vulnerability in its GameStream plugins where log files are generated with NT/System level permissions. This flaw can potentially allow local attackers to execute arbitrary code, disrupt services, or escalate privileges. However, the attacker does not have control over the results of the modification, nor can they leak information due to the overwrite mechanism.",Nvidia,Nvidia Geforce Experience Software,6.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-20T14:20:11.000Z,0
CVE-2021-1072,https://securityvulnerability.io/vulnerability/CVE-2021-1072,Arbitrary File Deletion Vulnerability in NVIDIA GeForce Experience,"NVIDIA GeForce Experience, in all versions prior to 3.21, features a vulnerability in the GameStream component (specifically within rxdiag.dll) that allows for arbitrary file deletion. This flaw arises from improper handling of log files, potentially leading to service disruptions or denial of service to users. It’s crucial for users to update to the latest version to protect against such vulnerabilities.",Nvidia,Nvidia Geforce Experience Software,6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-02-05T19:40:12.000Z,0
CVE-2020-5990,https://securityvulnerability.io/vulnerability/CVE-2020-5990,Local Privilege Escalation Vulnerability in NVIDIA GeForce Experience,"NVIDIA GeForce Experience versions earlier than 3.20.5.70 are susceptible to a vulnerability within the ShadowPlay component. This flaw may enable attackers to escalate privileges locally, execute arbitrary code, cause a denial of service, or potentially disclose sensitive information, affecting user security and system integrity.",Nvidia,Nvidia Geforce Experience Software,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-23T17:35:16.000Z,0
CVE-2020-5978,https://securityvulnerability.io/vulnerability/CVE-2020-5978,Privilege Escalation and Denial of Service Vulnerability in NVIDIA GeForce Experience,"NVIDIA GeForce Experience versions prior to 3.20.5.70 are affected by a vulnerability wherein a folder is created by the nvcontainer.exe service under normal user login with LOCAL_SYSTEM privileges. This flaw can lead to a denial of service or unauthorized escalation of privileges, potentially allowing an attacker to manipulate system resources and compromise user security.",Nvidia,Nvidia Geforce Experience Software,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-23T17:35:16.000Z,0
CVE-2020-5977,https://securityvulnerability.io/vulnerability/CVE-2020-5977,Uncontrolled Search Path Vulnerability in NVIDIA GeForce Experience,"A vulnerability exists in NVIDIA GeForce Experience due to an uncontrolled search path in the NodeJS web server utilized by NVIDIA Web Helper. This flaw can potentially allow malicious actors to execute arbitrary code, escalate privileges, and disclose sensitive information, as well as instigate denial of service conditions. Users are advised to update to version 3.20.5.70 or later to mitigate these risks.",Nvidia,Nvidia Geforce Experience Software,7.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2020-10-23T17:35:15.000Z,0
CVE-2019-5702,https://securityvulnerability.io/vulnerability/CVE-2019-5702,,"NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.",Nvidia,Geforce Experience,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-12-24T21:05:26.000Z,0
CVE-2019-5695,https://securityvulnerability.io/vulnerability/CVE-2019-5695,,"NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.",Nvidia,"Nvidia Geforce Experience,Nvidia Windows Gpu Display Driver",6.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-11-12T20:14:54.000Z,0
CVE-2019-5701,https://securityvulnerability.io/vulnerability/CVE-2019-5701,,"NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.",Nvidia,Nvidia Geforce Experience,7.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2019-11-09T01:48:50.000Z,0
CVE-2019-5689,https://securityvulnerability.io/vulnerability/CVE-2019-5689,,"NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.",Nvidia,Nvidia Geforce Experience,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-11-09T01:37:35.000Z,0
CVE-2019-5678,https://securityvulnerability.io/vulnerability/CVE-2019-5678,,"NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.",Nvidia,Nvidia Geforce Experience,7.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2019-05-31T21:12:01.000Z,0
CVE-2019-5674,https://securityvulnerability.io/vulnerability/CVE-2019-5674,,"NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.",Nvidia,Geforce Experience,7,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2019-03-28T14:09:11.000Z,0
CVE-2018-6266,https://securityvulnerability.io/vulnerability/CVE-2018-6266,,"NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.",Nvidia,Geforce Experience,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-11-19T00:00:00.000Z,0
CVE-2018-6265,https://securityvulnerability.io/vulnerability/CVE-2018-6265,,"NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.",Nvidia,Geforce Experience,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-11-19T00:00:00.000Z,0
CVE-2018-6263,https://securityvulnerability.io/vulnerability/CVE-2018-6263,,"NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.",Nvidia,Geforce Experience,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-11-19T00:00:00.000Z,0
CVE-2018-6262,https://securityvulnerability.io/vulnerability/CVE-2018-6262,,"NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.",Nvidia,Geforce Experience,2.5,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-09-27T00:00:00.000Z,0
CVE-2018-6261,https://securityvulnerability.io/vulnerability/CVE-2018-6261,,"NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.",Nvidia,Geforce Experience,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-09-27T00:00:00.000Z,0
CVE-2018-6259,https://securityvulnerability.io/vulnerability/CVE-2018-6259,,"NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.",Nvidia,Nvidia Geforce Experience,2.5,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-08-30T00:00:00.000Z,0
CVE-2018-6257,https://securityvulnerability.io/vulnerability/CVE-2018-6257,,"NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.",Nvidia,Nvidia Geforce Experience,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-08-30T00:00:00.000Z,0
CVE-2018-6258,https://securityvulnerability.io/vulnerability/CVE-2018-6258,,NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.,Nvidia,Nvidia Geforce Experience,4.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-08-30T00:00:00.000Z,0
CVE-2017-0316,https://securityvulnerability.io/vulnerability/CVE-2017-0316,,"In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.",Nvidia,Geforce Experience,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-10-16T00:00:00.000Z,0