cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23359,https://securityvulnerability.io/vulnerability/CVE-2025-23359,Time-of-Check Time-of-Use Vulnerability in NVIDIA Container Toolkit for Linux,"The NVIDIA Container Toolkit for Linux is susceptible to a Time-of-Check Time-of-Use (TOCTOU) vulnerability, especially when operated under its default configuration. This flaw allows maliciously crafted container images to potentially access the host file system. Successful exploitation could result in various security issues, including unauthorized code execution, denial of service, elevated user privileges, and even sensitive data exposure or manipulation.",Nvidia,"Container Toolkit,Gpu Operator",8.3,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T00:52:43.646Z,0
CVE-2024-0146,https://securityvulnerability.io/vulnerability/CVE-2024-0146,Memory Corruption Vulnerability in NVIDIA Virtual GPU Manager,"NVIDIA vGPU software features a vulnerability in the Virtual GPU Manager that can be exploited by a malicious guest. This security flaw enables potential attackers to corrupt memory, possibly leading to unauthorized code execution, denial of service attacks, information disclosure, or alteration of data. It is crucial for users and system administrators relying on NVIDIA's virtual GPU technology to stay informed about this vulnerability and apply necessary mitigations.",Nvidia,Nvidia Vgpu Software,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T04:09:24.737Z,0
CVE-2024-0150,https://securityvulnerability.io/vulnerability/CVE-2024-0150,Buffer Overflow Vulnerability in NVIDIA GPU Display Driver for Windows and Linux,"The NVIDIA GPU display driver for both Windows and Linux is susceptible to a buffer overflow vulnerability, which allows data to be erroneously written either past the end or before the beginning of a designated buffer. This flaw can potentially enable attackers to exploit the system, leading to significant risks such as information disclosure, denial of service, or unauthorized data alteration. It is essential for users and administrators to apply recommended security measures to safeguard their systems against potential exploits associated with this vulnerability.",Nvidia,"Nvidia Gpu Display Driver, Vgpu Software",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:26:55.489Z,0
CVE-2024-0136,https://securityvulnerability.io/vulnerability/CVE-2024-0136,Improper Isolation in NVIDIA Container Toolkit Leading to Host Device Access,"The NVIDIA Container Toolkit presents an improper isolation vulnerability that occurs due to its specific configuration. When configured in a non-default way, a specially crafted container image can exploit this flaw, potentially allowing untrusted code to gain read and write access to host devices. This could lead to serious impacts, including unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering. Ensuring proper configuration is essential to mitigate risks associated with this vulnerability.",Nvidia,"Nvidia Container Toolkit,Nvidia Gpu Operator",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:09:53.568Z,0
CVE-2024-0135,https://securityvulnerability.io/vulnerability/CVE-2024-0135,Improper Isolation in NVIDIA Container Toolkit Exposes Host Binary to Risks,"The NVIDIA Container Toolkit exhibits an improper isolation vulnerability that can be exploited through specially crafted container images. This weakness may allow attackers to modify host binaries, potentially leading to a range of security risks including unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering. Organizations leveraging the toolkit are urged to apply the latest updates to mitigate these threats.",Nvidia,"Nvidia Container Toolkit,Nvidia Gpu Operator",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:09:02.626Z,0
CVE-2024-0130,https://securityvulnerability.io/vulnerability/CVE-2024-0130,NVIDIA UFM Enterprise Vulnerability Could Lead to Escalation of Privileges and Data Tampering,"A vulnerability exists in NVIDIA's UFM Enterprise, UFM Appliance, and UFM CyberAI products that allows an attacker to exploit improper authentication. This issue arises when a malformed request is sent through the Ethernet management interface, potentially resulting in various security threats, including privilege escalation, data tampering, denial of service, and unauthorized information disclosure.",Nvidia,"Ufm Enterprise Ga,Ufm Enterprise Lts23,Ufm Enterprise Appliance Ga,Ufm Enterprise Appliance Lts23,Ufm Sdn Appliance Ga,Ufm Sdn Appliance Lts23,Ufm Cyberai Ga,Ufm Cyberai Lts23",8.8,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-06T20:15:00.000Z,0
