VYPR

Vendor CVEs

Supermicro

All CVEs

115 total · sorted by risk
  • CVE-2022-42284Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.

  • CVE-2022-42283Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42282Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.

  • CVE-2022-42280Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.

  • CVE-2022-42279Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42278Jan 13, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

  • CVE-2022-42275Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.

  • CVE-2022-42274Jan 13, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42273Jan 12, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42272Jan 12, 2023
    risk 0.00cvss epss 0.01

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.

  • CVE-2022-42271Jan 11, 2023
    risk 0.00cvss epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

  • CVE-2020-24475Jun 9, 2021
    risk 0.00cvss epss 0.00

    Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2020-24473Jun 9, 2021
    risk 0.00cvss epss 0.00

    Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-24474Jun 9, 2021
    risk 0.00cvss epss 0.00

    Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2021-28209Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

  • CVE-2021-28208Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

  • CVE-2021-28207Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

  • CVE-2021-28206Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

  • CVE-2021-28205Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

  • CVE-2021-28204Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

  • CVE-2021-28203Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

  • CVE-2021-28202Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate…

  • CVE-2021-28201Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate…

  • CVE-2021-28200Apr 6, 2021
    risk 0.00cvss epss 0.02

    The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the…

  • CVE-2021-28199Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28198Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…

  • CVE-2021-28197Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…

  • CVE-2021-28196Apr 6, 2021
    risk 0.00cvss epss 0.01

    The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28195Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the…

  • CVE-2021-28193Apr 6, 2021
    risk 0.00cvss epss 0.02

    The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

  • CVE-2021-28191Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

  • CVE-2021-28190Apr 6, 2021
    risk 0.00cvss epss 0.01

    The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28189Apr 6, 2021
    risk 0.00cvss epss 0.02

    The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

  • CVE-2021-28188Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28187Apr 6, 2021
    risk 0.00cvss epss 0.01

    The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28186Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28185Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28184Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally…

  • CVE-2021-28183Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28181Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28180Apr 6, 2021
    risk 0.00cvss epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to…

  • CVE-2021-28178Apr 6, 2021
    risk 0.00cvss epss 0.02

    The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

  • CVE-2021-28177Apr 6, 2021
    risk 0.00cvss epss 0.02

    The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

  • CVE-2021-28176Apr 6, 2021
    risk 0.00cvss epss 0.02

    The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web…

  • CVE-2021-28175Apr 6, 2021
    risk 0.00cvss epss 0.02

    The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the…

  • CVE-2020-12374Feb 19, 2021
    risk 0.00cvss epss 0.00

    Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-12376Feb 17, 2021
    risk 0.00cvss epss 0.00

    Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-12375Feb 17, 2021
    risk 0.00cvss epss 0.00

    Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12380Feb 17, 2021
    risk 0.00cvss epss 0.00

    Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-5500May 11, 2020
    risk 0.00cvss epss 0.02

    Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).