Lucene search
K

13 matches found

CVE
CVE
added 2023/01/13 1:34 a.m.72 views

CVE-2022-42278

NVIDIA BMC vulnerability CVE-2022-42278 affects the SPX REST API in NVIDIA BMC. An authorized attacker could read/write arbitrary memory within the IPMI server process, potentially enabling code execution, denial of service, information disclosure, or data tampering. Affected system: NVIDIA BMC/S...

7.8CVSS7.5AI score0.00575EPSS
CVE
CVE
added 2023/04/22 2:22 a.m.72 views

CVE-2023-0201

CVE-2023-0201 affects NVIDIA DGX-2 SBIOS and is described as a vulnerability in Bds that allows a user with high privileges to cause a write beyond the bounds of an indexable resource, potentially enabling code execution, denial of service, integrity compromise, or information disclosure. The iss...

6.7CVSS7AI score0.00204EPSS
CVE
CVE
added 2023/01/13 1:38 a.m.70 views

CVE-2022-42282

CVE-2022-42282 affects NVIDIA DGX BMC SPX REST API. An authorized attacker can access arbitrary files, potentially causing information disclosure. NVIDIA advisories and the DGX updates identify a remediation path: BMC firmware versions prior to 2.09.00 are addressed by firmware update 2.09.00. Ex...

6.5CVSS5.2AI score0.00484EPSS
CVE
CVE
added 2023/01/13 1:45 a.m.70 views

CVE-2022-42284

CVE-2022-42284 concerns NVIDIA DGX Station A100/A800 BMC: passwords are stored in an obfuscated form in a host-accessible database, potentially leading to credential exposure. The Red Hat/NVD entries and NVIDIA bulletin corroborate that this is a BMC storage credential exposure issue. The NVIDIA ...

6.2CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2023/01/13 12:3 a.m.69 views

CVE-2022-42275

Mode C: Affected product is NVIDIA DGX Station A100/A800 BMC. CVE-2022-42275 concerns the IPMI handler where an unauthenticated host can write to the host SPI flash, bypassing secure boot protections, leading to loss of integrity and potential DoS. Root cause: IPMI/BMC tooling vulnerability allow...

7.7CVSS6.9AI score0.00196EPSS
CVE
CVE
added 2023/01/13 1:39 a.m.67 views

CVE-2022-42283

CVE-2022-42283 affects NVIDIA DGX Station A100 and DGX Station A800 BMCs, where the IPMI handler contains a vulnerability that can cause a buffer overflow. An attacker with the required privileges could trigger denial of service or gain code execution through the BMC IPMI path. The issue is docum...

7.8CVSS8AI score0.0021EPSS
CVE
CVE
added 2023/04/22 2:29 a.m.66 views

CVE-2023-25505

CVE-2023-25505 affects NVIDIA DGX-1 BMC, specifically the IPMI handler in the AMI MegaRAC BMC. The issue is a buffer overflow that an attacker with the appropriate authorization level can trigger, potentially causing denial of service, information disclosure, or arbitrary code execution. NVIDIA's...

7.8CVSS8.2AI score0.00213EPSS
CVE
CVE
added 2023/04/22 2:31 a.m.66 views

CVE-2023-25507

The CVE-2023-25507 issue affects NVIDIA DGX-1 BMC SPX REST API. A privileged, authenticated attacker can inject arbitrary shell commands via the REST API, potentially enabling code execution, denial of service, information disclosure, or data tampering. Public sources corroborate affecting DGX-1 ...

8.8CVSS8.6AI score0.00861EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.65 views

CVE-2022-42274

CVE-2022-42274 affects NVIDIA DGX Station A100/A800 BMC firmware (IPMI handler). The Red Hat/NVD/NVIDIA bulletins describe a vulnerability where an attacker with required privileges can trigger a buffer overflow in the BMC IPMI handler, leading to denial of service or potential code execution. Im...

7.8CVSS8AI score0.00253EPSS
CVE
CVE
added 2023/01/13 2:7 a.m.64 views

CVE-2022-42287

CVE-2022-42287 relates to NVIDIA BMC IPMI handler vulnerability. An authorized attacker could upload/download arbitrary files under certain conditions, potentially causing denial of service, privilege escalation, information disclosure, and data tampering. Affected products include NVIDIA DGX Sta...

7.8CVSS7.6AI score0.0022EPSS
CVE
CVE
added 2023/01/13 1:35 a.m.61 views

CVE-2022-42280

The CVE-2022-42280 issue affects NVIDIA DGX BMC SPX REST authorization. An unauthorized attacker could exploit a path traversal to escalate privileges on vulnerable BMC firmware. The NVIDIA advisory lists affected products (DGX Station A100/A800), and specifies a firmware update path with BMC Fir...

7.8CVSS7.5AI score0.00262EPSS
CVE
CVE
added 2023/04/22 2:32 a.m.61 views

CVE-2023-25508

NVIDIA DGX-1 BMC IPMI handler vulnerability (CVE-2023-25508) allows an attacker with the appropriate authorization level to upload/download arbitrary files under certain circumstances, potentially causing denial of service, privilege escalation, information disclosure, and data tampering. The iss...

7.8CVSS8AI score0.00237EPSS
CVE
CVE
added 2023/04/22 2:21 a.m.53 views

CVE-2023-0200

CVE-2023-0200 affects NVIDIA DGX-2 firmware (OFBD) where a user with high privileges and a pre-conditioned heap can cause an access beyond the end of a buffer, enabling code execution, privilege escalation, denial of service, or information disclosure. The issue is tied to a heap condition in OFB...

7.5CVSS7.2AI score0.00171EPSS