VYPR

Vendor CVEs

Nvidia

All CVEs

1,011 total · sorted by risk
  • CVE-2021-34387Jun 21, 2021
    risk 0.00cvss epss 0.00

    The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and…

  • CVE-2021-34386Jun 21, 2021
    risk 0.00cvss epss 0.00

    Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows.

  • CVE-2021-1087Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior…

  • CVE-2021-1086Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version…

  • CVE-2021-1085Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and…

  • CVE-2021-1084Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior…

  • CVE-2021-1083Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x…

  • CVE-2021-1081Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x…

  • CVE-2021-1082Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4)…

  • CVE-2021-1080Apr 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x…

  • CVE-2021-1078Apr 21, 2021
    risk 0.00cvss epss 0.00

    NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.

  • CVE-2021-1075Apr 21, 2021
    risk 0.00cvss epss 0.00

    NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code…

  • CVE-2021-1074Apr 21, 2021
    risk 0.00cvss epss 0.01

    NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the…

  • CVE-2021-1077Apr 21, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

  • CVE-2021-1076Apr 21, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

  • CVE-2021-1079Apr 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have…

  • CVE-2020-12364Feb 17, 2021
    risk 0.00cvss epss 0.00

    Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

  • CVE-2020-12362Feb 17, 2021
    risk 0.00cvss epss 0.00

    Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-1072Feb 5, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.

  • CVE-2021-1071Jan 26, 2021
    risk 0.00cvss epss 0.00

    NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage…

  • CVE-2021-1070Jan 26, 2021
    risk 0.00cvss epss 0.00

    NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied,…

  • CVE-2021-1069Jan 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

  • CVE-2021-1067Jan 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

  • CVE-2021-1068Jan 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

  • CVE-2021-1066Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to…

  • CVE-2021-1065Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

  • CVE-2021-1064Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU…

  • CVE-2021-1063Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6)…

  • CVE-2021-1061Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version…

  • CVE-2021-1062Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

  • CVE-2021-1060Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

  • CVE-2021-1059Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6)…

  • CVE-2021-1058Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

  • CVE-2021-1057Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information…

  • CVE-2021-1055Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure.

  • CVE-2021-1054Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or…

  • CVE-2021-1051Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display configuration data, which may result in denial of service of the display.

  • CVE-2021-1052Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of…

  • CVE-2021-1053Jan 8, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.

  • CVE-2020-5992Nov 11, 2020
    risk 0.00cvss epss 0.00

    NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or…

  • CVE-2020-5991Oct 30, 2020
    risk 0.00cvss epss 0.00

    NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

  • CVE-2020-11615Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.

  • CVE-2020-11616Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead…

  • CVE-2020-11488Oct 29, 2020
    risk 0.00cvss epss 0.00

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware…

  • CVE-2020-11489Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

  • CVE-2020-11487Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with…

  • CVE-2020-11486Oct 29, 2020
    risk 0.00cvss epss 0.03

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to…

  • CVE-2020-11484Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.

  • CVE-2020-11485Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was…

  • CVE-2020-11483Oct 29, 2020
    risk 0.00cvss epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges…

Page 18 of 21