1792 matches found
CVE-2023-37296
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...
CVE-2023-39538
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...
CVE-2023-39539
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...
CVE-2023-39535
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability...
CVE-2023-39536
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability...
CVE-2023-28863
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity...
CVE-2023-34344
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure...
CVE-2022-43779
A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in certain HP PC products using AMI UEFI Firmware system BIOS which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerabili...
CVE-2022-29974
AMI aka American Megatrends NTFS driver 1.0.0 fixed in late 2021 or early 2022 has a buffer overflow. This driver is, for example, used in certain ASUS devices...
CVE-2020-11489
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure...
CVE-2020-10666
The restapps aka Rest Phone apps module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command...
CVE-2020-5812
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack...
Amazon Linux AMI : kernel (ALAS-2025-1977)
The version of kernel installed on the remote host is prior to 4.14.355-196.643. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1977 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fai...
Amazon Linux AMI : golang (ALAS-2025-1971)
The version of golang installed on the remote host is prior to 1.23.7-1.50. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1971 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
Amazon Linux AMI : emacs (ALAS-2025-1964)
The version of emacs installed on the remote host is prior to 24.3-20.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1964 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...
Amazon Linux AMI : kernel (ALAS-2025-1966)
The version of kernel installed on the remote host is prior to 4.14.355-195.603. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1966 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount...
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller BMC software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085 , carries a CVSS v4 score of 10.0,...
CVE-2024-54085
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...
CVE-2024-54085
creationtimestamp| type| source ---|---|--- 2025-03-11 14:33:49+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114144289034101069 2025-03-11 14:40:25+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lk4ccu6lze2v 2025-03-18 12:31:00+00:00| seen|...
CVE-2024-54085
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...