Lucene search
+L

176 matches found

RedHat Linux
RedHat Linux
added 2020/03/26 8:32 p.m.3 views

ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution...

8.8CVSS7.9AI score0.0329EPSS
Exploits1References5
Fedora
Fedora
added 2020/02/16 1:9 a.m.30 views

[SECURITY] Fedora 30 Update: ipmitool-1.8.18-19.fc30

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

8.8CVSS0.6AI score0.0329EPSS
Exploits1
OSV
OSV
added 2019/12/08 4:15 a.m.5 views

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

8.8CVSS5.8AI score0.19039EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/12/03 8:8 a.m.3 views

kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

A flaw was found in the Linux kernel's implementation of IPMI remote baseband access. An attacker, with local access to read /proc/ioports, may be able to create a use-after-free condition when the kernel module is unloaded which may result in privilege escalation...

7CVSS7AI score0.00451EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.6 views

The vulnerabilities in the drivers drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c of the Linux operating system’s kernel allow a malicious actor to execute arbitrary code or cause service failures.

The vulnerability in the drivers/char/ipmi/ipmisiintf.c, drivers/char/ipmi/ipmisimemio.c, and drivers/char/ipmi/ipmisiportio.c files of the Linux operating system relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause...

7CVSS6AI score0.00451EPSS
Exploits0References20Affected Software1
CNVD
CNVD
added 2019/08/22 12:0 a.m.5 views

Cisco Integrated Management Controller Command Injection Vulnerability (CNVD-2019-28401)

The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS? C Series rackmount servers and Cisco S Series storage servers. A command injection vulnerability exists in the Intelligent Platform Management Interface IPMI...

9CVSS7.8AI score0.02815EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/22 12:0 a.m.4 views

Cisco UCS C-Series Servers and UCS S-Series Servers Information Disclosure Vulnerability

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An...

7.5CVSS6.3AI score0.01997EPSS
Exploits0References1
OSV
OSV
added 2019/08/21 7:15 p.m.5 views

CVE-2019-1908

A vulnerability in the Intelligent Platform Management Interface IPMI implementation of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the...

7.5CVSS7.1AI score0.01997EPSS
Exploits0References1
OSV
OSV
added 2019/08/21 7:15 p.m.6 views

CVE-2019-1634

A vulnerability in the Intelligent Platform Management Interface IPMI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system OS. The vulnerability is due to...

7.2CVSS6AI score0.02815EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/07/30 9:43 a.m.3 views

kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

A flaw was found in the Linux kernel's implementation of IPMI remote baseband access. An attacker, with local access to read /proc/ioports, may be able to create a use-after-free condition when the kernel module is unloaded which may result in privilege escalation...

7CVSS7AI score0.00451EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/29 3:47 p.m.4 views

kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

A flaw was found in the Linux kernel's implementation of IPMI remote baseband access. An attacker, with local access to read /proc/ioports, may be able to create a use-after-free condition when the kernel module is unloaded which may result in privilege escalation...

7CVSS7AI score0.00451EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/14 6:14 p.m.5 views

kernel: use-after-free and OOPS in drivers/char/ipmi/ipmi_msghandler.c

A use-after-free and OOPs flaw was found in the Linux kernel's drivers/char/ipmi/ipmimsghandler.c code. By arranging certain simultaneous execution of the code accessing IPMI device files, an attacker can cause a denial of service DoS attack...

7.8CVSS7.5AI score0.04881EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2018/10/10 10:0 a.m.41 views

API Gateway -- Secure API Traffic with OAuth 2.0 and Cache GraphQL Responses

APIs are the connective tissue between software and modern digital experiences, and they must be exposed to consumers in a way that prevents misuse. This means your APIs must have appropriate governance authorization, authentication, quota management policies to prevent consumers from abusing API...

Exploits0
OSV
OSV
added 2018/02/23 10:29 p.m.1 views

DEBIAN-CVE-2018-7417

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header...

7.5CVSS8.8AI score0.02605EPSS
Exploits0References1
OSV
OSV
added 2018/02/23 10:29 p.m.2 views

UBUNTU-CVE-2018-7417

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header...

7.5CVSS6.8AI score0.02605EPSS
Exploits0References5
Akamai Blog
Akamai Blog
added 2017/09/07 1:37 p.m.47 views

Cybersecurity Executive Order 13800: More than a Risk Assessment?

Written by Sr. Solutions Engineer, Micah Maryn. Most folks around the Washington DC beltway have heard the cybersecurity Executive Order EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure referred to as a simple risk assessment. But the reality is that it i...

7AI score
Exploits0
CNVD
CNVD
added 2016/09/14 12:0 a.m.15 views

Wireshark IPMI Trace Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-ipmi-trace.c file...

5.9CVSS7.8AI score0.02086EPSS
Exploits0References1
OSV
OSV
added 2016/09/09 10:59 a.m.3 views

DEBIAN-CVE-2016-7180

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted packet...

5.9CVSS6.4AI score0.02086EPSS
Exploits0References1
OSV
OSV
added 2016/07/21 10:15 a.m.4 views

CVE-2016-5453

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI...

9.8CVSS5.8AI score0.03591EPSS
Exploits0References4
CNVD
CNVD
added 2016/07/21 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Sun Systems Products Suite ILOM Component (CNVD-2016-05279)

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.ILOM Integrated Lights Out Manager is one of the system management components that comes pre-installed on x86-based servers and SPARC-based servers. A security vulnerability exists in the IPMI subcomponen...

9CVSS6.8AI score0.04114EPSS
Exploits0References1
Rows per page
Query Builder