205 matches found
OpenBMC Denial of Service / Authentication Bypass
OpenBMC suffers from denial of service and authentication bypass vulnerabilities...
CVE-2026-7254
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...
CVE-2026-7254 Open BMC Denial of Service
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...
CVE-2026-7254 Open BMC Denial of Service
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...
CVE-2026-7254
IBM OPENBMC firmware FW1110.00–FW1110.11 is vulnerable to denial of service via the BMC HTTPS interface by unauthenticated network users. The IBM bulletin identifies the affected product as OPENBMC and specifies that the vulnerability stems from improper validation in the HTTPS service, with CVSS...
CVE-2026-7254
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...
EUVD-2026-32493
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...
PT-2026-43982
Name of the Vulnerable Software and Affected Versions IBM OPENBMC versions FW1110.00 through FW1110.11 Description Unauthenticated network users can perform denial of service attacks against the system. Recommendations At the moment, there is no information about a newer version that contains a f...
IBM OpenBMC 安全漏洞
IBM OpenBMC is a Linux distribution developed by American multinational company IBM. It is used to manage controllers of devices such as servers, rack-mounted switches, or RAID devices. There are security vulnerabilities in versions 1110.00 to 1110.11 of IBM OPENBMC, which allow unauthenticated...
Security Bulletin: This Power System update is being released to address CVE-2026-7254
Summary The BMC's HTTPS interface is vulnerable to denial of service attacks by unauthenticated network users. Vulnerability Details CVEID:CVE-2026-7254 DESCRIPTION: OpenBMC HTTPS service is vulnerable to attacks by unauthenticated network users which can result in denial of service. CWE:CWE-1284...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the BMC administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the BMC the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
Security Bulletin: This Power System update is being released to address CVE-2025-38556
Summary The affects the Universal Serial Bus USB ports of the system's management interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzz...
EUVD-2023-36534
Insufficiently protected credentials in some IntelR Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access...
EUVD-2023-35505
Improper authentication in some IntelR Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access...
CVE-2023-31189
Improper authentication in some IntelR Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access...
CVE-2023-49144
Out of bounds read in OpenBMC Firmware for some IntelR Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access...
CVE-2024-41660
slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...
EUVD-2021-34727
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...
EUVD-2021-25397
Malware in sbrugna...
EUVD-2020-6313
Malware in sbrugna...