cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23359,https://securityvulnerability.io/vulnerability/CVE-2025-23359,Time-of-Check Time-of-Use Vulnerability in NVIDIA Container Toolkit for Linux,"The NVIDIA Container Toolkit for Linux is susceptible to a Time-of-Check Time-of-Use (TOCTOU) vulnerability, especially when operated under its default configuration. This flaw allows maliciously crafted container images to potentially access the host file system. Successful exploitation could result in various security issues, including unauthorized code execution, denial of service, elevated user privileges, and even sensitive data exposure or manipulation.",Nvidia,"Container Toolkit,Gpu Operator",8.3,HIGH,0.0004299999854993075,false,,true,false,true,2025-02-12T14:04:29.000Z,false,false,false,,2025-02-12T00:52:43.646Z,919
CVE-2024-53880,https://securityvulnerability.io/vulnerability/CVE-2024-53880,Integer Overflow Vulnerability in NVIDIA Triton Inference Server,"The NVIDIA Triton Inference Server has a vulnerability in its model loading API that allows for integer overflow or wraparound errors. This occurs when an attacker loads a model file with an excessively large size, which can exceed the limits of an internal variable. If successfully exploited, this vulnerability may result in denial of service, impacting the availability of the server for legitimate users. Organizations utilizing this server should implement measures to secure their applications against such file size exploits.",Nvidia,Triton Inference Server,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:39:32.321Z,0
CVE-2024-0112,https://securityvulnerability.io/vulnerability/CVE-2024-0112,Improper Input Validation in NVIDIA Jetson AGX Orin and IGX Orin Software,"NVIDIA Jetson AGX Orin and NVIDIA IGX Orin software are susceptible to a vulnerability that arises from improper input validation. Attackers may exploit this flaw to escalate permissions to a limited extent, leading to potential consequences such as unauthorized code execution, service interruptions, data corruption, and unauthorized data access. Organizations utilizing these systems should remain vigilant and implement appropriate security measures to mitigate risks associated with this vulnerability.",Nvidia,"Jetson Agx Orin Series (including Jetson Orin Nx Series, Jetson Orin Nano Series),Igx Orin",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:15:00.000Z,0
CVE-2024-0145,https://securityvulnerability.io/vulnerability/CVE-2024-0145,Heap-Based Buffer Overflow in NVIDIA nvJPEG2000 Library,"The NVIDIA nvJPEG2000 library has a critical vulnerability that allows attackers to exploit a heap-based buffer overflow. By sending specially crafted JPEG2000 files, an attacker can achieve unauthorized code execution and potentially manipulate data within affected systems. This vulnerability poses a significant security risk, emphasizing the need for prompt patching and mitigative strategies to protect data integrity and system functionality.",Nvidia,Nvjpeg2000,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:12:33.361Z,0
CVE-2024-0144,https://securityvulnerability.io/vulnerability/CVE-2024-0144,Buffer Overflow Vulnerability in NVIDIA nvJPEG2000 Library,"The NVIDIA nvJPEG2000 library is susceptible to a buffer overflow vulnerability that can be triggered by specially crafted JPEG2000 files. Malicious actors can exploit this flaw to perform unauthorized data manipulation, potentially leading to further security issues. It is crucial for users reliant on NVIDIA products to ensure that they are using updated versions to mitigate risks associated with this vulnerability.",Nvidia,Nvjpeg2000,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:11:14.053Z,0
CVE-2024-0143,https://securityvulnerability.io/vulnerability/CVE-2024-0143,Out-of-Bounds Write Vulnerability in NVIDIA nvJPEG2000 Library,"The NVIDIA nvJPEG2000 library is susceptible to an out-of-bounds write vulnerability. This issue arises when an attacker manipulates a specially crafted JPEG2000 file, potentially leading to unauthorized code execution and data manipulation. Proper validation of input data is crucial to mitigating such vulnerabilities and ensuring application security.",Nvidia,Nvjpeg2000,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:10:35.133Z,101
CVE-2024-0142,https://securityvulnerability.io/vulnerability/CVE-2024-0142,Out-of-Bounds Write Vulnerability in NVIDIA nvJPEG2000 Library,"The NVIDIA nvJPEG2000 library has a security flaw that allows an attacker to perform an out-of-bounds write operation via a specially crafted JPEG2000 file. If successfully exploited, this vulnerability may enable attackers to execute arbitrary code and manipulate data, potentially compromising the integrity and security of the system.",Nvidia,Nvjpeg2000,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:09:53.430Z,0
CVE-2024-0131,https://securityvulnerability.io/vulnerability/CVE-2024-0131,Buffer Overflow Vulnerability in NVIDIA GPU Kernel Driver for Windows and Linux,"The NVIDIA GPU kernel driver for both Windows and Linux contains a vulnerability that allows a potential user-mode attacker to exploit a buffer with an incorrect length. This could lead to unintended information disclosure and may result in denial of service conditions, impacting system stability and performance.",Nvidia,"Nvidia Gpu Display Driver, Vgpu Software",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-02T01:15:00.000Z,0
