CVSS: 6.5EPSS: 0%CPEs: 59EXPL: 0CVE-2022-29494
https://notcve.org/view.php?id=CVE-2022-29494
Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3409 – Unauthenticated out of bounds stack write in bmcweb
https://notcve.org/view.php?id=CVE-2022-3409
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. • https://github.com/openbmc/bmcweb • CWE-121: Stack-based Buffer Overflow CWE-229: Improper Handling of Values CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2809 – Unauthenticated out of bounds heap write in bmcweb
https://notcve.org/view.php?id=CVE-2022-2809
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. • https://github.com/openbmc/bmcweb • CWE-122: Heap-based Buffer Overflow CWE-229: Improper Handling of Values CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14156
https://notcve.org/view.php?id=CVE-2020-14156
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. el archivo user_channel/passwd_mgr.cpp en OpenBMC phosphor-host-ipmid antes del 03-04-2020 no garantiza que /etc/ipmi-pass tenga permisos de archivo sólidos • https://github.com/openbmc/openbmc/issues/3670 https://github.com/openbmc/phosphor-host-ipmid/commit/b265455a2518ece7c004b43c144199ec980fc620 https://lists.ozlabs.org/pipermail/openbmc/2020-June/022020.html • CWE-276: Incorrect Default Permissions •