CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23279
https://notcve.org/view.php?id=CVE-2025-23279
02 Aug 2025 — NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. El instalador NVIDIA .run para Linux y Solaris contiene una vulnerabilidad que permite a un atacante usar una condición de ejecución para escalar privilegios. Una explotación exitosa de esta vulnerabilidad podría ... • https://nvidia.custhelp.com/app/answers/detail/a_id/5670 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23278
https://notcve.org/view.php?id=CVE-2025-23278
02 Aug 2025 — NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service. El controlador de pantalla NVIDIA para Windows y Linux contiene una vulnerabilidad que permite a un atacante provocar una validación de índice incorrecta al ejecutar una llamada con parámetros manipulados. Una explotación exitosa de esta vulnerabi... • https://nvidia.custhelp.com/app/answers/detail/a_id/5670 • CWE-129: Improper Validation of Array Index •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23277
https://notcve.org/view.php?id=CVE-2025-23277
02 Aug 2025 — NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure. El controlador de pantalla NVIDIA para Linux y Windows contiene una vulnerabilidad en el controlador de modo kernel, que permite a un atacante acceder a la memoria fuera de los límites permitidos en condiciones... • https://https://nvidia.custhelp.com/app/answers/detail/a_id/5670 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23276
https://notcve.org/view.php?id=CVE-2025-23276
02 Aug 2025 — NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering. El instalador de NVIDIA para Windows contiene una vulnerabilidad que permite a un atacante escalar privilegios. Una explotación exitosa de esta vulnerabilidad puede provocar escalada de privilegios, denegación de servicio, ejecución de código, d... • https://nvidia.custhelp.com/app/answers/detail/a_id/5670 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23289
https://notcve.org/view.php?id=CVE-2025-23289
31 Jul 2025 — NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure. NVIDIA Omniverse Launcher para Windows y Linux contiene una vulnerabilidad en los registros del lanzador, que podría provocar que un usuario escriba información confidencial en los archivos de registro a través de servidores proxy. Apr... • https://nvidia.custhelp.com/app/answers/detail/a_id/5679 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23270
https://notcve.org/view.php?id=CVE-2025-23270
17 Jul 2025 — NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5662 • CWE-392: Missing Report of Error Condition •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23267
https://notcve.org/view.php?id=CVE-2025-23267
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. A flaw was found in the NVIDIA Container Toolkit. This vulnerability allows execution of arbitrary code with elevated permissions via improperly secured container initializatio... • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23260
https://notcve.org/view.php?id=CVE-2025-23260
24 Jun 2025 — NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5660 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23265
https://notcve.org/view.php?id=CVE-2025-23265
24 Jun 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •