CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25521
https://notcve.org/view.php?id=CVE-2023-25521
03 Jul 2023 — NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5461 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0206
https://notcve.org/view.php?id=CVE-2023-0206
22 Apr 2023 — NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0202
https://notcve.org/view.php?id=CVE-2023-0202
22 Apr 2023 — NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42290
https://notcve.org/view.php?id=CVE-2022-42290
13 Jan 2023 — NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42289
https://notcve.org/view.php?id=CVE-2022-42289
13 Jan 2023 — NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42288
https://notcve.org/view.php?id=CVE-2022-42288
13 Jan 2023 — NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. NVIDIA BMC contiene una vulnerabilidad en el controlador IPMI, donde un atacante no autorizado puede utilizar ciertos oráculos para adivinar un nombre de usuario de BMC válido, lo que puede dar lugar a una divulgación de información. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42281
https://notcve.org/view.php?id=CVE-2022-42281
13 Jan 2023 — NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. NVIDIA DGX A100 contiene una vulnerabilidad en SBIOS en FsRecovery, que puede permitir que un atacante local con privilegios elevados provoque una escritura fuera de los límites, lo que puede provocar la ejecución de código, denegación de servicio, integr... • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42279
https://notcve.org/view.php?id=CVE-2022-42279
13 Jan 2023 — NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. NVIDIA BMC contiene una vulnerabilidad en SPX REST API, donde un atacante autorizado puede inyectar comandos de shell arbitrarios, lo que puede provocar la ejecución de código, denegación de servicio, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42276
https://notcve.org/view.php?id=CVE-2022-42276
13 Jan 2023 — NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. NVIDIA DGX A100 contiene una vulnerabilidad en SBIOS en SmiFlash, donde un usuario local con privilegios elevados puede leer, escribir y borrar flash, lo que puede provocar la ejecución de código, escalada de ... • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42273
https://notcve.org/view.php?id=CVE-2022-42273
12 Jan 2023 — NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. NVIDIA BMC contiene una vulnerabilidad en libwebsocket, donde un atacante autorizado puede provocar un desbordamiento del búfer y provocar una denegación de servicio u obtener la ejecución de código. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •