Vendor CVEs
Supermicro
All CVEs
115 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36435 | Cri | 0.65 | 9.8 | 0.01 | Jul 11, 2024 | An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code… | ||
| CVE-2025-12007 | Hig | 0.55 | 8.4 | 0.00 | Jan 16, 2026 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2024-36434 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-36433 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-36432 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. | ||
| CVE-2026-3820 | Hig | 0.47 | 7.2 | 0.00 | Jun 4, 2026 | There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended… | ||
| CVE-2025-12006 | Hig | 0.47 | 7.2 | 0.00 | Jan 16, 2026 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2025-8727 | Hig | 0.47 | 7.2 | 0.00 | Nov 18, 2025 | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||
| CVE-2025-8076 | Hig | 0.47 | 7.2 | 0.00 | Nov 18, 2025 | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||
| CVE-2025-7937 | Hig | 0.47 | 7.2 | 0.00 | Sep 19, 2025 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2025-6198 | Hig | 0.47 | 7.2 | 0.00 | Sep 19, 2025 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2024-10239 | Hig | 0.47 | 7.2 | 0.00 | Feb 4, 2025 | A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld. | ||
| CVE-2024-10238 | Hig | 0.47 | 7.2 | 0.00 | Feb 4, 2025 | A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes. | ||
| CVE-2024-10237 | Hig | 0.47 | 7.2 | 0.00 | Feb 4, 2025 | There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process | ||
| CVE-2018-13787 | Med | 0.44 | 6.7 | 0.00 | Jul 9, 2018 | Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. | ||
| CVE-2025-8404 | Med | 0.36 | 5.5 | 0.00 | Nov 18, 2025 | Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system. | ||
| CVE-2025-7623 | Med | 0.35 | 5.4 | 0.00 | Nov 18, 2025 | Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware… | ||
| CVE-2025-7704 | Med | 0.35 | 5.4 | 0.00 | Nov 13, 2025 | Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability | ||
| CVE-2013-3623 | 0.09 | — | 0.72 | Dec 10, 2013 | Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1)… | |||
| CVE-2013-4782 | 0.05 | — | 0.26 | Jul 8, 2013 | The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||
| CVE-2013-3619 | 0.04 | — | 0.10 | Jan 2, 2020 | Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL… | |||
| CVE-2020-15046 | 0.03 | — | 0.02 | Jun 24, 2020 | The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. | |||
| CVE-2019-19642 | 0.02 | — | 0.19 | Dec 8, 2019 | On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in… | |||
| CVE-2013-3608 | 0.01 | — | 0.06 | Sep 8, 2013 | The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to… | |||
| CVE-2013-3607 | 0.01 | — | 0.10 | Sep 8, 2013 | Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices… | |||
| CVE-2023-40286 | 0.00 | — | 0.01 | Mar 27, 2024 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||
| CVE-2023-40290 | 0.00 | — | 0.01 | Mar 27, 2024 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows. | |||
| CVE-2023-40284 | 0.00 | — | 0.01 | Mar 27, 2024 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||
| CVE-2023-40289 | 0.00 | — | 0.18 | Mar 27, 2024 | A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges. | |||
| CVE-2023-40288 | 0.00 | — | 0.01 | Mar 27, 2024 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||
| CVE-2023-40285 | 0.00 | — | 0.01 | Mar 27, 2024 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||
| CVE-2023-40287 | 0.00 | — | 0.01 | Mar 27, 2024 | An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||
| CVE-2023-33413 | 0.00 | — | 0.01 | Dec 7, 2023 | The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary… | |||
| CVE-2023-33412 | 0.00 | — | 0.01 | Dec 7, 2023 | The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a… | |||
| CVE-2023-33411 | 0.00 | — | 0.01 | Dec 7, 2023 | A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal,… | |||
| CVE-2023-34853 | 0.00 | — | 0.00 | Aug 22, 2023 | Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. | |||
| CVE-2023-35861 | 0.00 | — | 0.02 | Jul 31, 2023 | A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | |||
| CVE-2023-34336 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. | |||
| CVE-2023-34335 | 0.00 | — | 0.00 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. | |||
| CVE-2023-34334 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||
| CVE-2023-34343 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||
| CVE-2023-34342 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | |||
| CVE-2023-34341 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or… | |||
| CVE-2023-34345 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | |||
| CVE-2023-34344 | 0.00 | — | 0.00 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. | |||
| CVE-2022-43309 | 0.00 | — | 0.00 | Apr 7, 2023 | Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | |||
| CVE-2022-42290 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42289 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42288 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | |||
| CVE-2022-42287 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. |
- risk 0.65cvss 9.8epss 0.01
An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code…
- risk 0.55cvss 8.4epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
- risk 0.49cvss 7.5epss 0.00
An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.
- risk 0.49cvss 7.5epss 0.00
An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.
- risk 0.49cvss 7.5epss 0.00
An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended…
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
- risk 0.47cvss 7.2epss 0.00
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.
- risk 0.47cvss 7.2epss 0.00
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process
- risk 0.44cvss 6.7epss 0.00
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
- risk 0.36cvss 5.5epss 0.00
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system.
- risk 0.35cvss 5.4epss 0.00
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware…
- risk 0.35cvss 5.4epss 0.00
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
- CVE-2013-3623Dec 10, 2013risk 0.09cvss —epss 0.72
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1)…
- CVE-2013-4782Jul 8, 2013risk 0.05cvss —epss 0.26
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
- CVE-2013-3619Jan 2, 2020risk 0.04cvss —epss 0.10
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL…
- CVE-2020-15046Jun 24, 2020risk 0.03cvss —epss 0.02
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
- CVE-2019-19642Dec 8, 2019risk 0.02cvss —epss 0.19
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in…
- CVE-2013-3608Sep 8, 2013risk 0.01cvss —epss 0.06
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to…
- CVE-2013-3607Sep 8, 2013risk 0.01cvss —epss 0.10
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices…
- CVE-2023-40286Mar 27, 2024risk 0.00cvss —epss 0.01
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
- CVE-2023-40290Mar 27, 2024risk 0.00cvss —epss 0.01
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.
- CVE-2023-40284Mar 27, 2024risk 0.00cvss —epss 0.01
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
- CVE-2023-40289Mar 27, 2024risk 0.00cvss —epss 0.18
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
- CVE-2023-40288Mar 27, 2024risk 0.00cvss —epss 0.01
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
- CVE-2023-40285Mar 27, 2024risk 0.00cvss —epss 0.01
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
- CVE-2023-40287Mar 27, 2024risk 0.00cvss —epss 0.01
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
- CVE-2023-33413Dec 7, 2023risk 0.00cvss —epss 0.01
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary…
- CVE-2023-33412Dec 7, 2023risk 0.00cvss —epss 0.01
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a…
- CVE-2023-33411Dec 7, 2023risk 0.00cvss —epss 0.01
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal,…
- CVE-2023-34853Aug 22, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.
- CVE-2023-35861Jul 31, 2023risk 0.00cvss —epss 0.02
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.
- CVE-2023-34336Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.
- CVE-2023-34335Jun 12, 2023risk 0.00cvss —epss 0.00
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.
- CVE-2023-34334Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
- CVE-2023-34343Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
- CVE-2023-34342Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.
- CVE-2023-34341Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or…
- CVE-2023-34345Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.
- CVE-2023-34344Jun 12, 2023risk 0.00cvss —epss 0.00
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.
- CVE-2022-43309Apr 7, 2023risk 0.00cvss —epss 0.00
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.
- CVE-2022-42290Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42289Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42288Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.
- CVE-2022-42287Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.
Page 1 of 3