CVE-2024-38423,https://securityvulnerability.io/vulnerability/CVE-2024-38423,Nvidia GeForce GPU Vulnerable to Memory Corruption During Page Table Switch,"The vulnerability involves memory corruption that occurs during the processing of GPU page table switches within Qualcomm's graphics processing units. This issue can potentially lead to unauthorized access and manipulation of sensitive data, affecting the overall integrity and security posture of systems equipped with affected Adreno GPUs. Users of these products are recommended to apply necessary security measures to mitigate potential risks stemming from this vulnerability.",Nvidia,Wsa8835 Firmware,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-04T10:15:00.000Z,0
CVE-2024-38421,https://securityvulnerability.io/vulnerability/CVE-2024-38421,GPU Memory Corruption Vulnerability Discovered,This vulnerability involves memory corruption issues that can arise during the processing of GPU commands in Qualcomm products. Exploitation of this flaw could lead to unauthorized access to sensitive information or execution of arbitrary code in affected systems. It is crucial for users and organizations utilizing Qualcomm GPUs to apply the latest security updates to mitigate the risks associated with this vulnerability.,NVIDIA,Wsa8845h Firmware,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-04T10:15:00.000Z,0
CVE-2024-0106,https://securityvulnerability.io/vulnerability/CVE-2024-0106,"NVIDIA BlueField DPU Vulnerability Could Lead to Denial of Service, Data Tampering, and Limited Information Disclosure","The NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability related to improper privilege handling. This issue could allow attackers to exploit the system, resulting in disruptions such as denial of service, potential data tampering, and limited information disclosure. Addressing this security risk is crucial for maintaining the integrity and availability of systems utilizing NVIDIA technology.",Nvidia,"Bluefield 1,Bluefield Ga,Bluefield Lts22,Bluefield Lts23",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-01T05:53:31.345Z,0
CVE-2024-0105,https://securityvulnerability.io/vulnerability/CVE-2024-0105,NVIDIA ConnectX Firmware Vulnerability Could Lead to Denial of Service and Data Tampering,"The NVIDIA ConnectX Firmware has a vulnerability that occurs due to improper handling of insufficient privileges. This security flaw can potentially be exploited by malicious actors, leading to severe consequences such as denial of service, the ability to tamper with data, and the risk of limited information disclosure. Organizations utilizing vulnerable versions of ConnectX products should prioritize update and mitigation strategies to safeguard their systems.",Nvidia,"Connectx4,Connectx4 Lx,Connectx Ga,Connectx Lts22,Connectx Lts23,Bluefield 1,Bluefield Ga,Bluefield Lts22,Bluefield Lts23",8.9,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-01T05:36:06.601Z,0
CVE-2024-0128,https://securityvulnerability.io/vulnerability/CVE-2024-0128,NVIDIA vGPU Software Vulnerability Could Lead to Information Disclosure and Escalation of Privileges,"The NVIDIA vGPU software features a vulnerability within the Virtual GPU Manager that enables users of the guest operating system to gain access to global resources. This weakness potentially leads to unauthorized information disclosure, enables data tampering, and may facilitate escalation of user privileges, posing significant risks to system integrity and confidentiality.",Nvidia,Vgpu And Cloud Gaming,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:14:20.726Z,0
CVE-2024-0127,https://securityvulnerability.io/vulnerability/CVE-2024-0127,"NVIDIA vGPU Software Vulnerability Could Lead to Code Execution, Privilege Escalation, and More","NVIDIA vGPU software is vulnerable due to improper input validation in its GPU kernel driver associated with the vGPU Manager across all supported hypervisors. This flaw provides an opportunity for users operating within the guest operating system to compromise the guest OS kernel. If successfully exploited, this vulnerability can lead to serious consequences such as unauthorized code execution, elevation of user privileges, data manipulation, service interruptions, and potential information leaks. This highlights the importance of updating to the latest security patches to mitigate risks associated with this vulnerability.",Nvidia,Vgpu And Cloud Gaming,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:10:56.367Z,0
CVE-2024-0121,https://securityvulnerability.io/vulnerability/CVE-2024-0121,"NVIDIA GPU Display Driver Vulnerability Could Lead to Code Execution, Data Tampering","The NVIDIA GPU Display Driver for Windows contains a vulnerability within its user mode layer, enabling an unprivileged user to perform an out-of-bounds read operation. When exploited, this vulnerability can facilitate unauthorized code execution, disrupt service availability, elevate user privileges, disclose sensitive information, and cause data modifications. Ensuring timely updates and patches for the NVIDIA GPU Display Driver is crucial to mitigate these risks.",Nvidia,"Gpu, Vgpu, And Cloud Gaming",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:07:50.366Z,0
