Vulnerabilities > Nvidia > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-08 CVE-2021-1051 Improper Privilege Management vulnerability in Nvidia GPU Driver
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display configuration data, which may result in denial of service of the display.
local
low complexity
nvidia CWE-269
8.4
2020-11-11 CVE-2020-5992 Uncontrolled Search Path Element vulnerability in Nvidia Geforce NOW
NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.
local
low complexity
nvidia CWE-427
7.8
2020-10-30 CVE-2020-5991 Out-of-bounds Write vulnerability in Nvidia Cuda Toolkit
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
local
low complexity
nvidia CWE-787
7.8
2020-10-23 CVE-2020-5990 Unspecified vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
local
low complexity
nvidia
7.8
2020-10-23 CVE-2020-5978 Unspecified vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
local
low complexity
nvidia
7.8
2020-10-23 CVE-2020-5977 Untrusted Search Path vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
local
low complexity
nvidia CWE-426
7.8
2020-10-02 CVE-2020-5988 Double Free vulnerability in Nvidia Virtual GPU Manager
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service.
local
low complexity
nvidia CWE-415
7.1
2020-10-02 CVE-2020-5987 Incomplete Cleanup vulnerability in Nvidia Virtual GPU Manager
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges.
local
low complexity
nvidia CWE-459
7.8
2020-10-02 CVE-2020-5985 Improper Input Validation vulnerability in Nvidia Virtual GPU Manager
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service.
local
low complexity
nvidia CWE-20
7.1
2020-10-02 CVE-2020-5984 Use After Free vulnerability in Nvidia Virtual GPU Manager
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure.
local
low complexity
nvidia CWE-416
7.8