17 matches found
CVE-2020-12373
CVE-2020-12373 is an expired pointer dereference in Intel graphics drivers prior to 26.20.100.8141 that could allow a local privileged user to cause a denial of service. Public docs show this CVE fixed by the kernel-firmware update in openSUSE/SUSE advisories (openSUSE-2021-407 / openSUSE-SU-2021...
CVE-2020-11485
CVE-2020-11485 affects NVIDIA DGX systems (notably DGX-1) with AMI BMC firmware versions prior to 3.38.30. The vulnerability is a Cross-Site Request Forgery (CSRF) in the BMC web interface, where the application does not sufficiently verify that a request is intentional, potentially enabling info...
CVE-2020-11487
CVE-2020-11487 affects NVIDIA DGX-1, DGX-2, and DGX A100 servers via AMI BMC firmware with a hard-coded RSA 1024 key and weak ciphers, leading to information disclosure over the BMC. Affected firmware is before 3.38.30 (DGX-1), before 1.06.06 (DGX-2), and before 00.13.16 (DGX A100). NVIDIA provid...
CVE-2020-11488
CVE-2020-11488 affects NVIDIA DGX-1 and DGX-2 systems where the AMI BMC firmware before the stated versions does not validate the RSA-1024 public key used to verify firmware signatures, enabling potential information disclosure or code execution. Public details from NVIDIA/NVD indicate DGX-1 BMC ...
CVE-2020-11616
CVE-2020-11616 affects NVIDIA DGX servers with BMC firmware versions prior to 3.38.30. The vulnerability arises from a weak PRNG in the JSOL IPMI package of the AMI BMC firmware, which could lead to information disclosure. Public documents identify the affected product class but do not provide ex...
CVE-2020-12374
CVE-2020-12374 is a local-privilege-escalation vulnerability affecting Intel® Server Boards, Server Systems and Compute Modules due to a buffer overflow in the BMC firmware before version 2.47. Red Hat and NVD entries describe the issue identically, with impact on confidentiality, integrity, and ...
CVE-2020-11489
NVIDIA DGX servers are affected by CVE-2020-11489 due to a vulnerability in the AMI BMC firmware where default SNMP community strings may lead to information disclosure. Affected systems include DGX-1 with BMC firmware prior to 3.38.30 and DGX-2 with BMC firmware prior to 1.06.06. NVIDIA’s securi...
CVE-2020-11486
CVE-2020-11486 (NVIDIA DGX BMC): A vulnerability in the AMI Baseboard Management Controller (BMC) firmware on DGX-1 (and related DGX models) allows an attacker to upload or transfer files that can be automatically processed within the product’s environment, potentially enabling remote code execut...
CVE-2020-11484
CVE-2020-11484 affects NVIDIA DGX-1 (and DGX-2, DGX A100) with AMI BMC firmware older than 3.38.30. The vulnerability allows an attacker with administrative privileges to obtain the hash of the BMC/IPMI user password, potentially leading to information disclosure. NVIDIA’s security bulletin docum...
CVE-2020-11615
NVIDIA DGX servers with AMI BMC firmware older than 3.38.30 are affected by CVE-2020-11615 due to a hard-coded RC4 cipher key in the AMI BMC firmware, which may lead to information disclosure. The NVIDIA security bulletin lists BMC firmware updates to 3.38.30 (and related DGX models) as the remed...
CVE-2020-11483
NVIDIA DGX-1, DGX-2, and DGX A100 DGX systems are affected by CVE-2020-11483 due to hard-coded credentials in the AMI BMC firmware. The root cause is embedded credentials in the BMC firmware, which may permit elevation of privileges or information disclosure over the network. According to NVIDIA’...
CVE-2020-12377
CVE-2020-12377 affects Intel® Server Boards, Server Systems and Compute Modules via the BMC firmware up to version 2.47. The issue is insufficient input validation in BMC firmware, which could allow an authenticated local user to escalate privileges. Intel’s advisory (Intel-SA-00434) lists this C...
CVE-2020-12380
CVE-2020-12380 affects Intel BMC firmware on select Server Boards/Systems/Compute Modules. An authenticated local user can exploit an out-of-bounds read in firmware before version 2.47, potentially escalating privileges. Remediation is to apply the Intel firmware updates (2.47 or newer) as descri...
CVE-2020-12375
CVE-2020-12375 : A heap overflow in the BMC firmware of Intel® Server Boards, Server Systems and Compute Modules prior to version 2.47 may allow an authenticated local user to escalate privileges. The issue is documented across multiple sources (NVD entry and Intel advisory Intel-SA-00434) with r...
CVE-2018-3682
CVE-2018-3682 affects Intel server BMC firmware on server boards, compute modules, and server systems. The vulnerability allows an attacker with administrative privileges to perform unauthorized read/write operations on the SMBUS, exposing confidentiality, integrity, and availability impacts. CVS...
CVE-2018-12171
CVE-2018-12171 affects Intel® Baseboard Management Controller (BMC) firmware prior to 1.43.91f76955. The issue enables privilege escalation by an unprivileged user to potentially execute arbitrary code or cause a network-based denial of service. Affected products include multiple Intel server boa...
CVE-2020-12376
CVE-2020-12376 affects Intel® Server Boards, Server Systems and Compute Modules BMC firmware. The issue is use of a hard-coded key in firmware before version 2.47, potentially enabling information disclosure via local access by an authenticated user. Intel’s advisory Intel‑SA‑00434 confirms the v...