CVE-2024-0120,https://securityvulnerability.io/vulnerability/CVE-2024-0120,NVIDIA GPU Display Driver Vulnerability Allows for Code Execution and Other Threats,"The NVIDIA GPU Display Driver for Windows contains a vulnerability in its user mode layer that allows unprivileged users to exploit an out-of-bounds read. This flaw poses significant security risks including the possibility of unauthorized code execution, potential denial of service, and escalation of privileges. Furthermore, it potentially enables information disclosure and data tampering, which can severely compromise system integrity and user data.",Nvidia,"Gpu, Vgpu, And Cloud Gaming",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:06:52.882Z,0
CVE-2024-0119,https://securityvulnerability.io/vulnerability/CVE-2024-0119,"NVIDIA GPU Display Driver Vulnerability Could Lead to Code Execution, Data Tampering","The NVIDIA GPU Display Driver for Windows features a vulnerability in its user mode layer, allowing an unprivileged regular user to trigger an out-of-bounds read. Such exploitation may result in a range of consequences including unauthorized code execution, denial of service conditions, potential privilege escalation, information leakage, and data integrity issues. This vulnerability poses significant risks in environments where the GPU driver is utilized, emphasizing the need for timely updates and robust security practices.",Nvidia,"Gpu, Vgpu, And Cloud Gaming",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:06:34.252Z,0
CVE-2024-0118,https://securityvulnerability.io/vulnerability/CVE-2024-0118,NVIDIA GPU Display Driver Vulnerability Affects Windows Users,"The NVIDIA GPU Display Driver for Windows contains a vulnerability within its user mode layer that allows unprivileged regular users to exploit an out-of-bounds read condition. This exploitation can lead to various adverse outcomes including code execution, which may allow unauthorized access to system functions. Additionally, the vulnerability poses risks of denial of service, privilege escalation, information disclosure, and potential data tampering, affecting the integrity and availability of the system resources.",Nvidia,"Gpu, Vgpu, And Cloud Gaming",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:06:27.506Z,0
CVE-2024-0117,https://securityvulnerability.io/vulnerability/CVE-2024-0117,"NVIDIA GPU Display Driver Vulnerability Could Lead to Code Execution, Data Tampering","A vulnerability exists in the NVIDIA GPU Display Driver for Windows, specifically within the user mode layer. This issue allows an unprivileged regular user to trigger an out-of-bounds read, which can potentially be exploited to execute arbitrary code. The implications of this vulnerability include denial of service, escalation of privileges, and risks of information disclosure and data tampering. Organizations using affected versions are advised to update their drivers to mitigate these risks. Detailed information can be found in NVIDIA support resources.",Nvidia,"Gpu, Vgpu, And Cloud Gaming",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:06:19.001Z,0
CVE-2024-0126,https://securityvulnerability.io/vulnerability/CVE-2024-0126,NVIDIA GPU Display Driver Vulnerability Could Lead to Privilege Escalation,"The NVIDIA GPU Display Driver for both Windows and Linux is subject to a vulnerability that allows an attacker with privileged access to escalate permissions. This exploit could lead to severe consequences such as unauthorized code execution, potential denial of service, escalation of user privileges, and the risk of sensitive data exposure and tampering. Affected users should take immediate precautions to mitigate risk.",Nvidia,"Gpu, Vgpu, And Cloud Gaming",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-26T08:01:44.000Z,0
CVE-2024-0129,https://securityvulnerability.io/vulnerability/CVE-2024-0129,NVIDIA NeMo Vulnerability Could Lead to Code Execution and Data Tampering,"The vulnerability in NVIDIA NeMo's SaveRestoreConnector component arises from improper handling of .tar file extractions, leading to potential path traversal. If exploited, attackers may manipulate file paths to access restricted areas of the file system, potentially allowing them to execute arbitrary code and tamper with sensitive data. This vulnerability underscores the importance of secure file handling practices in software development. Users and administrators of NVIDIA NeMo are urged to apply the necessary updates to mitigate the risk associated with unsafe file operations.",Nvidia,Nemo,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T05:39:01.225Z,0
