Filtered by vendor Nvidia
Subscribe
Total
721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-33192 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 5.7 MEDIUM |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.
|
|||||
| CVE-2025-33193 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 5.7 MEDIUM |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.
|
|||||
| CVE-2025-33205 | 1 Nvidia | 1 Nemo | 2025-12-02 | N/A | 7.3 HIGH |
|
NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.
|
|||||
| CVE-2025-33204 | 1 Nvidia | 1 Nemo | 2025-12-02 | N/A | 7.8 HIGH |
|
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-33195 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 4.4 MEDIUM |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.
|
|||||
| CVE-2025-33196 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 4.4 MEDIUM |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
|
|||||
| CVE-2025-33197 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 4.3 MEDIUM |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
|
|||||
| CVE-2025-33198 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 3.3 LOW |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
|
|||||
| CVE-2025-33199 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 3.2 LOW |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.
|
|||||
| CVE-2025-33200 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 2.3 LOW |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
|
|||||
| CVE-2025-33178 | 1 Nvidia | 1 Nemo | 2025-11-19 | N/A | 7.8 HIGH |
|
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.
|
|||||
| CVE-2025-23361 | 1 Nvidia | 1 Nemo | 2025-11-19 | N/A | 7.8 HIGH |
|
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2024-0107 | 2 Microsoft, Nvidia | 8 Windows, Cloud Gaming, Geforce and 5 more | 2025-11-04 | N/A | 7.8 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23340 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
|
|||||
| CVE-2025-23339 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running
cuobjdump.
|
|||||
| CVE-2025-23338 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.
|
|||||
| CVE-2025-23308 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.
|
|||||
| CVE-2025-23271 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
|
|||||
| CVE-2025-23295 | 1 Nvidia | 1 Apex | 2025-10-22 | N/A | 7.8 HIGH |
|
NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23355 | 2 Microsoft, Nvidia | 2 Windows, Nsight Graphics | 2025-10-22 | N/A | 6.7 MEDIUM |
|
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
|
|||||
| CVE-2025-23242 | 2 Linux, Nvidia | 2 Linux Kernel, Riva | 2025-10-16 | N/A | 7.3 HIGH |
|
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure.
|
|||||
| CVE-2025-23243 | 2 Linux, Nvidia | 2 Linux Kernel, Riva | 2025-10-16 | N/A | 6.5 MEDIUM |
|
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service.
|
|||||
| CVE-2025-23354 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
|
|||||
| CVE-2025-23348 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23349 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23353 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
|
|||||
| CVE-2024-0081 | 1 Nvidia | 1 Nemo | 2025-10-10 | N/A | 8.6 HIGH |
|
NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.
|
|||||
| CVE-2023-31031 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-10-09 | N/A | 4.2 MEDIUM |
|
NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.
|
|||||
| CVE-2025-23268 | 1 Nvidia | 1 Triton Inference Server | 2025-10-08 | N/A | 8.0 HIGH |
|
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution.
|
|||||
| CVE-2025-23248 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-10-06 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
|
|||||
| CVE-2025-23255 | 1 Nvidia | 1 Cuda Toolkit | 2025-10-06 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of service.
|
|||||
| CVE-2025-23273 | 3 Linux, Microsoft, Nvidia | 6 Linux Kernel, Windows, Cuda Toolkit and 3 more | 2025-10-06 | N/A | 2.5 LOW |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service.
|
|||||
| CVE-2025-23275 | 3 Linux, Microsoft, Nvidia | 6 Linux Kernel, Windows, Cuda Toolkit and 3 more | 2025-10-06 | N/A | 4.2 MEDIUM |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.
|
|||||
| CVE-2025-23346 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-10-06 | N/A | 3.3 LOW |
|
NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.
|
|||||
| CVE-2024-0137 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2025-10-06 | N/A | 5.5 MEDIUM |
|
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.
|
|||||
| CVE-2024-0136 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2025-10-06 | N/A | 7.6 HIGH |
|
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2024-0135 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2025-10-06 | N/A | 7.6 HIGH |
|
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23247 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-10-03 | N/A | 4.4 MEDIUM |
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.
|
|||||
| CVE-2025-23307 | 1 Nvidia | 1 Nemo Curator | 2025-10-01 | N/A | 7.8 HIGH |
|
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23265 | 1 Nvidia | 1 Megatron-lm | 2025-10-01 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
|
|||||