CVSS: 7.2EPSS: 0%CPEs: 220EXPL: 0CVE-2018-13787
https://notcve.org/view.php?id=CVE-2018-13787
09 Jul 2018 — Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. Ciertos productos Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2 y A1 tienen un error de configuración en el descriptor de región, lo que permite que los programas del sistema operativo modifiquen el firmware. • https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems •
CVSS: 10.0EPSS: 14%CPEs: 133EXPL: 1CVE-2013-3607
https://notcve.org/view.php?id=CVE-2013-3607
08 Sep 2013 — Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. Multiples desbordamientos de buffer basados en pila en la interfaz ... • http://www.kb.cert.org/vuls/id/648646 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 133EXPL: 1CVE-2013-3608
https://notcve.org/view.php?id=CVE-2013-3608
08 Sep 2013 — The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. La interfaz web en la implementación Intelligent Platform Management Interface (IPMI) en dispositivos Supermicro H8DC*, ... • http://www.kb.cert.org/vuls/id/648646 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 133EXPL: 1CVE-2013-3609
https://notcve.org/view.php?id=CVE-2013-3609
08 Sep 2013 — The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. La interfaz web en la implementación Intelligent Platform Manage... • http://www.kb.cert.org/vuls/id/648646 • CWE-20: Improper Input Validation •