NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
History

Fri, 08 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Nvidia
Nvidia nemo
CPEs cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Nvidia
Nvidia nemo

Tue, 15 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 15 Oct 2024 05:45:00 +0000

Type Values Removed Values Added
Description NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2024-10-15T05:39:01.225Z

Updated: 2024-10-15T13:50:24.936Z

Reserved: 2023-12-02T00:42:39.327Z

Link: CVE-2024-0129

cve-icon Vulnrichment

Updated: 2024-10-15T13:50:21.169Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-15T06:15:02.520

Modified: 2024-11-08T15:33:26.137

Link: CVE-2024-0129

cve-icon Redhat

No data.