cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0200,https://securityvulnerability.io/vulnerability/CVE-2023-0200,Access Violation Vulnerability in NVIDIA DGX-2,"The NVIDIA DGX-2 is susceptible to an access violation vulnerability in the OFBD component. A user with elevated privileges can manipulate a specially crafted heap, leading to a potential buffer overflow. This scenario may enable unauthorized code execution, privilege escalation, denial of service, and information disclosure. Organizations using the DGX-2 should assess their systems and implement the necessary security patches to mitigate potential risks.",Nvidia,Nvidia Dgx Servers,7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-25509,https://securityvulnerability.io/vulnerability/CVE-2023-25509,Code Execution and Privilege Escalation Vulnerability in NVIDIA DGX-1 SBIOS,"The NVIDIA DGX-1 SBIOS has a vulnerability in the Boot Device Selection (Bds) component that could allow an attacker to execute arbitrary code or cause a denial of service. This vulnerability also poses the risk of privilege escalation, enabling unauthorized access or control over the affected systems.",Nvidia,Nvidia Dgx Servers,6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-25508,https://securityvulnerability.io/vulnerability/CVE-2023-25508,Vulnerability in NVIDIA DGX-1 BMC IPMI Handler Allows Unauthorized File Access,"The NVIDIA DGX-1 BMC is impacted by a vulnerability in its IPMI handler. This issue allows an attacker with the appropriate authorization to upload and download arbitrary files under specific conditions. Exploiting this vulnerability could potentially lead to denial of service, privilege escalation, information disclosure, and unauthorized data modification. The risk underscores the importance of robust access controls in system management interfaces.",Nvidia,Nvidia Dgx Servers,6.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-25507,https://securityvulnerability.io/vulnerability/CVE-2023-25507,Command Injection Vulnerability in NVIDIA DGX-1 BMC REST API,"The NVIDIA DGX-1 BMC has a vulnerability in its SPX REST API that allows an authenticated attacker to inject arbitrary shell commands. This could lead to severe consequences, including unauthorized code execution, service disruptions, potential information leaks, and manipulation of data, undermining the integrity of the system.",Nvidia,Nvidia Dgx Servers,7.2,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-25506,https://securityvulnerability.io/vulnerability/CVE-2023-25506,Buffer Overflow Vulnerability in NVIDIA DGX-1 AMI SBIOS,"NVIDIA DGX-1 contains a vulnerability in the Ofbd component of AMI SBIOS, where improper handling of a preconditioned heap allows a user with elevated privileges to access memory beyond the allocated buffer. This can result in various security issues including unauthorized code execution, escalation of privileges, potential denial of service, and information disclosure. The ramifications may affect not only the DGX-1 system but can also extend to other connected components.",Nvidia,Nvidia Dgx Servers,7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-25505,https://securityvulnerability.io/vulnerability/CVE-2023-25505,Buffer Overflow in NVIDIA DGX-1 BMC IPMI Handler,"The NVIDIA DGX-1 BMC is affected by a buffer overflow vulnerability in its IPMI handler. An attacker with the appropriate authorization level may exploit this weakness, potentially leading to severe consequences including denial of service, exposure of sensitive information, or arbitrary code execution. Proper mitigation strategies are essential to safeguard systems against such vulnerabilities.",Nvidia,Nvidia Dgx Servers,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-0209,https://securityvulnerability.io/vulnerability/CVE-2023-0209,Arbitrary Code Execution in NVIDIA DGX-1 SBIOS Uncore PEI Module,"The NVIDIA DGX-1 SBIOS features a vulnerability within the Uncore PEI module that lacks appropriate authentication for code executed by SSA. This oversight opens the door to various threats, including arbitrary code execution, denial of service, and escalation of privileges via firmware implants. Additionally, sensitive information could be disclosed, data could be manipulated, and SecureBoot protections could be circumvented, posing significant risks to system integrity and security.",Nvidia,Nvidia Dgx Servers,8.2,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-0207,https://securityvulnerability.io/vulnerability/CVE-2023-0207,Firmware Vulnerability in NVIDIA DGX-2 SBIOS,"NVIDIA DGX-2 SBIOS has a vulnerability allowing attackers to alter the ServerSetup NVRAM variable during runtime through the execution of privileged code. This could potentially facilitate denial of service, affecting system availability and performance.",Nvidia,Nvidia Dgx Servers,7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-0206,https://securityvulnerability.io/vulnerability/CVE-2023-0206,Memory Modification Vulnerability in NVIDIA DGX A100 SBIOS,"NVIDIA DGX A100 SBIOS has a vulnerability that allows an attacker to manipulate arbitrary memory within SMRAM by exploiting the NVME SMM API. This exploitation could potentially result in denial