CVE-2021-25124

CVE-2021-25124 affects HPE Cloudline BMC firmware across multiple models (CL5800 Gen9/Gen10, CL5200 Gen9, CL4100 Gen10, CL3100 Gen10). It is a local path traversal vulnerability in the spx_restservice deletevideo_func function. CVSSv3.1: score 7.8 (HIGH), vector LV/L/PR:L/UI:N/S:U/C:H/I:H/A:H; au...

CVE-2021-25123

The Baseboard Management ControllerBMC in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spxrestservice addlicensefunc function...

CVE-2021-25123

The Baseboard Management ControllerBMC in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spxrestservice addlicensefunc function...

Buffer Error Vulnerability in Multiple HPE Products

HPE Cloudline CL5800 Gen9 Server and others are a dense cloud storage server appliance from HPE America. A buffer error vulnerability exists in several HPE Cloudline products, which stems from a local buffer overflow in the spxrestservice startflashfunc function. The following products and versio...

Buffer Error Vulnerability in Multiple HPE Products

HPE Cloudline CL5800 Gen9 Server and others are a dense cloud storage server appliance from HPE America. A buffer error vulnerability exists in multiple HPE Cloudline products, which stems from a local buffer overflow in the spxrestservice setsolvideoremotestoragefunc function. The following...

HPE Cloudline Buffer Error Vulnerability in Multiple Products

HPE Cloudline CL5200 Gen9 Server and others are a dense cloud storage server appliance from HPE America. A buffer error vulnerability exists in multiple HPE Cloudline products, which stems from a local buffer overflow in the spxrestservice downloadkvmjnlpfunc function. The following products and...

Path Traversal Vulnerability in Multiple HPE Products

HPE Cloudline CL5800 Gen9 Server and others are a dense cloud storage server appliance from HPE America. A path traversal vulnerability exists in multiple HPE Cloudline products, which stems from a local buffer overflow in the spxrestservice generatesslcertificatefunc function. The following...

CVE-2020-5633

Multiple NEC products Express5800/T110j, Express5800/T110j-S, Express5800/T110j 2nd-Gen, Express5800/T110j-S 2nd-Gen, iStorage NS100Ti, and Express5800/GT110j where Baseboard Management Controller BMC firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and the...

Multiple NEC Products vulnerable to authentication bypass

Overview In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC...

Remote code execution

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller BMC program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the...

CVE-2020-26122

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller BMC program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the...

Inspur NF5266M5 Data Forgery Issue Vulnerability

Inspur NF5266M5 is an enterprise-class server from China Wave Inspur Individual Developer. A security vulnerability exists in the Inspur NF5266M5 version 3.21.2 and earlier versions and other services M5 devices that allows remote code execution with administrator privileges. Baseboard Management...

NVIDIA DGX Information Disclosure Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX servers BMC firmware prior to version 3.38.30, which stems from the inclusion of a vulnerability in the AMI BMC firmware, where the pseudo-random number...

kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c

A memory leak problem was found in ipmibmcregister in drivers/char/ipmi/ipmimsghandler.c in Intelligent Platform Management Interface IPMI which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by...

NVIDIA DGX servers BMC firmware trust management issue vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A vulnerability with trust management issues exists in the NVIDIA DGX servers BMC firmware prior to version 3.38.30, which stems from a vulnerability in the AMI BMC firmware that contains a vulnerability usin...

CVE-2020-11487

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may le...

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

CVE-2020-11484

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure...

CVE-2020-11485

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery CSRF vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the...

CVE-2020-11488

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead t...