CPE Details
NVIDIA Data Center GPU Manager (DCGM) 1.4.6
1.4.6
2023-04-05
13h25 +00:00
13h25 +00:00
2023-04-07
12h24 +00:00
12h24 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:nvidia:data_center_gpu_manager:1.4.6:*:*:*:*:*:*:*
Informations
Vendor
nvidiaProduct
data_center_gpu_managerVersion
1.4.6Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. | 8.4 |
High |
||
| NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. | 6.3 |
Medium |
||
| NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. | 7.8 |
High |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.