CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42268
https://notcve.org/view.php?id=CVE-2022-42268
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service. Omniverse Kit contiene una vulnerabilidad en las aplicaciones de referencia Create, Audio2Face, Isaac Sim, View, Code y Machinima. • https://nvidia.custhelp.com/app/answers/detail/a_id/5418 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42271
https://notcve.org/view.php?id=CVE-2022-42271
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution NVIDIA BMC contiene una vulnerabilidad en el controlador IPMI, donde un atacante autorizado puede provocar un desbordamiento del búfer y provocar una denegación de servicio u obtener la ejecución de código. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34681
https://notcve.org/view.php?id=CVE-2022-34681
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service. NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en el controlador de la capa del modo kernel (nvlddmkm.sys), donde la validación de entrada incorrecta de una estructura de datos relacionada con la pantalla puede provocar una Denegación de Servicio (DoS). • https://nvidia.custhelp.com/app/answers/detail/a_id/5415 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-34671
https://notcve.org/view.php?id=CVE-2022-34671
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service. NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa de modo de usuario, donde un usuario sin privilegios puede provocar una escritura fuera de los límites, lo que puede provocar la ejecución de código, la divulgación de información y la Denegación de Servicio (DoS). • https://nvidia.custhelp.com/app/answers/detail/a_id/5415 https://nvidia.custhelp.com/app/answers/detail/a_id/5468 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 28EXPL: 0CVE-2022-42257
https://notcve.org/view.php?id=CVE-2022-42257
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar la divulgación de información, la manipulación de datos o la Denegación de Servicio (DoS). • https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html https://nvidia.custhelp.com/app/answers/detail/a_id/5415 https://security.gentoo.org/glsa/202310-02 • CWE-190: Integer Overflow or Wraparound •