Vulnerabilities > Nvidia > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-29 | CVE-2022-28198 | Unspecified vulnerability in Nvidia Omniverse Cache and Omniverse Nucleus NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. | 4.6 |
2022-04-27 | CVE-2022-28193 | Out-of-bounds Write vulnerability in Nvidia Jetson Linux NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | 5.6 |
2022-04-27 | CVE-2022-28194 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Jetson Linux NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. | 5.6 |
2022-04-27 | CVE-2022-28195 | Integer Overflow or Wraparound vulnerability in Nvidia Jetson Linux NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. | 5.7 |
2022-04-27 | CVE-2022-28196 | Out-of-bounds Write vulnerability in Nvidia Jetson Linux NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. | 4.6 |
2022-04-27 | CVE-2022-28197 | Integer Overflow or Wraparound vulnerability in Nvidia Jetson Linux NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. | 5.0 |
2022-03-29 | CVE-2022-21821 | Integer Overflow or Wraparound vulnerability in Nvidia Cuda Toolkit NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. | 6.8 |
2022-03-24 | CVE-2022-21820 | Improper Handling of Exceptional Conditions vulnerability in Nvidia Data Center GPU Manager NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. | 6.3 |
2022-02-15 | CVE-2022-21818 | Cleartext Storage of Sensitive Information vulnerability in Nvidia License System NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity. | 5.5 |
2022-02-07 | CVE-2022-21813 | Improper Handling of Exceptional Conditions vulnerability in Nvidia products NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | 6.1 |