Skip to main content

Nvidia

919 CVEs vendor

Monthly

CVE-2025-23342 HIGH This Week

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Nvdebug
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-23302 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23301 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23262 MEDIUM This Month

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-23261 MEDIUM This Month

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nvidia
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23259 MEDIUM PATCH This Month

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Race Condition Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-23258 HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23257 HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23256 HIGH This Month

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-23315 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23314 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23313 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23312 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23307 HIGH This Month

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Nemo Curator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23306 HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23305 HIGH This Week

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23304 HIGH This Week

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Path Traversal Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-23303 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Nvidia Nemo
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2025-23298 HIGH This Week

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE Python Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23296 HIGH This Week

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE Python Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23295 HIGH This Week

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE Python Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23294 HIGH This Week

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE Denial Of Service Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23335 MEDIUM Monitor

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-23334 MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft Python Information Disclosure +2
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23333 MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft Python Information Disclosure +2
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23331 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23327 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23326 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23325 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-23324 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23323 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23322 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23321 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23320 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Microsoft Python Information Disclosure Triton Inference Server +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23319 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE Buffer Overflow Microsoft +4
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2025-23318 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE Buffer Overflow Microsoft +4
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-23317 CRITICAL This Week

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Buffer Overflow RCE Heap Overflow Denial Of Service +2
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2025-23311 CRITICAL This Week

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Denial Of Service +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-23310 CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Microsoft +4
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-23290 LOW Monitor

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. Rated low severity (CVSS 2.5). No vendor patch available.

Nvidia Information Disclosure
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-23285 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23284 HIGH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23288 LOW Monitor

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23287 LOW Monitor

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23286 MEDIUM PATCH Monitor

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Microsoft Information Disclosure Windows +1
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-23283 HIGH PATCH This Month

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23281 HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE Use After Free Microsoft +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-23279 HIGH PATCH This Month

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Suse
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-23278 HIGH PATCH This Month

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Windows Suse
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23277 HIGH PATCH This Month

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Linux Microsoft Authentication Bypass Denial Of Service +3
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23276 HIGH This Month

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Microsoft Denial Of Service Path Traversal +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23247 MEDIUM Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Cuda Toolkit
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-37900 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Oracle Denial Of Service Nvidia +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37837 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nvidia Linux Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23246 MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23254 HIGH This Week

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Deserialization Python RCE Nvidia
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-23245 MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23244 HIGH PATCH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass RCE Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23253 LOW Monitor

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

OpenSSL Information Disclosure Nvidia RCE Denial Of Service +2
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2025-23251 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Nvidia Nemo
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2025-23250 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Path Traversal Nemo
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2025-23249 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Deserialization Nemo
NVD
CVSS 3.1
7.6
EPSS
1.4%
CVE-2024-0141 MEDIUM This Month

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-0114 HIGH This Week

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-21824 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Nvidia Linux Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-58034 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Nvidia +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49642 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Nvidia Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49092 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning[1] while deleting routes[2] which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nvidia Linux Authentication Bypass Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53879 LOW Monitor

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Cuda Toolkit Windows
NVD VulDB
CVSS 3.1
2.8
EPSS
0.0%
CVE-2024-53878 LOW Monitor

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Cuda Toolkit Windows
NVD VulDB
CVSS 3.1
2.8
EPSS
0.0%
CVE-2024-53877 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Null Pointer Dereference Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53876 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53875 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53874 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53873 LOW Monitor

NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nvidia Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53872 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53871 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-53870 LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-0148 HIGH This Week

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE Denial Of Service
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-23359 HIGH POC PATCH This Week

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Nvidia Information Disclosure RCE Denial Of Service Nvidia Container Toolkit +3
NVD
CVSS 3.1
8.3
EPSS
3.7%
CVE-2024-53880 MEDIUM Monitor

NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-0145 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Heap Overflow RCE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0144 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0143 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0142 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0112 HIGH This Week

NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure RCE Privilege Escalation Denial Of Service Nvidia
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-0131 MEDIUM PATCH Monitor

NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Windows Suse
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-53881 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53869 MEDIUM PATCH This Month

NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0150 HIGH PATCH This Month

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Nvidia Microsoft +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
EPSS 0% CVSS 8.2
HIGH This Week

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia +2
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nvidia
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Information Disclosure Nvidia +2
NVD
EPSS 0% CVSS 7.3
HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
EPSS 0% CVSS 7.3
HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
EPSS 0% CVSS 8.7
HIGH This Month

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Path Traversal +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Nvidia +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Nvidia RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE +2
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft +3
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +3
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +3
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Microsoft Python +3
NVD
EPSS 1% CVSS 8.1
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE +6
NVD
EPSS 0% CVSS 8.1
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia RCE +6
NVD
EPSS 3% CVSS 9.1
CRITICAL This Week

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Buffer Overflow RCE +4
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow +4
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow +6
NVD
EPSS 0% CVSS 2.5
LOW Monitor

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. Rated low severity (CVSS 2.5). No vendor patch available.

Nvidia Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow +3
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow +4
NVD
EPSS 0% CVSS 7.0
HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Month

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service RCE Nvidia +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Month

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Linux Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Microsoft +4
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Cuda Toolkit
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Oracle +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nvidia Linux Information Disclosure +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Deserialization Python +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass RCE +3
NVD
EPSS 0% CVSS 2.5
LOW Monitor

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

OpenSSL Information Disclosure Nvidia +4
NVD
EPSS 0% CVSS 7.6
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Nvidia +1
NVD
EPSS 0% CVSS 7.6
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Path Traversal +1
NVD
EPSS 1% CVSS 7.6
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Deserialization +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
EPSS 0% CVSS 8.1
HIGH This Week

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Nvidia Linux Information Disclosure +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Nvidia +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning[1] while deleting routes[2] which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nvidia Linux Authentication Bypass +3
NVD
EPSS 0% CVSS 2.8
LOW Monitor

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 2.8
LOW Monitor

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nvidia Buffer Overflow +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 7.6
HIGH This Week

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE +1
NVD
EPSS 4% CVSS 8.3
HIGH POC PATCH This Week

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Nvidia Information Disclosure RCE +5
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Nvidia Denial Of Service +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure RCE Privilege Escalation +2
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Suse
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +5
NVD
Prev Page 3 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy