Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-16 CVE-2016-8827 Path Traversal vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
network
low complexity
nvidia CWE-22
5.0
2016-12-16 CVE-2016-8826 Resource Management Errors vulnerability in Nvidia GPU Driver
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service.
local
low complexity
nvidia linux microsoft CWE-399
4.9
2016-12-16 CVE-2016-8820 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.
local
low complexity
nvidia microsoft CWE-20
5.6
2016-11-08 CVE-2016-7383 Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia microsoft CWE-264
6.1
2016-11-08 CVE-2016-5025 Improper Input Validation vulnerability in Nvidia GPU Driver
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
local
low complexity
nvidia CWE-20
6.1
2016-11-08 CVE-2016-4961 Improper Input Validation vulnerability in Nvidia Geforce Experience
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
local
low complexity
nvidia CWE-20
4.9
2016-11-08 CVE-2016-4960 Improper Input Validation vulnerability in Nvidia Geforce Experience
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
local
nvidia CWE-20
6.9
2015-11-24 CVE-2015-8328 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors.
6.6
2015-11-24 CVE-2015-7869 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access.
6.6
2015-09-30 CVE-2015-5950 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Display Driver and GPU Driver
The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.
6.9