33 matches found
CVE-2025-23251
CVE-2025-23251 (NVIDIA NeMo Framework) involves a code-generation control weakness that could allow remote code execution, with potential data tampering. Multiple sources (NVD, NVIDIA security bulletin, Red Hat, PT Security) confirm the flaw and its impact, describing an attacker who could execut...
CVE-2025-23249
CVE-2025-23249 (NVIDIA NeMo Framework) : The vulnerability allows deserialization of untrusted data leading to remote code execution, with potential code execution and data tampering. Affected software is the NVIDIA NeMo Framework (versions prior to 25.02); remediation guidance in connected docs ...
CVE-2025-23250
CVE-2025-23250 – NVIDIA NeMo Framework : A path traversal vulnerability exists in NVIDIA NeMo Framework from an improper limitation of a pathname to a restricted directory, enabling an arbitrary file write. Reports across multiple sources (NVD, Red Hat, Alpine, CNNVD, PT-Security, and NVIDIA advi...
CVE-2022-22821
CVE-2022-22821 affects NVIDIA NeMo before 1.6.0, specifically the ASR WebApp component, where a Relative Path Traversal (../) could lead to deletion of arbitrary directories when an admin user is executing the web app. The vulnerability is triggered by insufficient input validation in the ASR Web...
CVE-2024-0129
CVE-2024-0129 affects NVIDIA NeMo, specifically the SaveRestoreConnector where unsafe extraction of .tar files can trigger a path traversal vulnerability. The issue may lead to code execution and data tampering. NVIDIA’s advisory patches NeMo up to version r2.0.0rc0; upgrading to this version (or...
CVE-2025-23360
CVE-2025-23360 affects the NVIDIA NeMo Framework. The vulnerability allows a relative path traversal via arbitrary file write, which could lead to code execution and data tampering. Reported CVSS metrics indicate a high-severity impact (base 9.8 in NVD with network attack vector) and substantial ...
CVE-2024-0081
CVE-2024-0081 affects NVIDIA NeMo framework for Ubuntu, specifically the tools/asr_webapp component. The root cause is an improper/resource-allocation control that allows an attacker to cause unbounded allocation of resources, leading to server-side denial of service. Multiple connected sources c...
CVE-2025-23313
Summary (CVE-2025-23313) : NVIDIA NeMo Framework (NLP component) across platforms is described as vulnerable to code injection via malicious data. The underlying root cause is not detailed in the provided documents, but the consequence could include code execution, privilege escalation, informati...
CVE-2025-23304
CVE-2025-23304 affects the NVIDIA NeMo library (model loading component). The vulnerability arises from loading .nemo files with maliciously crafted metadata, enabling code injection that may lead to remote code execution and data tampering. Affected: NVIDIA NeMo library (model loading). Exploita...
CVE-2025-23303
The CVE-2025-23303 entry concerns NVIDIA NeMo Framework. Affected component: NVIDIA NeMo Framework (e.g., nemo-toolkit). Description confirms a Deserialization of Untrusted Data that can lead to Remote Code Execution and potential data tampering. Public entries from multiple sources corroborate t...
CVE-2025-23312
The CVE concerns NVIDIA NeMo Framework across all platforms, specifically a vulnerability in the retrieval services component where attacker-crafted data can trigger a code injection. The impact described in connected sources includes code execution, escalation of privileges, information disclosu...
CVE-2025-23314
CVE-2025-23314 affects NVIDIA NeMo Framework (NLP component). Exploitation could allow code injection with potential code execution, privilege escalation, data tampering, and information disclosure. Affected is the NeMo Framework across platforms; root cause not detailed in provided documents. Ex...
CVE-2025-23315
The CVE-2025-23315 affects NVIDIA NeMo Framework across all platforms, with a vulnerability in the export and deploy component that could be triggered by malicious data to cause a code injection. Exploitation is described as potentially leading to code execution, privilege escalation, information...
CVE-2025-33253
CVE-2025-33253 affects NVIDIA NeMo Framework via Nemo-toolkit deserialization, enabling remote code execution when a user loads a malicious file. Connected sources specify nemo-toolkit as the vulnerable component, with advisories indicating that versions >=0.10.1 and
CVE-2025-33245
The CVE-2025-33245 entry affects NVIDIA NeMo Framework and specifically relates to the nemo-toolkit deserialization vulnerability. Public docs describe that providing malicious data can lead to remote code execution, with potential impacts including code execution, privilege escalation, informati...
CVE-2026-24228
NVIDIA NeMo Framework for Linux contains a vulnerability where deserialization of untrusted data may lead to code execution, privilege escalation, data tampering, and information disclosure. The connected NVIDIA security bulletin confirms affected product: NVIDIA NeMo Framework for Linux, with af...
