Vendor CVEs
Supermicro
All CVEs
115 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3620 | 0.00 | — | 0.04 | Jan 2, 2020 | Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | |||
| CVE-2019-11182 | 0.00 | — | 0.01 | Nov 14, 2019 | Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||
| CVE-2019-11181 | 0.00 | — | 0.00 | Nov 14, 2019 | Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||
| CVE-2019-11180 | 0.00 | — | 0.01 | Nov 14, 2019 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||
| CVE-2019-11177 | 0.00 | — | 0.01 | Nov 14, 2019 | Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||
| CVE-2019-11175 | 0.00 | — | 0.01 | Nov 14, 2019 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||
| CVE-2019-11174 | 0.00 | — | 0.01 | Nov 14, 2019 | Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | |||
| CVE-2019-11172 | 0.00 | — | 0.01 | Nov 14, 2019 | Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | |||
| CVE-2019-11171 | 0.00 | — | 0.02 | Nov 14, 2019 | Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. | |||
| CVE-2019-11170 | 0.00 | — | 0.00 | Nov 14, 2019 | Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | |||
| CVE-2019-16649 | 0.00 | — | 0.01 | Sep 21, 2019 | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect… | |||
| CVE-2019-16650 | 0.00 | — | 0.02 | Sep 21, 2019 | On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual… | |||
| CVE-2019-13131 | 0.00 | — | 0.04 | Jul 1, 2019 | Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. | |||
| CVE-2013-3622 | 0.00 | — | 0.05 | Dec 10, 2013 | Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. | |||
| CVE-2013-3609 | 0.00 | — | 0.05 | Sep 8, 2013 | The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client… |
- CVE-2013-3620Jan 2, 2020risk 0.00cvss —epss 0.04
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.
- CVE-2019-11182Nov 14, 2019risk 0.00cvss —epss 0.01
Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-11181Nov 14, 2019risk 0.00cvss —epss 0.00
Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- CVE-2019-11180Nov 14, 2019risk 0.00cvss —epss 0.01
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-11177Nov 14, 2019risk 0.00cvss —epss 0.01
Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-11175Nov 14, 2019risk 0.00cvss —epss 0.01
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-11174Nov 14, 2019risk 0.00cvss —epss 0.01
Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.
- CVE-2019-11172Nov 14, 2019risk 0.00cvss —epss 0.01
Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.
- CVE-2019-11171Nov 14, 2019risk 0.00cvss —epss 0.02
Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.
- CVE-2019-11170Nov 14, 2019risk 0.00cvss —epss 0.00
Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.
- CVE-2019-16649Sep 21, 2019risk 0.00cvss —epss 0.01
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect…
- CVE-2019-16650Sep 21, 2019risk 0.00cvss —epss 0.02
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual…
- CVE-2019-13131Jul 1, 2019risk 0.00cvss —epss 0.04
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
- CVE-2013-3622Dec 10, 2013risk 0.00cvss —epss 0.05
Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter.
- CVE-2013-3609Sep 8, 2013risk 0.00cvss —epss 0.05
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client…
Page 3 of 3