{"vulnerability": "cve-2023-2552", "sightings": [{"uuid": "74848db1-4426-4c1d-b51d-b85f5779e671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25525", "type": "seen", "source": "https://t.me/cibsecurity/70760", "content": "\u203c CVE-2023-25525 \u203c\n\nNVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:30:02.000000Z"}, {"uuid": "e1d0cac5-b971-4aa2-92de-19cc65c08898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25524", "type": "seen", "source": "https://t.me/cibsecurity/67714", "content": "\u203c CVE-2023-25524 \u203c\n\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u00e2\u20ac\u2122s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T20:40:11.000000Z"}, {"uuid": "97e1b457-50eb-42f1-a4a3-6d851ee56535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25529", "type": "seen", "source": "https://t.me/cibsecurity/70754", "content": "\u203c CVE-2023-25529 \u203c\n\nNVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user\u00e2\u20ac\u2122s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:29:54.000000Z"}, {"uuid": "bbcdf278-7a71-453a-bee4-bc162dde9b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25521", "type": "seen", "source": "https://t.me/cibsecurity/65900", "content": "\u203c CVE-2023-25521 \u203c\n\nNVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-04T07:28:01.000000Z"}, {"uuid": "2ae0ad08-6370-42ac-8107-8dc9aa755352", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2552", "type": "seen", "source": "https://t.me/cibsecurity/63399", "content": "\u203c CVE-2023-2552 \u203c\n\nCross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-06T00:25:18.000000Z"}, {"uuid": "25b52860-fe33-4123-a44e-344359cf2604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25526", "type": "seen", "source": "https://t.me/cibsecurity/70762", "content": "\u203c CVE-2023-25526 \u203c\n\nNVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T16:25:39.000000Z"}, {"uuid": "16f0be7d-43db-4279-b9d7-762c7a081340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25528", "type": "seen", "source": "https://t.me/cibsecurity/70758", "content": "\u203c CVE-2023-25528 \u203c\n\nNVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:29:57.000000Z"}, {"uuid": "af53e566-df52-40cc-8077-7e810f06a345", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25527", "type": "seen", "source": "https://t.me/cibsecurity/70756", "content": "\u203c CVE-2023-25527 \u203c\n\nNVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:29:55.000000Z"}]}