VYPR

Bmc

by Supermicro

CVEs (37)

  • CVE-2022-42280Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.

  • CVE-2022-42279Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42278Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42275Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.

  • CVE-2022-42274Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42273Jan 12, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42272Jan 12, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.

  • CVE-2022-42271Jan 11, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

  • CVE-2021-28203Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

  • CVE-2021-28201Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate…

  • CVE-2021-28199Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28197Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…

  • CVE-2021-28196Apr 6, 2021
    risk 0.00cvss epss 0.01

    The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28186Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28185Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28180Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28178Apr 6, 2021
    risk 0.00cvss epss 0.02

    The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

Page 2 of 2