Lucene search
K

1979 matches found

Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26060

Name of the Vulnerable Software and Affected Versions BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 Description BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by an authentication bypass. This is due to improper enforcement of security filters on restricted...

7.3CVSS6.1AI score0.044EPSS
Exploits1References11
Snyk
Snyk
added 2026/02/27 9:30 a.m.4 views

Command Injection

Overview rubyipmi is a Controls IPMI devices via command line wrapper for ipmitool and freeipmi Affected versions of this package are vulnerable to Command Injection via the username parameter in the BMC interface. An attacker can execute arbitrary system commands by supplying a specially crafted...

8.8CVSS6.2AI score0.00771EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/27 9:30 a.m.11 views

rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

8.8CVSS6.5AI score0.00771EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 7:30 a.m.5 views

CVE-2026-0980 Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

8.3CVSS6.3AI score0.00771EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/27 7:30 a.m.25 views

CVE-2026-0980 Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

8.3CVSS0.00771EPSS
Exploits0References5
CVE
CVE
added 2026/02/27 7:30 a.m.28 views

CVE-2026-0980

The CVE-2026-0980 issue involves the rubyipmi gem used by Red Hat Satellite’s BMC component. Affected component: rubyipmi (BMC interface). Underlying cause: authenticated attacker with host creation or update permissions can craft a malicious username to trigger remote code execution (RCE) on the...

8.8CVSS6.5AI score0.00771EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/27 7:30 a.m.7 views

CVE-2026-0980 Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

8.3CVSS7.7AI score0.00771EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.20 views

MiracleLinux 8 : kernel-4.18.0-240.el8 (AXSA:2021-1489:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1489:04 advisory. kernel: use after free in the video driver leads to local privilege escalation CVE-2019-9458 kernel: use-after-free in drivers/bluetooth/hcildisc.c...

8.2CVSS7.2AI score0.03539EPSS
Exploits10References45
ATTACKERKB
ATTACKERKB
added 2026/01/16 8:39 a.m.3 views

CVE-2025-12007

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

5.4AI score0.0012EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/16 8:39 a.m.25 views

CVE-2025-12007 Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.6 views

CVE-2021-31791

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command...

7.5CVSS7.2AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:17 a.m.10 views

CVE-2021-0097

Path traversal in the BMC firmware for IntelR Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access...

6.5CVSS7AI score0.00457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.10 views

CVE-2021-0113

Out of bounds write in the BMC firmware for IntelR Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access...

6.5CVSS7.1AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.9 views

CVE-2021-0070

Improper input validation in the BMC firmware for IntelR Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access...

8.8CVSS7.6AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.9 views

CVE-2022-26088

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML such as an SSRF payload into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field...

5.4CVSS6.4AI score0.01012EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.9 views

CVE-2020-12375

Heap overflow in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS7.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.9 views

CVE-2023-25508

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tamperi...

7.8CVSS7.2AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.9 views

CVE-2023-31033

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data...

8CVSS7.6AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.8 views

CVE-2023-31025

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure...

7.5CVSS7AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.6 views

CVE-2022-42287

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering...

7.8CVSS7.2AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder