Vendor CVEs
Ami
All CVEs
65 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-33044 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability. | ||
| CVE-2025-22832 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | ||
| CVE-2025-22831 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | ||
| CVE-2022-29974 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2024 | AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | ||
| CVE-2024-54085 | 0.15 | — | 0.61 | KEV | Mar 11, 2025 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||
| CVE-2022-2827 | 0.02 | — | 0.02 | Dec 5, 2022 | AMI MegaRAC User Enumeration Vulnerability | |||
| CVE-2025-58770 | 0.00 | — | 0.00 | Dec 12, 2025 | APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and… | |||
| CVE-2025-22833 | 0.00 | — | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution. | |||
| CVE-2025-33045 | 0.00 | — | 0.00 | Sep 9, 2025 | APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information… | |||
| CVE-2025-22830 | 0.00 | — | 0.00 | Aug 12, 2025 | APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability. | |||
| CVE-2025-22834 | 0.00 | — | 0.00 | Aug 12, 2025 | AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability. | |||
| CVE-2025-33043 | 0.00 | — | 0.00 | May 29, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity. | |||
| CVE-2024-42446 | 0.00 | — | 0.00 | May 13, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | |||
| CVE-2024-54084 | 0.00 | — | 0.00 | Mar 11, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | |||
| CVE-2024-33659 | 0.00 | — | 0.00 | Feb 11, 2025 | AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting… | |||
| CVE-2024-42444 | 0.00 | — | 0.00 | Jan 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device. | |||
| CVE-2024-2315 | 0.00 | — | 0.00 | Nov 12, 2024 | APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. | |||
| CVE-2024-33658 | 0.00 | — | 0.00 | Nov 12, 2024 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and… | |||
| CVE-2024-33660 | 0.00 | — | 0.00 | Nov 12, 2024 | An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. | |||
| CVE-2024-42442 | 0.00 | — | 0.01 | Nov 12, 2024 | APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System… | |||
| CVE-2024-33657 | 0.00 | — | 0.00 | Aug 21, 2024 | This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | |||
| CVE-2024-33656 | 0.00 | — | 0.00 | Aug 21, 2024 | The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | |||
| CVE-2023-37297 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||
| CVE-2023-37296 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||
| CVE-2023-37295 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. … | |||
| CVE-2023-37294 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. … | |||
| CVE-2023-37293 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||
| CVE-2023-34333 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. … | |||
| CVE-2023-3043 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. … | |||
| CVE-2023-34332 | 0.00 | — | 0.00 | Jan 9, 2024 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. … | |||
| CVE-2023-39538 | 0.00 | — | 0.00 | Dec 6, 2023 | AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||
| CVE-2023-39539 | 0.00 | — | 0.01 | Dec 6, 2023 | AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||
| CVE-2023-39537 | 0.00 | — | 0.00 | Nov 14, 2023 | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||
| CVE-2023-39536 | 0.00 | — | 0.00 | Nov 14, 2023 | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||
| CVE-2023-39535 | 0.00 | — | 0.00 | Nov 14, 2023 | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||
| CVE-2023-34470 | 0.00 | — | 0.00 | Sep 12, 2023 | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||
| CVE-2023-34469 | 0.00 | — | 0.00 | Sep 12, 2023 | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. | |||
| CVE-2023-34330 | 0.00 | — | 0.01 | Jul 18, 2023 | AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||
| CVE-2023-34329 | 0.00 | — | 0.01 | Jul 18, 2023 | AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. | |||
| CVE-2023-34473 | 0.00 | — | 0.00 | Jul 5, 2023 | AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||
| CVE-2023-34472 | 0.00 | — | 0.00 | Jul 5, 2023 | AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. | |||
| CVE-2023-34471 | 0.00 | — | 0.00 | Jul 5, 2023 | AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication. | |||
| CVE-2023-34338 | 0.00 | — | 0.00 | Jul 5, 2023 | AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||
| CVE-2023-34337 | 0.00 | — | 0.00 | Jul 5, 2023 | AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||
| CVE-2023-34336 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. | |||
| CVE-2023-34335 | 0.00 | — | 0.00 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. | |||
| CVE-2023-34334 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||
| CVE-2023-34343 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||
| CVE-2023-34342 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | |||
| CVE-2023-34341 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or… |
- risk 0.51cvss 7.8epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability.
