CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0118
https://notcve.org/view.php?id=CVE-2024-0118
26 Oct 2024 — NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5586 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0117
https://notcve.org/view.php?id=CVE-2024-0117
26 Oct 2024 — NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5586 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0126 – Gentoo Linux Security Advisory 202412-20
https://notcve.org/view.php?id=CVE-2024-0126
26 Oct 2024 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in privilege escalation. Versions greater than or equal to 535.216.01 are affected. • https://nvidia.custhelp.com/app/answers/detail/a_id/5586 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0129
https://notcve.org/view.php?id=CVE-2024-0129
15 Oct 2024 — NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5580 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0125
https://notcve.org/view.php?id=CVE-2024-0125
03 Oct 2024 — NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5577 • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0124
https://notcve.org/view.php?id=CVE-2024-0124
03 Oct 2024 — NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5577 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0123
https://notcve.org/view.php?id=CVE-2024-0123
03 Oct 2024 — NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5577 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0116
https://notcve.org/view.php?id=CVE-2024-0116
01 Oct 2024 — NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5565 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0133
https://notcve.org/view.php?id=CVE-2024-0133
26 Sep 2024 — NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5582 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 4CVE-2024-0132 – NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
https://notcve.org/view.php?id=CVE-2024-0132
26 Sep 2024 — NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://packetstorm.news/files/id/190141 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •