935 matches found
CVE-2026-23323
A flaw was found in the Linux kernel's macsmc-hwmon driver, which is responsible for managing hardware monitoring on Apple Silicon systems. Incorrect sensor population logic could lead to out-of-bounds memory access or data corruption. Additionally, a flaw in the float conversion routines could...
📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout
The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...
GHSA-HFCP-477W-3WJW rubyipmi is vulnerable to OS Command Injection through malicious usernames
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...
rubyipmi is vulnerable to OS Command Injection through malicious usernames
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...
CVE-2026-0980
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...
PT-2026-22312
Name of the Vulnerable Software and Affected Versions rubyipmi affected versions not specified Description A flaw exists in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker possessing host creation or update permissions can...
"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...
CVE-2025-12007
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...
CVE-2025-12006
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image...
CVE-2025-12007
CVE-2025-12007 affects Supermicro BMC firmware validation logic on the MBD-X13SEM-F board. The vulnerability enables an attacker to update system firmware using a specially crafted image due to flawed BMC firmware verification. Impact is aligned with a high-severity CVSS vector (local, low comple...
CVE-2025-12007 Supermicro BMC firmware update validation bypass
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...
SuperMicro MBD-X12STW security vulnerabilities
The SuperMicro MBD-X12STW is a server motherboard produced by the American company SuperMicro. The MBD-X12STW has a security vulnerability, which stems from issues with the BMC firmware verification logic. This vulnerability could allow attackers to use customized image updates to update the syst...
CVE-2021-0147
Improper locking in the Power Management Controller PMC for some Intel Chipset firmware before versions pmcfwlbgc1-21ww02a and pmcfwlbgb0-21ww02a may allow a privileged user to potentially enable denial of service via local access...
CVE-2019-11175
Insufficient input validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...
CVE-2019-11168
Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access...
CVE-2019-11177
Unhandled exception in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...
CVE-2019-11178
Stack overflow in IntelR Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access...
CVE-2019-11170
Authentication bypass in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access...
CVE-2023-31015
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service...
SUSE CVE-2023-54320
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fix memory leak in amdpmcstbdebugfsopenv2 Function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism enabled. When amdpmcsendcmd fails, the 'buf' needs to be released...