CVE-2024-53881,https://securityvulnerability.io/vulnerability/CVE-2024-53881,Denial of Service Vulnerability in NVIDIA vGPU Host Driver,"A vulnerability has been identified in NVIDIA vGPU software that affects the host driver functionality. This issue may allow a guest virtual machine to generate an interrupt storm that could overwhelm the host system, resulting in a denial of service. Proper mitigation strategies and updates are essential to safeguard system performance and stability.",Nvidia,Nvidia Vgpu Software,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T04:11:29.908Z,0
CVE-2024-0146,https://securityvulnerability.io/vulnerability/CVE-2024-0146,Memory Corruption Vulnerability in NVIDIA Virtual GPU Manager,"NVIDIA vGPU software features a vulnerability in the Virtual GPU Manager that can be exploited by a malicious guest. This security flaw enables potential attackers to corrupt memory, possibly leading to unauthorized code execution, denial of service attacks, information disclosure, or alteration of data. It is crucial for users and system administrators relying on NVIDIA's virtual GPU technology to stay informed about this vulnerability and apply necessary mitigations.",Nvidia,Nvidia Vgpu Software,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T04:09:24.737Z,0
CVE-2024-53869,https://securityvulnerability.io/vulnerability/CVE-2024-53869,Information Disclosure Vulnerability in NVIDIA Unified Memory Driver for Linux,"The NVIDIA Unified Memory driver for Linux has a vulnerability that allows attackers to leak uninitialized memory contents. This flaw can lead to unintended information disclosure, potentially exposing sensitive data. Attackers may exploit this weakness to retrieve confidential memory data that should not be accessible. Users of the affected versions should take steps to mitigate this risk and update their drivers to the latest version.",Nvidia,"Nvidia Gpu Display Driver, Vgpu Software",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T04:07:47.554Z,0
CVE-2024-0149,https://securityvulnerability.io/vulnerability/CVE-2024-0149,Unauthorized File Access in NVIDIA GPU Display Driver for Linux,"A vulnerability in the NVIDIA GPU Display Driver for Linux grants potential unauthorized access to sensitive files. If exploited, this flaw can lead to limited information disclosure, raising serious security concerns for users operating vulnerable versions of the driver. Maintaining updated software and applying security patches promptly is essential to mitigate risks associated with this vulnerability.",Nvidia,"Nvidia Gpu Display Driver, Vgpu Software",3.3,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T04:04:19.542Z,0
CVE-2024-0147,https://securityvulnerability.io/vulnerability/CVE-2024-0147,NVIDIA GPU Display Driver Vulnerability for Windows and Linux,"A vulnerability exists in NVIDIA's GPU display driver for both Windows and Linux, which involves referencing memory after it has been freed. This flaw poses risks of denial of service, potentially impacting system stability, and data tampering, where an attacker could alter sensitive information or system operations. It is crucial for users to ensure they are running the latest version of the driver to mitigate associated risks.",Nvidia,"Nvidia Gpu Display Driver, Vgpu Software",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:27:50.092Z,0
CVE-2024-0150,https://securityvulnerability.io/vulnerability/CVE-2024-0150,Buffer Overflow Vulnerability in NVIDIA GPU Display Driver for Windows and Linux,"The NVIDIA GPU display driver for both Windows and Linux is susceptible to a buffer overflow vulnerability, which allows data to be erroneously written either past the end or before the beginning of a designated buffer. This flaw can potentially enable attackers to exploit the system, leading to significant risks such as information disclosure, denial of service, or unauthorized data alteration. It is essential for users and administrators to apply recommended security measures to safeguard their systems against potential exploits associated with this vulnerability.",Nvidia,"Nvidia Gpu Display Driver, Vgpu Software",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:26:55.489Z,0
CVE-2024-0140,https://securityvulnerability.io/vulnerability/CVE-2024-0140,Deserialization Vulnerability in NVIDIA RAPIDS Products,"NVIDIA RAPIDS suffers from a deserialization vulnerability present in the cuDF and cuML components. This issue arises when untrusted data is deserialized, potentially allowing attackers to execute arbitrary code, manipulate data, cause denial of service, or disclose sensitive information. It is critical for users to apply the necessary patches and follow best security practices to mitigate risks associated with this vulnerability.",Nvidia,Rapids Cudf And Cuml,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:18:30.778Z,0
CVE-2024-0137,https://securityvulnerability.io/vulnerability/CVE-2024-0137,Improper Isolation Vulnerability in NVIDIA Container Toolkit,"The NVIDIA Container Toolkit exhibits an improper isolation vulnerability due to misconfigured container settings. When a specially crafted container image is introduced, it could allow untrusted code to execute within the host's network namespace. This vulnerability is particularly concerning when the toolkit is set up in non-standard configurations. Its exploitation may potentially result in denial of service and unauthorized escalation of privileges, impacting the overall security posture of the systems utilizing the toolkit.",Nvidia,"Nvidia Container Toolkit,Nvidia Gpu Operator",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:10:36.813Z,0