CVE-2025-33204
CVE-2025-33204 affects NVIDIA NeMo Framework (all platforms). The vulnerability lies in the NLP/LLM components, where malicious input data can lead to code injection, with potential outcomes including code execution, privilege escalation, information disclosure, and data tampering. According to R...
CVE-2025-33252
NVIDIA NeMo Framework is affected by CVE-2025-33252, enabling potential remote code execution. Technical details across connected sources identify the affected component as the NeMo Framework and indicate that exploitation could lead to code execution, denial of service, information disclosure, a...
CVE-2025-33250
NVIDIA NeMo Framework (CVE-2025-33250) is affected by a vulnerability that could allow remote code execution via a component/entry point described in NVIDIA advisories. The NVIDIA bulletin and RH/OSV entries confirm the issue impacts NeMo Framework and is addressed by updating to version 2.6.1 or...
CVE-2025-23361
CVE-2025-23361 affects NVIDIA NeMo Framework. A vulnerability in a script allows malicious input to control code generation, with potential code execution, privilege escalation, information disclosure, and data tampering. Affected product: NVIDIA NeMo Framework (version context shows 2.0.3 in one...
CVE-2025-33178
CVE-2025-33178 affects NVIDIA NeMo Framework ( Bert services component). The vulnerability arises from processing of malicious data, enabling code injection which may lead to Code execution, Privilege Escalation, Information disclosure, and Data tampering. NVIDIA’s advisories indicate remediation...
CVE-2025-33212
Summary: NVIDIA NeMo Framework’s model-loading vulnerability could enable code execution, privilege escalation, DoS, or data tampering when loading a malicious file. Root cause: improper control during file/model loading. Impact: HIGH across confidentiality, integrity, and availability. Exploitat...
CVE-2025-33226
CVE-2025-33226 affects NVIDIA NeMo Framework for all platforms. The vulnerability allows code injection via malicious data created by an attacker, with potential outcomes including code execution, privilege escalation, information disclosure, and data tampering as described across multiple source...
CVE-2025-33249
CVE-2025-33249 affects NVIDIA NeMo Framework on all platforms, specifically a vulnerability in a voice-preprocessing script that could allow attacker-crafted input to trigger code injection. The Red Hat advisories and NVIDIA bulletin corroborate a vulnerability with potential code execution, priv...
CVE-2026-24155
CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...
CVE-2026-24157
CVE-2026-24157 affects NVIDIA NeMo Framework. The vulnerability exists in checkpoint loading and could allow remote code execution, with possible impact including code execution, privilege escalation, information disclosure, and data tampering. NVIDIA/NeMo security bulletin lists all platforms an...
CVE-2025-33236
CVE-2025-33236 is associated with the NVIDIA NeMo Framework. The Red Hat, CIRCL, NVD, OSV, and NVIDIA bulletins corroborate a vulnerability where attacker‑crafted data can cause code injection, potentially leading to code execution, privilege escalation, information disclosure, and data tampering...
CVE-2026-24159
NVIDIA NeMo Framework (CVE-2026-24159) is affected. A vulnerability in the NeMo Framework could allow an attacker to achieve remote code execution, potentially leading to code execution, privilege escalation, information disclosure and data tampering. Public advisories and the NVIDIA security bul...
CVE-2025-33205
CVE-2025-33205 affects the NVIDIA NeMo Framework. The issue is a vulnerability in a predefined variable that could cause inclusion of functionality from an untrusted control sphere, potentially leading to code execution. Affected component: NVIDIA NeMo Framework (NeMo, various integrations as per...
CVE-2025-33241
CVE-2025-33241 affects NVIDIA NeMo Framework. A remote-code-execution vulnerability can be triggered by loading a maliciously crafted file, with potential impacts including code execution, privilege escalation, information disclosure, and data tampering. NVIDIA’s security bulletin (Feb 2026) prov...
CVE-2025-33251
CVE-2025-33251 affects NVIDIA NeMo Framework. Affected component: NeMo Framework (NVIDIA). Vulnerability enables remote code execution with potential for code execution, DoS, information disclosure, and data tampering. Remediation: NVIDIA Security Bulletin specifies updating to version 2.6.1 or l...
CVE-2025-33243
Summary (CVE-2025-33243) NVIDIA NeMo Framework is affected; a vulnerability could allow remote code execution in distributed environments. The issue impacts NVIDIA NeMo Framework across all platforms and versions prior to 2.6.1. The security bulletin lists the update to version 2.6.1 or later as ...
CVE-2025-33246
CVE-2025-33246 affects the NVIDIA NeMo Framework across platforms, with the vulnerability residing in the ASR Evaluator utility. A crafted input in a configuration parameter can trigger a command injection, enabling possible code execution, privilege escalation, data tampering, or information dis...