- risk 0.51cvss 7.8epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
- risk 0.51cvss 7.8epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
- risk 0.28cvss 4.3epss 0.00
AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.
- risk 0.15cvss —epss 0.61
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- CVE-2022-2827Dec 5, 2022risk 0.02cvss —epss 0.02
AMI MegaRAC User Enumeration Vulnerability
- CVE-2025-58770Dec 12, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and…
- CVE-2025-22833Oct 14, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution.
- CVE-2025-33045Sep 9, 2025risk 0.00cvss —epss 0.00
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information…
- CVE-2025-22830Aug 12, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability.
- CVE-2025-22834Aug 12, 2025risk 0.00cvss —epss 0.00
AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability.
- CVE-2025-33043May 29, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
- CVE-2024-42446May 13, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
- CVE-2024-54084Mar 11, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
- CVE-2024-33659Feb 11, 2025risk 0.00cvss —epss 0.00
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting…
- CVE-2024-42444Jan 14, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.
- CVE-2024-2315Nov 12, 2024risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.
- CVE-2024-33658Nov 12, 2024risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and…
- CVE-2024-33660Nov 12, 2024risk 0.00cvss —epss 0.00
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
- CVE-2024-42442Nov 12, 2024risk 0.00cvss —epss 0.01
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System…
- CVE-2024-33657Aug 21, 2024risk 0.00cvss —epss 0.00
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.
- CVE-2024-33656Aug 21, 2024risk 0.00cvss —epss 0.00
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms
- CVE-2023-37297Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- CVE-2023-37296Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- CVE-2023-37295Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …
- CVE-2023-37294Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …
- CVE-2023-37293Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- CVE-2023-34333Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …
- CVE-2023-3043Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …
- CVE-2023-34332Jan 9, 2024risk 0.00cvss —epss 0.00
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …
- CVE-2023-39538Dec 6, 2023risk 0.00cvss —epss 0.00
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
- CVE-2023-39539Dec 6, 2023risk 0.00cvss —epss 0.01
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
- CVE-2023-39537Nov 14, 2023risk 0.00cvss —epss 0.00
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
- CVE-2023-39536Nov 14, 2023risk 0.00cvss —epss 0.00
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
- CVE-2023-39535Nov 14, 2023risk 0.00cvss —epss 0.00
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
- CVE-2023-34470Sep 12, 2023risk 0.00cvss —epss 0.00
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
- CVE-2023-34469Sep 12, 2023risk 0.00cvss —epss 0.00
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality.
- CVE-2023-34330Jul 18, 2023risk 0.00cvss —epss 0.01
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
- CVE-2023-34329Jul 18, 2023risk 0.00cvss —epss 0.01
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.
- CVE-2023-34473Jul 5, 2023risk 0.00cvss —epss 0.00
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
- CVE-2023-34472Jul 5, 2023risk 0.00cvss —epss 0.00
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.
- CVE-2023-34471Jul 5, 2023risk 0.00cvss —epss 0.00
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.
- CVE-2023-34338Jul 5, 2023risk 0.00cvss —epss 0.00
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
- CVE-2023-34337Jul 5, 2023risk 0.00cvss —epss 0.00
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
- CVE-2023-34336Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.
- CVE-2023-34335Jun 12, 2023risk 0.00cvss —epss 0.00
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.
- CVE-2023-34334Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
- CVE-2023-34343Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
- CVE-2023-34342Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.
- CVE-2023-34341Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or…
Page 1 of 2