Vendor CVEs
Supermicro
All CVEs
115 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-42284 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. | |||
| CVE-2022-42283 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||
| CVE-2022-42282 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. | |||
| CVE-2022-42280 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | |||
| CVE-2022-42279 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42278 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42275 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. | |||
| CVE-2022-42274 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||
| CVE-2022-42273 | 0.00 | — | 0.01 | Jan 12, 2023 | NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||
| CVE-2022-42272 | 0.00 | — | 0.01 | Jan 12, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. | |||
| CVE-2022-42271 | 0.00 | — | 0.00 | Jan 11, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution | |||
| CVE-2020-24475 | 0.00 | — | 0.00 | Jun 9, 2021 | Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access. | |||
| CVE-2020-24473 | 0.00 | — | 0.00 | Jun 9, 2021 | Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2020-24474 | 0.00 | — | 0.00 | Jun 9, 2021 | Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||
| CVE-2021-28209 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||
| CVE-2021-28208 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||
| CVE-2021-28207 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||
| CVE-2021-28206 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||
| CVE-2021-28205 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||
| CVE-2021-28204 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | |||
| CVE-2021-28203 | 0.00 | — | 0.02 | Apr 6, 2021 | The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | |||
| CVE-2021-28202 | 0.00 | — | 0.02 | Apr 6, 2021 | The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate… | |||
| CVE-2021-28201 | 0.00 | — | 0.02 | Apr 6, 2021 | The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate… | |||
| CVE-2021-28200 | 0.00 | — | 0.02 | Apr 6, 2021 | The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the… | |||
| CVE-2021-28199 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28198 | 0.00 | — | 0.02 | Apr 6, 2021 | The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally… | |||
| CVE-2021-28197 | 0.00 | — | 0.02 | Apr 6, 2021 | The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally… | |||
| CVE-2021-28196 | 0.00 | — | 0.01 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28195 | 0.00 | — | 0.02 | Apr 6, 2021 | The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the… | |||
| CVE-2021-28193 | 0.00 | — | 0.02 | Apr 6, 2021 | The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… | |||
| CVE-2021-28191 | 0.00 | — | 0.02 | Apr 6, 2021 | The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… | |||
| CVE-2021-28190 | 0.00 | — | 0.01 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28189 | 0.00 | — | 0.02 | Apr 6, 2021 | The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… | |||
| CVE-2021-28188 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28187 | 0.00 | — | 0.01 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28186 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28185 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28184 | 0.00 | — | 0.02 | Apr 6, 2021 | The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally… | |||
| CVE-2021-28183 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28181 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28180 | 0.00 | — | 0.02 | Apr 6, 2021 | The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to… | |||
| CVE-2021-28178 | 0.00 | — | 0.02 | Apr 6, 2021 | The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… | |||
| CVE-2021-28177 | 0.00 | — | 0.02 | Apr 6, 2021 | The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… | |||
| CVE-2021-28176 | 0.00 | — | 0.02 | Apr 6, 2021 | The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web… | |||
| CVE-2021-28175 | 0.00 | — | 0.02 | Apr 6, 2021 | The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the… | |||
| CVE-2020-12374 | 0.00 | — | 0.00 | Feb 19, 2021 | Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. | |||
| CVE-2020-12376 | 0.00 | — | 0.00 | Feb 17, 2021 | Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. | |||
| CVE-2020-12375 | 0.00 | — | 0.00 | Feb 17, 2021 | Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2020-12380 | 0.00 | — | 0.00 | Feb 17, 2021 | Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2019-5500 | 0.00 | — | 0.02 | May 11, 2020 | Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). |
- CVE-2022-42284Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.
- CVE-2022-42283Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
- CVE-2022-42282Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.
- CVE-2022-42280Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.
- CVE-2022-42279Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42278Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42275Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.
- CVE-2022-42274Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
- CVE-2022-42273Jan 12, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
- CVE-2022-42272Jan 12, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.
- CVE-2022-42271Jan 11, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution
- CVE-2020-24475Jun 9, 2021risk 0.00cvss —epss 0.00
Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-24473Jun 9, 2021risk 0.00cvss —epss 0.00
Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2020-24474Jun 9, 2021risk 0.00cvss —epss 0.00
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2021-28209Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
- CVE-2021-28208Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
- CVE-2021-28207Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
- CVE-2021-28206Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
- CVE-2021-28205Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
- CVE-2021-28204Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
- CVE-2021-28203Apr 6, 2021risk 0.00cvss —epss 0.02
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
- CVE-2021-28202Apr 6, 2021risk 0.00cvss —epss 0.02
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate…
- CVE-2021-28201Apr 6, 2021risk 0.00cvss —epss 0.02
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate…
- CVE-2021-28200Apr 6, 2021risk 0.00cvss —epss 0.02
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the…
- CVE-2021-28199Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28198Apr 6, 2021risk 0.00cvss —epss 0.02
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…
- CVE-2021-28197Apr 6, 2021risk 0.00cvss —epss 0.02
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…
- CVE-2021-28196Apr 6, 2021risk 0.00cvss —epss 0.01
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28195Apr 6, 2021risk 0.00cvss —epss 0.02
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the…
- CVE-2021-28193Apr 6, 2021risk 0.00cvss —epss 0.02
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
- CVE-2021-28191Apr 6, 2021risk 0.00cvss —epss 0.02
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
- CVE-2021-28190Apr 6, 2021risk 0.00cvss —epss 0.01
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28189Apr 6, 2021risk 0.00cvss —epss 0.02
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
- CVE-2021-28188Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28187Apr 6, 2021risk 0.00cvss —epss 0.01
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28186Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28185Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28184Apr 6, 2021risk 0.00cvss —epss 0.02
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…
- CVE-2021-28183Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28181Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28180Apr 6, 2021risk 0.00cvss —epss 0.02
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…
- CVE-2021-28178Apr 6, 2021risk 0.00cvss —epss 0.02
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
- CVE-2021-28177Apr 6, 2021risk 0.00cvss —epss 0.02
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
- CVE-2021-28176Apr 6, 2021risk 0.00cvss —epss 0.02
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…
- CVE-2021-28175Apr 6, 2021risk 0.00cvss —epss 0.02
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the…
- CVE-2020-12374Feb 19, 2021risk 0.00cvss —epss 0.00
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2020-12376Feb 17, 2021risk 0.00cvss —epss 0.00
Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
- CVE-2020-12375Feb 17, 2021risk 0.00cvss —epss 0.00
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2020-12380Feb 17, 2021risk 0.00cvss —epss 0.00
Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-5500May 11, 2020risk 0.00cvss —epss 0.02
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).
Page 2 of 3