of service, privilege escalation, and information disclosure, thereby jeopardizing the integrity and confidentiality of system operations.",Nvidia,Nvidia Dgx Servers,7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-0202,https://securityvulnerability.io/vulnerability/CVE-2023-0202,Memory Modification Vulnerability in NVIDIA DGX A100 SBIOS,"NVIDIA DGX A100 SBIOS is susceptible to a security flaw that allows attackers to modify arbitrary memory in SMRAM via the exploitation of the GenericSio and LegacySmmSredir SMM APIs. This vulnerability could result in various impacts, including denial of service, unwanted privilege escalation, and potential disclosure of sensitive information, making it a significant concern for system integrity.",Nvidia,Nvidia Dgx Servers,7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2023-0201,https://securityvulnerability.io/vulnerability/CVE-2023-0201,Vulnerability in DGX-2 SBIOS by NVIDIA allows privilege escalation and potential code execution,"A security issue in the NVIDIA DGX-2 SBIOS allows a user with elevated privileges to execute a write operation beyond the designated memory limits of an indexable resource. This could lead to severe consequences including code execution, denial of service, compromised system integrity, and unauthorized information access, thereby exposing critical system functions to potential exploitation.",Nvidia,Nvidia Dgx Servers,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-22T03:15:00.000Z,0
CVE-2022-42290,https://securityvulnerability.io/vulnerability/CVE-2022-42290,Arbitrary Command Injection in NVIDIA BMC SPX REST API,"The NVIDIA Baseboard Management Controller contains a vulnerability within its SPX REST API that allows an authorized attacker to inject arbitrary shell commands. This exploit could lead to various severe consequences, including unauthorized code execution, denial of service, confidential information disclosure, and potential data tampering. Organizations utilizing affected versions of the BMC should evaluate and mitigate risks associated with this vulnerability to ensure system integrity and security.",Nvidia,Nvidia Dgx Servers,7.2,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2023-01-13T02:28:58.208Z,0
CVE-2022-42289,https://securityvulnerability.io/vulnerability/CVE-2022-42289,Command Injection Vulnerability in NVIDIA BMC's SPX REST API,"NVIDIA BMC is susceptible to a command injection vulnerability in its SPX REST API. An attacker with valid credentials can exploit this flaw to execute arbitrary shell commands. This may result in various harmful outcomes, including code execution, denial of service, and unauthorized access to sensitive information. Organizations utilizing affected NVIDIA products should take immediate action to mitigate potential risks associated with this vulnerability.",Nvidia,Nvidia Dgx Servers,7.2,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2023-01-13T02:09:44.143Z,0
CVE-2022-42288,https://securityvulnerability.io/vulnerability/CVE-2022-42288,IPMI Handler Vulnerability in NVIDIA BMC,"A vulnerability exists in the IPMI handler of NVIDIA BMC that allows unauthorized attackers to exploit certain oracles to deduce a valid BMC username, potentially leading to sensitive information being disclosed. This security flaw raises significant concerns regarding the integrity of systems utilizing NVIDIA BMC, underscoring the need for timely updates and mitigations.",Nvidia,Nvidia Dgx Servers,5.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-01-13T02:09:02.245Z,0
CVE-2022-42287,https://securityvulnerability.io/vulnerability/CVE-2022-42287,File Upload Vulnerability in NVIDIA BMC Affected by IPMI Handler,"NVIDIA BMC is compromised by a vulnerability in its IPMI handler that permits an authorized attacker to upload and download arbitrary files under specific conditions. This weakness raises significant security concerns, potentially enabling denial of service, privilege escalation, information disclosure, and unauthorized data manipulation. Users of NVIDIA BMC should be aware of the risks associated with improper file handling within the IPMI protocol to safeguard their environments.",Nvidia,Nvidia Dgx Servers,6,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2023-01-13T02:07:42.144Z,0
CVE-2022-42286,https://securityvulnerability.io/vulnerability/CVE-2022-42286,Code Execution and Privilege Escalation in DGX A100 SBIOS by NVIDIA,"The DGX A100 SBIOS by NVIDIA contains a vulnerability in its Boot Device Selection (Bds) component, which can be exploited to execute arbitrary code, potentially leading to denial of service and privilege escalation. This vulnerability poses significant risks to system integrity and security, necessitating prompt attention for mitigation.",Nvidia,Nvidia Dgx Servers,6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-13T02:06:23.110Z,0
CVE-2022-42285,https://securityvulnerability.io/vulnerability/CVE-2022-42285,Privilege Escalation in DGX A100 SBIOS by NVIDIA,"The DGX A100 SBIOS from NVIDIA is impacted by a vulnerability in the Pre-EFI Initialization (PEI) phase. This issue allows a privileged user to disable SPI flash protection, potentially leading to severe consequences such as denial of service, escalation of privileges, or even data tampering on the affected systems.",Nvidia,Nvidia Dgx Servers,6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-13T01:48:15.662Z,0
