Vulnerabilities > Nvidia > DGX H100 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-31010 Improper Input Validation vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation.
network
low complexity
nvidia CWE-20
8.8
2023-09-20 CVE-2023-31011 Improper Input Validation vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation.
network
low complexity
nvidia CWE-20
8.8
2023-09-20 CVE-2023-31012 Improper Input Validation vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation.
network
low complexity
nvidia CWE-20
8.8
2023-09-20 CVE-2023-31013 Improper Input Validation vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation.
network
low complexity
nvidia CWE-20
8.8
2023-09-20 CVE-2023-31015 Improper Authentication vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue.
local
low complexity
nvidia CWE-287
7.8
2023-09-20 CVE-2023-25527 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory.
local
low complexity
nvidia CWE-119
7.8
2023-09-20 CVE-2023-25528 Out-of-bounds Write vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2023-09-20 CVE-2023-25529 Information Exposure Through Discrepancy vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses.
network
high complexity
nvidia CWE-203
8.1
2023-09-20 CVE-2023-25530 Unspecified vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation.
network
low complexity
nvidia
critical
9.8
2023-09-20 CVE-2023-25531 Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials.
network
low complexity
nvidia CWE-522
critical
9.8