Vendor CVEs
Nvidia
All CVEs
1,011 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31017 | 0.00 | — | 0.00 | Nov 2, 2023 | NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of… | |||
| CVE-2023-31016 | 0.00 | — | 0.00 | Nov 2, 2023 | NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||
| CVE-2023-31014 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information… | |||
| CVE-2023-31015 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service. | |||
| CVE-2023-31013 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||
| CVE-2023-31012 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||
| CVE-2023-31011 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||
| CVE-2023-31010 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service. | |||
| CVE-2023-31009 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||
| CVE-2023-31008 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure. | |||
| CVE-2023-25534 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2023-25533 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges. | |||
| CVE-2023-25532 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. | |||
| CVE-2023-25531 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges. | |||
| CVE-2023-25530 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||
| CVE-2023-25529 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may… | |||
| CVE-2023-25528 | 0.00 | — | 0.01 | Sep 20, 2023 | NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary… | |||
| CVE-2023-25527 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges,… | |||
| CVE-2023-25526 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service. | |||
| CVE-2023-25525 | 0.00 | — | 0.00 | Sep 20, 2023 | NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information… | |||
| CVE-2023-25519 | 0.00 | — | 0.00 | Sep 12, 2023 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. | |||
| CVE-2023-25524 | 0.00 | — | 0.00 | Aug 3, 2023 | NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources.… | |||
| CVE-2023-25523 | 0.00 | — | 0.00 | Jul 3, 2023 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of… | |||
| CVE-2023-25522 | 0.00 | — | 0.00 | Jul 3, 2023 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure,… | |||
| CVE-2023-25521 | 0.00 | — | 0.00 | Jul 3, 2023 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of… | |||
| CVE-2023-25517 | 0.00 | — | 0.00 | Jul 3, 2023 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | |||
| CVE-2023-25516 | 0.00 | — | 0.00 | Jul 3, 2023 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. | |||
| CVE-2023-25520 | 0.00 | — | 0.00 | Jun 23, 2023 | NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service. | |||
| CVE-2023-25518 | 0.00 | — | 0.00 | Jun 23, 2023 | NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code… | |||
| CVE-2023-25515 | 0.00 | — | 0.00 | Jun 23, 2023 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | |||
| CVE-2023-25514 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of… | |||
| CVE-2023-25513 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of… | |||
| CVE-2023-25512 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code… | |||
| CVE-2023-25511 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service. | |||
| CVE-2023-25510 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. | |||
| CVE-2023-25509 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. | |||
| CVE-2023-25508 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information… | |||
| CVE-2023-25507 | 0.00 | — | 0.01 | Apr 22, 2023 | NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering. | |||
| CVE-2023-25506 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information… | |||
| CVE-2023-25505 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. | |||
| CVE-2023-0209 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure… | |||
| CVE-2023-0207 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | |||
| CVE-2023-0206 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | |||
| CVE-2023-0205 | 0.00 | — | 0.01 | Apr 22, 2023 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | |||
| CVE-2023-0204 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. | |||
| CVE-2023-0203 | 0.00 | — | 0.01 | Apr 22, 2023 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | |||
| CVE-2023-0202 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information… | |||
| CVE-2023-0201 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | |||
| CVE-2023-0200 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | |||
| CVE-2023-0199 | 0.00 | — | 0.00 | Apr 22, 2023 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. |
- CVE-2023-31017Nov 2, 2023risk 0.00cvss —epss 0.00
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of…
- CVE-2023-31016Nov 2, 2023risk 0.00cvss —epss 0.00
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
- CVE-2023-31014Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information…
- CVE-2023-31015Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.
- CVE-2023-31013Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
- CVE-2023-31012Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
- CVE-2023-31011Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
- CVE-2023-31010Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.
- CVE-2023-31009Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
- CVE-2023-31008Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.
- CVE-2023-25534Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
- CVE-2023-25533Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.
- CVE-2023-25532Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.
- CVE-2023-25531Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.
- CVE-2023-25530Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
- CVE-2023-25529Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may…
- CVE-2023-25528Sep 20, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary…
- CVE-2023-25527Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges,…
- CVE-2023-25526Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.
- CVE-2023-25525Sep 20, 2023risk 0.00cvss —epss 0.00
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information…
- CVE-2023-25519Sep 12, 2023risk 0.00cvss —epss 0.00
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.
- CVE-2023-25524Aug 3, 2023risk 0.00cvss —epss 0.00
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources.…
- CVE-2023-25523Jul 3, 2023risk 0.00cvss —epss 0.00
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of…
- CVE-2023-25522Jul 3, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure,…
- CVE-2023-25521Jul 3, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of…
- CVE-2023-25517Jul 3, 2023risk 0.00cvss —epss 0.00
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
- CVE-2023-25516Jul 3, 2023risk 0.00cvss —epss 0.00
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.
- CVE-2023-25520Jun 23, 2023risk 0.00cvss —epss 0.00
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.
- CVE-2023-25518Jun 23, 2023risk 0.00cvss —epss 0.00
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code…
- CVE-2023-25515Jun 23, 2023risk 0.00cvss —epss 0.00
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.
- CVE-2023-25514Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of…
- CVE-2023-25513Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of…
- CVE-2023-25512Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code…
- CVE-2023-25511Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.
- CVE-2023-25510Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.
- CVE-2023-25509Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.
- CVE-2023-25508Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information…
- CVE-2023-25507Apr 22, 2023risk 0.00cvss —epss 0.01
NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.
- CVE-2023-25506Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information…
- CVE-2023-25505Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.
- CVE-2023-0209Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure…
- CVE-2023-0207Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.
- CVE-2023-0206Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
- CVE-2023-0205Apr 22, 2023risk 0.00cvss —epss 0.01
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.
- CVE-2023-0204Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.
- CVE-2023-0203Apr 22, 2023risk 0.00cvss —epss 0.01
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.
- CVE-2023-0202Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information…
- CVE-2023-0201Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
- CVE-2023-0200Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
- CVE-2023-0199Apr 22, 2023risk 0.00cvss —epss 0.00
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.
Page 13 of 21