CVE-2022-42284,https://securityvulnerability.io/vulnerability/CVE-2022-42284,Credentials Exposure in NVIDIA BMC Software,"The NVIDIA BMC Software contains a security flaw where user passwords are stored in an obfuscated format within a database that is accessible by the host. This vulnerability poses a risk of credential exposure, potentially allowing unauthorized access to sensitive data and systems.",Nvidia,Nvidia Dgx Servers,6.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-13T01:45:54.633Z,0
CVE-2022-42283,https://securityvulnerability.io/vulnerability/CVE-2022-42283,Buffer Overflow in NVIDIA BMC IPMI Handler Affects System Security,"NVIDIA BMC is susceptible to a buffer overflow vulnerability in its IPMI handler. This flaw allows an authenticated attacker to exploit the system, potentially leading to a denial of service or arbitrary code execution. It highlights the importance of regularly updating BMC firmware and implementing robust security measures.",Nvidia,Nvidia Dgx Servers,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-13T01:39:07.928Z,0
CVE-2022-42282,https://securityvulnerability.io/vulnerability/CVE-2022-42282,Unauthorized File Access Vulnerability in NVIDIA BMC SPX REST API,"The NVIDIA BMC SPX REST API is prone to a vulnerability that allows authorized attackers to gain access to arbitrary files. This unauthorized access could potentially lead to sensitive information disclosure, raising significant concerns for security and data integrity. Organizations utilizing this API should ensure they have implemented adequate security measures to mitigate this risk.",Nvidia,Nvidia Dgx Servers,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2023-01-13T01:38:16.491Z,0
CVE-2022-42281,https://securityvulnerability.io/vulnerability/CVE-2022-42281,Out-of-bounds Write Vulnerability in NVIDIA DGX A100 SBIOS,"The NVIDIA DGX A100 has a reported vulnerability in its SBIOS related to the FsRecovery process. This issue could be exploited by a highly privileged local attacker, potentially resulting in an out-of-bounds write. Such an exploit may lead to serious consequences, including unauthorized code execution, denial of service, potential compromise of data integrity, and exposure of sensitive information.",Nvidia,Nvidia Dgx Servers,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-13T01:37:05.251Z,0
CVE-2022-42280,https://securityvulnerability.io/vulnerability/CVE-2022-42280,Path Traversal Vulnerability in NVIDIA BMC's SPX REST Auth Handler,"NVIDIA BMC has been discovered to have a vulnerability in its SPX REST authentication handler. This flaw allows unauthorized attackers to exploit a path traversal issue, potentially leading to an authentication bypass. Such vulnerabilities can undermine the security measures in place, allowing attackers to gain access to sensitive data or administrative functions without proper credentials, posing significant risks to the integrity of the system.",Nvidia,Nvidia Dgx Servers,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-13T01:35:55.532Z,0
CVE-2022-42279,https://securityvulnerability.io/vulnerability/CVE-2022-42279,Arbitrary Command Injection Vulnerability in NVIDIA BMC SPX REST API,"The NVIDIA BMC SPX REST API is susceptible to a command injection vulnerability, allowing authorized attackers to execute arbitrary shell commands. This may result in serious consequences, including code execution, denial of service scenarios, unauthorized information disclosure, and potential data tampering. It is crucial for users to take immediate action to mitigate this vulnerability and protect their systems.",Nvidia,Nvidia Dgx Servers,7.2,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2023-01-13T01:35:15.182Z,0
CVE-2022-42278,https://securityvulnerability.io/vulnerability/CVE-2022-42278,Memory Management Flaw in NVIDIA BMC's SPX REST API,"NVIDIA's BMC has a vulnerability within the SPX REST API allowing an authorized attacker to manipulate memory. This can result in unauthorized read and write access to arbitrary locations in the IPMI server process's memory. The implications of this vulnerability are severe, potentially leading to code execution, denial of service, and risks of information disclosure and data tampering.",Nvidia,Nvidia Dgx Servers,7.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-13T01:34:13.855Z,0
CVE-2022-42277,https://securityvulnerability.io/vulnerability/CVE-2022-42277,Local User Privilege Escalation Vulnerability in NVIDIA DGX Station SBIOS,"NVIDIA DGX Station contains a vulnerability in its SBIOS related to SmiFlash, where a local user with elevated privileges can manipulate system flash memory. This manipulation can result in unauthorized code execution, escalation of privileges, denial of service, and potential information disclosure. The impact of this vulnerability may extend beyond the immediate component, affecting other connected systems and applications.",Nvidia,Nvidia Dgx Servers,7.5,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-01-13T01:32:54.744Z,0