Vulnerabilities > Nvidia

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2023-31037 OS Command Injection vulnerability in Nvidia Bluefield BMC
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call.
network
low complexity
nvidia CWE-78
7.2
2024-01-12 CVE-2023-31024 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2024-01-12 CVE-2023-31025 Injection vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.
network
low complexity
nvidia CWE-74
7.5
2024-01-12 CVE-2023-31029 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2024-01-12 CVE-2023-31030 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2024-01-12 CVE-2023-31031 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access.
local
low complexity
nvidia CWE-787
7.8
2024-01-12 CVE-2023-31032 Improper Control of Dynamically-Managed Code Resources vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access.
local
low complexity
nvidia CWE-913
5.5
2024-01-12 CVE-2023-31033 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network .
low complexity
nvidia CWE-306
8.0
2024-01-12 CVE-2023-31034 Integer Overflow or Wraparound vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow.
local
low complexity
nvidia CWE-190
7.8
2024-01-12 CVE-2023-31035 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level.
local
low complexity
nvidia
7.8