VYPR

Vendor CVEs

Supermicro

All CVEs

115 total · sorted by risk
  • CVE-2013-3620Jan 2, 2020
    risk 0.00cvss epss 0.04

    Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

  • CVE-2019-11182Nov 14, 2019
    risk 0.00cvss epss 0.01

    Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2019-11181Nov 14, 2019
    risk 0.00cvss epss 0.00

    Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-11180Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2019-11177Nov 14, 2019
    risk 0.00cvss epss 0.01

    Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2019-11175Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2019-11174Nov 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2019-11172Nov 14, 2019
    risk 0.00cvss epss 0.01

    Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2019-11171Nov 14, 2019
    risk 0.00cvss epss 0.02

    Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

  • CVE-2019-11170Nov 14, 2019
    risk 0.00cvss epss 0.00

    Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.

  • CVE-2019-16649Sep 21, 2019
    risk 0.00cvss epss 0.01

    On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect…

  • CVE-2019-16650Sep 21, 2019
    risk 0.00cvss epss 0.02

    On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual…

  • CVE-2019-13131Jul 1, 2019
    risk 0.00cvss epss 0.04

    Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.

  • CVE-2013-3622Dec 10, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter.

  • CVE-2013-3609Sep 8, 2013
    risk 0.00cvss epss 0.05

    The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client…

Page 3 of 3