Bmc
by Supermicro
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-42280 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | |||
| CVE-2022-42279 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42278 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42275 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. | |||
| CVE-2022-42274 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||
| CVE-2022-42273 | 0.00 | — | 0.01 | Jan 12, 2023 | NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||
| CVE-2022-42272 | 0.00 | — | 0.01 | Jan 12, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. | |||
| CVE-2022-42271 | 0.00 | — | 0.00 | Jan 11, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution | |||
| CVE-2021-28203 | 0.00 | — | 0.02 | Apr 6, 2021 | The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | |||
| CVE-2021-28201 | 0.00 | — | 0.02 | Apr 6, 2021 | The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate… | |||
| CVE-2021-28199 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28197 | 0.00 | — | 0.02 | Apr 6, 2021 | The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally… | |||
| CVE-2021-28196 | 0.00 | — | 0.01 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28186 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28185 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28180 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28178 | 0.00 | — | 0.02 | Apr 6, 2021 | The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… |
- CVE-2022-42280Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.
- CVE-2022-42279Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42278Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42275Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.
- CVE-2022-42274Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
- CVE-2022-42273Jan 12, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
- CVE-2022-42272Jan 12, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.
- CVE-2022-42271Jan 11, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution
- CVE-2021-28203Apr 6, 2021risk 0.00cvss —epss 0.02
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
- CVE-2021-28201Apr 6, 2021risk 0.00cvss —epss 0.02
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate…
- CVE-2021-28199Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28197Apr 6, 2021risk 0.00cvss —epss 0.02
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…
- CVE-2021-28196Apr 6, 2021risk 0.00cvss —epss 0.01
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28186Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28185Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28180Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28178Apr 6, 2021risk 0.00cvss —epss 0.02
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
Page 2 of 2