CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2020-12374
https://notcve.org/view.php?id=CVE-2020-12374
19 Feb 2021 — Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. Un desbordamiento del búfer en el firmware de BMC para algunas Intel® Server Boards, Server Systems y Compute Modules versiones anteriores a 2.47, puede permitir a un usuario con privilegios habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2020-12376
https://notcve.org/view.php?id=CVE-2020-12376
17 Feb 2021 — Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. Un uso de una clave embebida en el firmware BMC para algunos Intel® Server Boards, Server Systems and Compute Modules versiones anteriores a 2.47, puede permitir que el usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2020-12375
https://notcve.org/view.php?id=CVE-2020-12375
17 Feb 2021 — Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. Un desbordamiento de pila en el firmware BMC para algunos Intel® Server Boards, Server Systems and Compute Modules versiones anteriores a 2.47, puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2020-12380
https://notcve.org/view.php?id=CVE-2020-12380
17 Feb 2021 — Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. Una lectura fuera de límites del firmware BMC para algunos Intel® Server Boards, Server Systems and Compute Modules versiones anteriores a 2.47, puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2020-12377
https://notcve.org/view.php?id=CVE-2020-12377
17 Feb 2021 — Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. Una comprobación insuficiente de la entrada en el firmware de BMC para algunos Intel® Server Boards, Server Systems and Compute Modules versiones anteriores a 2.47, puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acce... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2020-12373 – openSUSE Security Advisory - openSUSE-SU-2021:0393-1
https://notcve.org/view.php?id=CVE-2020-12373
17 Feb 2021 — Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. La derivación de punteros caducados en algunos controladores gráficos de Intel(R) anteriores a la versión 26.20.100.8141 puede permitir a un usuario con privilegios habilitar potencialmente una denegación de servicio mediante acceso local. An update that fixes four vulnerabilities is now available. This update for kernel-firmware ... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11615
https://notcve.org/view.php?id=CVE-2020-11615
29 Oct 2020 — NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. Los servidores NVIDIA DGX, todas las versiones de firmware BMC anteriores a 3.38.30, contienen una vulnerabilidad en el firmware AMI BMC en la que usa una clave de cifrado RC4 embebida, lo que puede conllevar a una divulgación de información • https://nvidia.custhelp.com/app/answers/detail/a_id/5010 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11616
https://notcve.org/view.php?id=CVE-2020-11616
29 Oct 2020 — NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. Los servidores NVIDIA DGX, todas las versiones del firmware de BMC anteriores a 3.38.30, contienen una vulnerabilidad en el firmware de AMI BMC en la que el algoritmo Pseudo-Random Number Generator (PRNG) ... • https://nvidia.custhelp.com/app/answers/detail/a_id/5010 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11489
https://notcve.org/view.php?id=CVE-2020-11489
29 Oct 2020 — NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure. Los servidores NVIDIA DGX, todos los DGX-1 con versiones de firmware BMC anteriores a 3.38.30 y todos los DGX-2 con versiones de firmware BMC anteriores a 1.06.06, contienen una vulnerabilidad en el firmware AMI BMC en la que son usadas ca... • https://nvidia.custhelp.com/app/answers/detail/a_id/5010 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11488
https://notcve.org/view.php?id=CVE-2020-11488
29 Oct 2020 — NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. Los servidores NVIDIA DGX, todos los DGX-1 con versiones de firmware BMC anteriores a 3.38.30 y todos los DGX-2 con versiones de firmware BMC anteriores a 1.06.06, contien... • https://nvidia.custhelp.com/app/answers/detail/a_id/5010 • CWE-347: Improper Verification of Cryptographic Signature •