VYPR

DGX

by Nvidia

CVEs (8)

  • CVE-2020-11486CriOct 29, 2020
    risk 0.64cvss 9.8epss 0.03

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to…

  • CVE-2026-24218HigMay 20, 2026
    risk 0.53cvss 8.1epss 0.01

    NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host…

  • CVE-2023-0200HigApr 22, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

  • CVE-2020-11489HigOct 29, 2020
    risk 0.49cvss 7.5epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

  • CVE-2020-11488MedOct 29, 2020
    risk 0.44cvss 6.7epss 0.00

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware…

  • CVE-2020-11484MedOct 29, 2020
    risk 0.32cvss 4.9epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.

  • CVE-2025-23302MedSep 4, 2025
    risk 0.27cvss 4.2epss 0.00

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2025-23301MedSep 4, 2025
    risk 0.27cvss 4.2epss 0.00

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.