Filtered by vendor Nvidia
Subscribe
Total
555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1074 | 1 Nvidia | 1 Gpu Display Driver | 2022-07-21 | 6.9 MEDIUM | 7.3 HIGH |
| NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure. | |||||
| CVE-2021-1113 | 1 Nvidia | 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more | 2022-07-15 | 5.4 MEDIUM | 4.7 MEDIUM |
| NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients. | |||||
| CVE-2022-31605 | 1 Nvidia | 1 Nvflare | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | |||||
| CVE-2022-31604 | 1 Nvidia | 1 Nvflare | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | |||||
| CVE-2022-31599 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 8.2 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-31600 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 8.2 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-31601 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | |||||
| CVE-2022-31602 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. | |||||
| CVE-2022-31603 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure. | |||||
| CVE-2022-28200 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-12 | 4.6 MEDIUM | 8.2 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2021-1073 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2022-07-12 | 5.1 MEDIUM | 8.3 HIGH |
| NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost. | |||||
| CVE-2021-1055 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2022-07-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure. | |||||
| CVE-2021-1066 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-34396 | 1 Nvidia | 5 Jetson Linux, Jetson Tx2, Jetson Tx2 4gb and 2 more | 2022-07-12 | 2.1 LOW | 2.3 LOW |
| Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service. | |||||
| CVE-2021-1106 | 1 Nvidia | 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more | 2022-07-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system. | |||||
| CVE-2021-1107 | 1 Nvidia | 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more | 2022-07-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components. | |||||
| CVE-2021-1108 | 1 Nvidia | 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more | 2022-07-08 | 4.6 MEDIUM | 7.3 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. | |||||
| CVE-2021-1111 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2022-07-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components. | |||||
| CVE-2021-1087 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2022-06-28 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7). | |||||
| CVE-2021-1088 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2022-06-28 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure. | |||||