Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
10 vulnerabilities found for DLS component of NVIDIA License System by NVIDIA
CVE-2026-24241 (GCVE-0-2026-24241)
Vulnerability from nvd – Published: 2026-02-24 18:42 – Updated: 2026-02-24 21:26
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.6
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T21:26:29.531581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T21:26:40.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All(3.6)"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.6"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"All(3.1)"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:42:56.703Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24241"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24241"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5789"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-24241",
"datePublished": "2026-02-24T18:42:56.703Z",
"dateReserved": "2026-01-21T19:09:47.374Z",
"dateUpdated": "2026-02-24T21:26:40.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23293 (GCVE-0-2025-23293)
Vulnerability from nvd – Published: 2025-09-30 17:55 – Updated: 2025-09-30 20:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
Severity ?
8.7 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.5.1 and v3.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T18:31:40.412116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T20:33:39.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.5.1 and v3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:55:29.157Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23293"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23293"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5705"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23293",
"datePublished": "2025-09-30T17:55:29.157Z",
"dateReserved": "2025-01-14T01:06:26.349Z",
"dateUpdated": "2025-09-30T20:33:39.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23292 (GCVE-0-2025-23292)
Vulnerability from nvd – Published: 2025-09-30 17:55 – Updated: 2025-09-30 20:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).
Severity ?
4.6 (Medium)
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.5.1 and v3.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T18:32:00.671193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T20:33:31.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.5.1 and v3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component)."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:55:02.678Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23292"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23292"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5705"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23292",
"datePublished": "2025-09-30T17:55:02.678Z",
"dateReserved": "2025-01-14T01:06:26.349Z",
"dateUpdated": "2025-09-30T20:33:31.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23291 (GCVE-0-2025-23291)
Vulnerability from nvd – Published: 2025-09-30 17:54 – Updated: 2025-09-30 20:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
Severity ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.5.1 and v3.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T18:32:14.858926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T20:33:10.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.5.1 and v3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:54:22.801Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23291"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23291"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5705"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23291",
"datePublished": "2025-09-30T17:54:22.801Z",
"dateReserved": "2025-01-14T01:06:25.308Z",
"dateUpdated": "2025-09-30T20:33:10.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0122 (GCVE-0-2024-0122)
Vulnerability from nvd – Published: 2024-11-22 23:23 – Updated: 2024-11-25 17:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.
Severity ?
7.6 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
2.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.3, 3.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:32:56.056647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:33:09.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "2.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.3, 3.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.\u003c/span\u003e"
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service, information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T23:23:23.218Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5570"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0122",
"datePublished": "2024-11-22T23:23:23.218Z",
"dateReserved": "2023-12-02T00:42:32.776Z",
"dateUpdated": "2024-11-25T17:33:09.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-24241 (GCVE-0-2026-24241)
Vulnerability from cvelistv5 – Published: 2026-02-24 18:42 – Updated: 2026-02-24 21:26
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.6
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T21:26:29.531581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T21:26:40.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All(3.6)"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.6"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"All(3.1)"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:42:56.703Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24241"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24241"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5789"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-24241",
"datePublished": "2026-02-24T18:42:56.703Z",
"dateReserved": "2026-01-21T19:09:47.374Z",
"dateUpdated": "2026-02-24T21:26:40.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23293 (GCVE-0-2025-23293)
Vulnerability from cvelistv5 – Published: 2025-09-30 17:55 – Updated: 2025-09-30 20:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
Severity ?
8.7 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.5.1 and v3.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T18:31:40.412116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T20:33:39.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.5.1 and v3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:55:29.157Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23293"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23293"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5705"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23293",
"datePublished": "2025-09-30T17:55:29.157Z",
"dateReserved": "2025-01-14T01:06:26.349Z",
"dateUpdated": "2025-09-30T20:33:39.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23292 (GCVE-0-2025-23292)
Vulnerability from cvelistv5 – Published: 2025-09-30 17:55 – Updated: 2025-09-30 20:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).
Severity ?
4.6 (Medium)
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.5.1 and v3.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T18:32:00.671193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T20:33:31.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.5.1 and v3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component)."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:55:02.678Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23292"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23292"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5705"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23292",
"datePublished": "2025-09-30T17:55:02.678Z",
"dateReserved": "2025-01-14T01:06:26.349Z",
"dateUpdated": "2025-09-30T20:33:31.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23291 (GCVE-0-2025-23291)
Vulnerability from cvelistv5 – Published: 2025-09-30 17:54 – Updated: 2025-09-30 20:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
Severity ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
All versions prior to v3.5.1 and v3.1.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T18:32:14.858926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T20:33:10.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to v3.5.1 and v3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:54:22.801Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23291"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23291"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5705"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23291",
"datePublished": "2025-09-30T17:54:22.801Z",
"dateReserved": "2025-01-14T01:06:25.308Z",
"dateUpdated": "2025-09-30T20:33:10.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0122 (GCVE-0-2024-0122)
Vulnerability from cvelistv5 – Published: 2024-11-22 23:23 – Updated: 2024-11-25 17:33
VLAI?
Summary
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.
Severity ?
7.6 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | DLS component of NVIDIA License System |
Affected:
2.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.3, 3.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:32:56.056647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:33:09.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DLS component of NVIDIA License System",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "2.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.3, 3.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.\u003c/span\u003e"
}
],
"value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service, information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T23:23:23.218Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5570"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0122",
"datePublished": "2024-11-22T23:23:23.218Z",
"dateReserved": "2023-12-02T00:42:32.776Z",
"dateUpdated": "2024-11-25T17:33:09.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}