Nvidia Corporation Geforce Experience vulnerabilities

CVE-2019-5674 [HIGH] CWE-59 CVE-2019-5674: NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enab NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.

CVE-2018-6265 [HIGH] CVE-2018-6265: NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

CVE-2018-6263 [HIGH] CVE-2018-6263: NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

CVE-2018-6266 [MEDIUM] CWE-200 CVE-2018-6266: NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.

CVE-2018-6261 [HIGH] CWE-732 CVE-2018-6261: NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which se NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.

CVE-2018-6262 [LOW] CWE-200 CVE-2018-6262: NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where li NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

CVE-2017-0316 [HIGH] CWE-20 CVE-2017-0316: In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerabilit In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

CVE-2017-6250 [HIGH] CVE-2017-6250: NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.

CVE-2016-8827 [MEDIUM] CWE-22 CVE-2016-8827: NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.