Filtered by vendor Supermicro
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40287 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-18 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2023-40288 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-18 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2023-40289 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-18 | 7.2 High |
| A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges. | ||||
| CVE-2023-40290 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-18 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows. | ||||
| CVE-2023-40286 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-18 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 6.5 Medium |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2013-4782 | 1 Supermicro | 1 Bmc | 2025-04-11 | N/A |
| The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | ||||
| CVE-2013-3608 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | N/A |
| The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. | ||||
| CVE-2013-3607 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | N/A |
| Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. | ||||
| CVE-2013-3622 | 1 Supermicro | 1 Intelligent Platform Management Firmware | 2025-04-11 | N/A |
| Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. | ||||
| CVE-2013-3623 | 1 Supermicro | 1 Intelligent Platform Management Firmware | 2025-04-11 | N/A |
| Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. | ||||
| CVE-2013-3609 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | N/A |
| The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. | ||||
| CVE-2022-43309 | 1 Supermicro | 292 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 289 more | 2025-02-11 | 5.5 Medium |
| Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | ||||
| CVE-2023-33411 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-26 | 7.5 High |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | ||||
| CVE-2024-36435 | 1 Supermicro | 355 B12dpe-6 Firmware, B12dpt-6 Firmware, B12spe-cpu-25g Firmware and 352 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. | ||||
| CVE-2024-36434 | 1 Supermicro | 3 X11dph-i, X11dph-t, X11dph-tq | 2024-11-21 | 7.5 High |
| An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||||
| CVE-2024-36433 | 1 Supermicro | 3 X11dph-i, X11dph-t, X11dph-tq | 2024-11-21 | 7.5 High |
| An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||||
| CVE-2024-36432 | 1 Supermicro | 4 X11dpg-hgx2 Firmware, X11pdg-ot Firmware, X11pdg-qt Firmware and 1 more | 2024-11-21 | 7.5 High |
| An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. | ||||
| CVE-2023-35861 | 1 Supermicro | 330 H12dgo-6, H12dgo-6 Firmware, H12dgq-nt6 and 327 more | 2024-11-21 | 9.8 Critical |
| A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | ||||