Show filters
56 Total Results
Displaying 41-50 of 56
Sort by:
Attacker Value
Unknown

CVE-2020-11615

Disclosure Date: October 29, 2020 (last updated February 22, 2025)
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.
Attacker Value
Unknown

CVE-2020-11485

Disclosure Date: October 29, 2020 (last updated February 22, 2025)
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.
Attacker Value
Unknown

CVE-2020-11486

Disclosure Date: October 29, 2020 (last updated February 22, 2025)
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.
Attacker Value
Unknown

CVE-2020-11483

Disclosure Date: October 29, 2020 (last updated February 22, 2025)
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.
Attacker Value
Unknown

CVE-2020-14156

Disclosure Date: June 15, 2020 (last updated February 21, 2025)
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.
Attacker Value
Unknown

CVE-2020-2127

Disclosure Date: February 12, 2020 (last updated February 21, 2025)
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Attacker Value
Unknown

CVE-2018-12171

Disclosure Date: September 12, 2018 (last updated November 27, 2024)
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.
0
Attacker Value
Unknown

CVE-2018-3682

Disclosure Date: July 10, 2018 (last updated November 27, 2024)
BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.
0
Attacker Value
Unknown

CVE-2017-17323

Disclosure Date: March 09, 2018 (last updated November 26, 2024)
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure.
0
Attacker Value
Unknown

CVE-2014-3800

Disclosure Date: August 07, 2014 (last updated October 05, 2023)
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
0