VYPR

Bmc

by Supermicro

CVEs (37)

  • CVE-2025-8727HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.

  • CVE-2025-8076HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.

  • CVE-2025-8404MedNov 18, 2025
    risk 0.36cvss 5.5epss 0.00

    Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system.

  • CVE-2025-7623MedNov 18, 2025
    risk 0.35cvss 5.4epss 0.00

    Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware…

  • CVE-2025-7704MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability

  • CVE-2013-4782Jul 8, 2013
    risk 0.05cvss epss 0.26

    The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

  • CVE-2023-34336Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.  

  • CVE-2023-34335Jun 12, 2023
    risk 0.00cvss epss 0.00

    AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.  

  • CVE-2023-34334Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  

  • CVE-2023-34343Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.

  • CVE-2023-34342Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.

  • CVE-2023-34341Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or…

  • CVE-2023-34345Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.

  • CVE-2023-34344Jun 12, 2023
    risk 0.00cvss epss 0.00

    AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.

  • CVE-2022-42290Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42288Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

  • CVE-2022-42287Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

  • CVE-2022-42284Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.

  • CVE-2022-42283Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42282Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.

Page 1 of 2