CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the...

CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to...

EUVD-2019-7216

Malware in sbrugna...

EUVD-2012-4059

Malware in sbrugna...

EUVD-2019-7215

Malware in sbrugna...

EUVD-2016-7300

Malware in sbrugna...

EUVD-2021-31581

Malicious code in bioql PyPI...

CVE-2012-4115

The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug...

CVE-2023-52916 media: aspeed: Fix memory overwrite if timing is 1600x900

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. Mount ISO through...

CVE-2021-44776

A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-44776

A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Improper access control

A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-44776

CVE-2021-44776 describes a broken access control in the SubNet_handler_func of spx_restservice, affecting Lanner Inc IAC-AST2500A standard firmware version 1.10.0. The vulnerability enables an attacker to arbitrarily change security access rights to KVM and Virtual Media functions. Sources consis...

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...

PT-2022-12229 · Lanner · Lanner Inc Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control issue in the SubNet handler func function of spx restservice allows an attacker to change security access rights to KVM and Virtual Media...

Security Bulletin: This Power System update is being released to address CVE-2019-16649 and CVE-2019-16650

Summary POWER8 and POWER9: In response to security issues with virtual media, new Power System firmware updates are being released to address Common Vulnerabilities and Exposures issue numbers CVE-2019-16649 and CVE-2019-16650. Vulnerability Details CVEID:CVE-2019-16649 DESCRIPTION: Multiple...

What's Next for Media Companies in 2020?

Over the past few months, we've all experienced changes -- in how we work, how we parent, and how we live. But one thing that hasn't changed is the essential nature of the internet and Akamai's ability to deliver on your and your customers' expectations. It's what we do. With recent global events...

SuperMicro X8STi-F Operating System Command Injection Vulnerability

The SuperMicro X8STi-F is a computer motherboard from SuperMicro USA. An operating system command injection vulnerability exists in the Virtual Media feature in the SuperMicro X8STi-F with IPMI firmware version 2.06 and BIOS version 02.68. An attacker can exploit this vulnerability to obtain a...

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

Command injection

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...