VYPR
Vendor

Supermicro

Products
119
CVEs
115
Across products
175
Status
Private

Products

119
View all 119 products →

Recent CVEs

115
View all 115 CVEs →
  • CVE-2024-36435CriJul 11, 2024
    risk 0.65cvss 9.8epss 0.01

    An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code…

  • CVE-2025-12007HigJan 16, 2026
    risk 0.55cvss 8.4epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2024-36434HigJul 15, 2024
    risk 0.49cvss 7.5epss 0.00

    An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.

  • CVE-2024-36433HigJul 15, 2024
    risk 0.49cvss 7.5epss 0.00

    An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.

  • CVE-2024-36432HigJul 15, 2024
    risk 0.49cvss 7.5epss 0.00

    An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.

  • CVE-2026-3820HigJun 4, 2026
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.  An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended…

  • CVE-2025-12006HigJan 16, 2026
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2025-8727HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.

  • CVE-2025-8076HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.

  • CVE-2025-7937HigSep 19, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.

  • CVE-2025-6198HigSep 19, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2024-10239HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.

  • CVE-2024-10238HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

  • CVE-2024-10237HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

  • CVE-2018-13787MedJul 9, 2018
    risk 0.44cvss 6.7epss 0.00

    Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

  • CVE-2025-8404MedNov 18, 2025
    risk 0.36cvss 5.5epss 0.00

    Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system.

  • CVE-2025-7623MedNov 18, 2025
    risk 0.35cvss 5.4epss 0.00

    Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware…

  • CVE-2025-7704MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability

  • CVE-2013-3623Dec 10, 2013
    risk 0.09cvss epss 0.72

    Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1)…

  • CVE-2013-4782Jul 8, 2013
    risk 0.05cvss epss 0.26

    The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.