‼ CVE-2022-47505 ‼
📖 Read
via "National Vulnerability Database".
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30618 ‼
📖 Read
via "National Vulnerability Database".
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29924 ‼
📖 Read
via "National Vulnerability Database".
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30621 ‼
📖 Read
via "National Vulnerability Database".
Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping <IP>` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47509 ‼
📖 Read
via "National Vulnerability Database".
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25508 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0206 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0202 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25506 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25510 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25507 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0205 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0209 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25509 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2240 ‼
📖 Read
via "National Vulnerability Database".
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25513 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0207 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0204 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0201 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25505 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25512 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.📖 Read
via "National Vulnerability Database".