Every CVE whose affected-product data names Nvidia Bmc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-25505 — CVSS 7.8 (high): NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of…
CVE-2022-42274 — CVSS 7.8 (high): NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service…
CVE-2022-42275 — CVSS 7.7 (high): NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a…
CVE-2023-0200 — CVSS 7.5 (high): NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a…
CVE-2022-42278 — CVSS 7.2 (high): NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the…
CVE-2023-25507 — CVSS 7.2 (high): NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject…
CVE-2022-42280 — CVSS 7.1 (high): NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead…
CVE-2023-25508 — CVSS 6.7 (medium): NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and…
CVE-2023-0201 — CVSS 6.7 (medium): NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable…
CVE-2022-42282 — CVSS 6.5 (medium): NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information…
CVE-2022-42283 — CVSS 6.4 (medium): NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service…
CVE-2022-42284 — CVSS 6.2 (medium): NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.
CVE-2022-42287 — CVSS 6.0 (medium): NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain…