DGX servers

CVEs (40)

• CVE-2023-25509Apr 22, 2023
  Nvidia

  DGX-1 SBIOS
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

• CVE-2023-25508Apr 22, 2023
  Nvidia

  DGX-1 BMC
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information…

• CVE-2023-25507Apr 22, 2023
  Nvidia

  DGX-1 BMC
  risk 0.00cvss —epss 0.01

  NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

• CVE-2023-25506Apr 22, 2023
  Nvidia

  DGX-1
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information…

• CVE-2023-25505Apr 22, 2023
  Ami

  MegaRAC
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

• CVE-2023-0209Apr 22, 2023
  Nvidia

  DGX-1
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure…

• CVE-2023-0207Apr 22, 2023
  Nvidia

  DGX-2 SBIOS
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

• CVE-2023-0206Apr 22, 2023
  Nvidia

  DGX A100 SBIOS
  risk 0.00cvss —epss 0.00

  NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

• CVE-2023-0202Apr 22, 2023
  Nvidia

  DGX A100 SBIOS
  risk 0.00cvss —epss 0.00

  NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information…

• CVE-2023-0201Apr 22, 2023
  Nvidia

  DGX-2 SBIOS
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

• CVE-2023-0200Apr 22, 2023
  Nvidia

  DGX-2
  risk 0.00cvss —epss 0.00

  NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

• CVE-2022-42290Jan 13, 2023
  Supermicro

  Bmc
  risk 0.00cvss —epss 0.01

  NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

• CVE-2022-42289Jan 13, 2023
  Supermicro

  Baseboard Management Controller
  risk 0.00cvss —epss 0.01

  NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

• CVE-2022-42288Jan 13, 2023
  Supermicro

  Bmc
  risk 0.00cvss —epss 0.00

  NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

• CVE-2022-42287Jan 13, 2023
  Supermicro

  Bmc
  risk 0.00cvss —epss 0.00

  NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

• CVE-2022-42286Jan 13, 2023
  Nvidia

  DGX A100 SBIOS
  risk 0.00cvss —epss 0.00

  DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.

• CVE-2022-42285Jan 13, 2023
  Nvidia

  DGX A100
  risk 0.00cvss —epss 0.00

  DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

• CVE-2022-42284Jan 13, 2023
  Supermicro

  Bmc
  risk 0.00cvss —epss 0.00

  NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.

• CVE-2022-42283Jan 13, 2023
  Supermicro

  Bmc
  risk 0.00cvss —epss 0.00

  NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

• CVE-2022-42282Jan 13, 2023
  Supermicro

  Bmc
  risk 0.00cvss —epss 0.00

  NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.