CVE-2024-0136,https://securityvulnerability.io/vulnerability/CVE-2024-0136,Improper Isolation in NVIDIA Container Toolkit Leading to Host Device Access,"The NVIDIA Container Toolkit presents an improper isolation vulnerability that occurs due to its specific configuration. When configured in a non-default way, a specially crafted container image can exploit this flaw, potentially allowing untrusted code to gain read and write access to host devices. This could lead to serious impacts, including unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering. Ensuring proper configuration is essential to mitigate risks associated with this vulnerability.",Nvidia,"Nvidia Container Toolkit,Nvidia Gpu Operator",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:09:53.568Z,0
CVE-2024-0135,https://securityvulnerability.io/vulnerability/CVE-2024-0135,Improper Isolation in NVIDIA Container Toolkit Exposes Host Binary to Risks,"The NVIDIA Container Toolkit exhibits an improper isolation vulnerability that can be exploited through specially crafted container images. This weakness may allow attackers to modify host binaries, potentially leading to a range of security risks including unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering. Organizations leveraging the toolkit are urged to apply the latest updates to mitigate these threats.",Nvidia,"Nvidia Container Toolkit,Nvidia Gpu Operator",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T03:09:02.626Z,0
CVE-2024-0139,https://securityvulnerability.io/vulnerability/CVE-2024-0139,NVIDIA Temporary File Vulnerability Leads to Denial of Service,"NVIDIA Base Command Manager and Bright Cluster Manager for Linux are affected by an insecure temporary file vulnerability that could be exploited to create unauthorized access to sensitive areas of the system. An attacker leveraging this vulnerability may cause significant disruptions, resulting in a denial of service to legitimate users. This security concern highlights the need for immediate review and potential remediation to safeguard affected systems and maintain operational integrity.",NVIDIA,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-06T20:15:00.000Z,0
CVE-2024-0130,https://securityvulnerability.io/vulnerability/CVE-2024-0130,NVIDIA UFM Enterprise Vulnerability Could Lead to Escalation of Privileges and Data Tampering,"A vulnerability exists in NVIDIA's UFM Enterprise, UFM Appliance, and UFM CyberAI products that allows an attacker to exploit improper authentication. This issue arises when a malformed request is sent through the Ethernet management interface, potentially resulting in various security threats, including privilege escalation, data tampering, denial of service, and unauthorized information disclosure.",Nvidia,"Ufm Enterprise Ga,Ufm Enterprise Lts23,Ufm Enterprise Appliance Ga,Ufm Enterprise Appliance Lts23,Ufm Sdn Appliance Ga,Ufm Sdn Appliance Lts23,Ufm Cyberai Ga,Ufm Cyberai Lts23",8.8,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-06T20:15:00.000Z,0
CVE-2024-43703,https://securityvulnerability.io/vulnerability/CVE-2024-43703,Unauthorized Memory Access Through GPU System Calls,Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.,NVIDIA,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-30T03:15:00.000Z,0
CVE-2024-43702,https://securityvulnerability.io/vulnerability/CVE-2024-43702,GPU System Calls Vulnerability Allows Unprivileged Access to Arbitrary Memory,"A vulnerability in the GPU drivers from Imagination Technologies allows software running as a non-privileged user to perform improper system calls. This flaw can lead to unprivileged access to arbitrary physical memory pages, posing a potential risk for data exposure and exploitation. Users running affected driver versions are advised to assess their environments and implement any available updates to mitigate this risk.",NVIDIA,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-30T03:15:00.000Z,0
CVE-2024-0122,https://securityvulnerability.io/vulnerability/CVE-2024-0122,Unauthorized Action in NVIDIA Delegated Licensing Service,"The NVIDIA Delegated Licensing Service for appliance platforms presents a security risk where attackers could invoke unauthorized actions. If exploited, this vulnerability may result in a partial denial of service alongside potential exposure of confidential information, compromising the overall security and integrity of the affected systems.",NVIDIA,Delegated Licensing Service,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-23T00:15:00.000Z,0
CVE-2024-0138,https://securityvulnerability.io/vulnerability/CVE-2024-0138,Authentication Bypass Vulnerability in NVIDIA Base Command Manager,"NVIDIA Base Command Manager is susceptible to a vulnerability that allows unauthorized access and exploitation in its CMDaemon component. This flaw could enable an attacker to execute arbitrary code, disrupt services, escalate privileges, disclose sensitive information, or tamper with data, posing significant risks to system integrity and confidentiality.",NVIDIA,NVIDIA Base Command Manager,,,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-11-23T00:15:00.000Z,0
CVE-2024-0134,https://securityvulnerability.io/vulnerability/CVE-2024-0134,Unauthorized Files Creation Vulnerability Affects NVIDIA Container Toolkit and GPU Operator for Linux,NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.,Nvidia,"Nvidia Container Toolkit,Nvidia Gpu Operator",4.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-05T18:37:31.699Z,0