VYPR

Vendor CVEs

Supermicro

All CVEs

115 total · sorted by risk
  • CVE-2024-36435CriJul 11, 2024
    risk 0.65cvss 9.8epss 0.01

    An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code…

  • CVE-2025-12007HigJan 16, 2026
    risk 0.55cvss 8.4epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2024-36434HigJul 15, 2024
    risk 0.49cvss 7.5epss 0.00

    An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.

  • CVE-2024-36433HigJul 15, 2024
    risk 0.49cvss 7.5epss 0.00

    An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.

  • CVE-2024-36432HigJul 15, 2024
    risk 0.49cvss 7.5epss 0.00

    An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.

  • CVE-2026-3820HigJun 4, 2026
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.  An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended…

  • CVE-2025-12006HigJan 16, 2026
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2025-8727HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.

  • CVE-2025-8076HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.

  • CVE-2025-7937HigSep 19, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.

  • CVE-2025-6198HigSep 19, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2024-10239HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.

  • CVE-2024-10238HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

  • CVE-2024-10237HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

  • CVE-2018-13787MedJul 9, 2018
    risk 0.44cvss 6.7epss 0.00

    Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

  • CVE-2025-8404MedNov 18, 2025
    risk 0.36cvss 5.5epss 0.00

    Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system.

  • CVE-2025-7623MedNov 18, 2025
    risk 0.35cvss 5.4epss 0.00

    Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware…

  • CVE-2025-7704MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability

  • CVE-2013-3623Dec 10, 2013
    risk 0.09cvss epss 0.72

    Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1)…

  • CVE-2013-4782Jul 8, 2013
    risk 0.05cvss epss 0.26

    The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

  • CVE-2013-3619Jan 2, 2020
    risk 0.04cvss epss 0.10

    Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL…

  • CVE-2020-15046Jun 24, 2020
    risk 0.03cvss epss 0.02

    The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.

  • CVE-2019-19642Dec 8, 2019
    risk 0.02cvss epss 0.19

    On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in…

  • CVE-2013-3608Sep 8, 2013
    risk 0.01cvss epss 0.06

    The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to…

  • CVE-2013-3607Sep 8, 2013
    risk 0.01cvss epss 0.10

    Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices…

  • CVE-2023-40286Mar 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.

  • CVE-2023-40290Mar 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.

  • CVE-2023-40284Mar 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.

  • CVE-2023-40289Mar 27, 2024
    risk 0.00cvss epss 0.18

    A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.

  • CVE-2023-40288Mar 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.

  • CVE-2023-40285Mar 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.

  • CVE-2023-40287Mar 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.

  • CVE-2023-33413Dec 7, 2023
    risk 0.00cvss epss 0.01

    The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary…

  • CVE-2023-33412Dec 7, 2023
    risk 0.00cvss epss 0.01

    The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a…

  • CVE-2023-33411Dec 7, 2023
    risk 0.00cvss epss 0.01

    A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal,…

  • CVE-2023-34853Aug 22, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

  • CVE-2023-35861Jul 31, 2023
    risk 0.00cvss epss 0.02

    A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

  • CVE-2023-34336Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.  

  • CVE-2023-34335Jun 12, 2023
    risk 0.00cvss epss 0.00

    AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.  

  • CVE-2023-34334Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  

  • CVE-2023-34343Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.

  • CVE-2023-34342Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.

  • CVE-2023-34341Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or…

  • CVE-2023-34345Jun 12, 2023
    risk 0.00cvss epss 0.01

    AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.

  • CVE-2023-34344Jun 12, 2023
    risk 0.00cvss epss 0.00

    AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.

  • CVE-2022-43309Apr 7, 2023
    risk 0.00cvss epss 0.00

    Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.

  • CVE-2022-42290Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42289Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42288Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

  • CVE-2022-42287Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

Page 1 of 3