CVE-2024-0132,https://securityvulnerability.io/vulnerability/CVE-2024-0132,NVIDIA Container Toolkit Vulnerability Allows for File System Access,"The NVIDIA Container Toolkit versions up to 1.16.1 possess a Time-of-Check Time-of-Use (TOCTOU) vulnerability that arises when the tool is utilized with its default configurations. A specially crafted container image can exploit this vulnerability to gain unauthorized access to the host file system. This situation creates several security concerns, such as unauthorized code execution, potential denial of service, privilege escalation, and possibilities for information disclosure and data tampering. The vulnerability is mitigated when Container Device Interface (CDI) is implemented.",Nvidia,"Container Toolkit,Gpu Operator",8.3,HIGH,0.000910000002477318,false,,true,false,true,2024-09-26T22:42:46.000Z,,false,false,,2024-09-26T05:18:33.211Z,75
CVE-2024-0110,https://securityvulnerability.io/vulnerability/CVE-2024-0110,CUDA Toolkit Vulnerability Could Lead to Code Execution or Denial of Service,"The NVIDIA CUDA Toolkit exhibits a vulnerability within the `cuobjdump` command, specifically when it processes malformed ELF (Executable and Linkable Format) files. This flaw enables users to inadvertently induce an out-of-bound write situation. If exploited, this vulnerability could allow unauthorized code execution or lead to denial of service, impacting system stability and security. Users of the NVIDIA CUDA Toolkit should review their use of the `cuobjdump` command and take measures to validate input files to mitigate potential risks.",Nvidia,Cuda Toolkit,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-08-31T08:27:46.798Z,0
CVE-2024-0113,https://securityvulnerability.io/vulnerability/CVE-2024-0113,Mellanox OS Vulnerability Could Lead to Escalation of Privileges and Information Disclosure,"A vulnerability exists in the web support of NVIDIA Mellanox OS and related products, allowing an attacker to exploit a CGI path traversal through a specifically crafted URI. This vulnerability could lead to unauthorized escalation of privileges and potential information disclosure. Organizations utilizing these products should be aware of this vulnerability to mitigate risks associated with unauthorized access.",Nvidia,"Mellanox Os,Skyway,Metrox-3 Xc,Metrox-2",8.8,HIGH,0.0017600000137463212,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-0104,https://securityvulnerability.io/vulnerability/CVE-2024-0104,NVIDIA Mellanox OS Vulnerability Affects Security,"A vulnerability in the LDAP Authentication, Authorization, and Accounting (AAA) component of NVIDIA's Mellanox OS, as well as the ONYX, Skyway, MetroX-2, and MetroX-3 XC products, allows for improper access due to user interactions. Exploitation of this vulnerability can result in serious consequences, including unauthorized access to sensitive information, potential data alterations, and the possibility of privilege escalation. Securing these environments is vital to preventing adverse security events.",Nvidia,"Mellanox Os,Onyx,Skyway,Metrox-3 Xc,Metrox-2",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-08T17:15:19.315Z,0
CVE-2024-0101,https://securityvulnerability.io/vulnerability/CVE-2024-0101,NVIDIA Mellanox OS Vulnerability Could Lead to Denial of Service,"The vulnerability in NVIDIA Mellanox OS and its related products stems from improper definitions in the ipfilter configuration. This flaw can be exploited by an attacker to disrupt the normal operation of the affected switches, potentially leading to a denial of service scenario. Effective ipfilter management is essential to mitigate risks associated with this vulnerability, ensuring the stability and reliability of network operations.",Nvidia,"Mellanox Os,Onyx,Skyway,Metrox-3 Xc,Metrox-2",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-08T17:11:07.194Z,0
CVE-2024-0107,https://securityvulnerability.io/vulnerability/CVE-2024-0107,NVIDIA GPU Display Driver Vulnerability Allowing Unprivileged User Access to Sensitive Data,"The NVIDIA GPU Display Driver for Windows features a vulnerability in its user mode layer that enables an unprivileged regular user to execute an out-of-bounds read. Exploitation of this flaw can lead to significant security risks, including unauthorized code execution, service interruptions, an escalation of privileges, potential information disclosure, and the capability for data manipulation. Users and administrators utilizing the affected product should take immediate action to mitigate these risks.",Nvidia,"Gpu Display Driver, Vgpu Software, Cloud Gaming",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-08T16:57:49.154Z,0