Filtered by vendor Ami
Subscribe
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26873 | 2 Ami, Intel | 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more | 2025-05-27 | N/A | 8.2 HIGH |
| A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 7.5 HIGH |
| AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | |||||
| CVE-2023-34330 | 1 Ami | 1 Megarac Sp-x | 2025-02-13 | N/A | 8.2 HIGH |
| AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
| CVE-2023-34329 | 1 Ami | 1 Megarac Sp-x | 2025-02-13 | N/A | 9.1 CRITICAL |
| AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. | |||||
| CVE-2022-40258 | 1 Ami | 2 Megarac Spx-12, Megarac Spx-13 | 2025-02-13 | N/A | 5.3 MEDIUM |
| AMI Megarac Weak password hashes for Redfish & API | |||||
| CVE-2023-3043 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 9.6 CRITICAL |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-39539 | 1 Ami | 1 Aptio V | 2024-11-21 | N/A | 7.5 HIGH |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||
| CVE-2023-39538 | 1 Ami | 1 Aptio V | 2024-11-21 | N/A | 7.5 HIGH |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||
| CVE-2023-39537 | 1 Ami | 1 Aptio V | 2024-11-21 | N/A | 7.5 HIGH |
| AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||||
| CVE-2023-39536 | 1 Ami | 1 Aptio V | 2024-11-21 | N/A | 7.5 HIGH |
| AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||||
| CVE-2023-39535 | 1 Ami | 1 Aptio V | 2024-11-21 | N/A | 7.5 HIGH |
| AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||||
| CVE-2023-37297 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 8.3 HIGH |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-37296 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 8.3 HIGH |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-37295 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 8.3 HIGH |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-37294 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 8.3 HIGH |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-37293 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 9.6 CRITICAL |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-34473 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 6.6 MEDIUM |
| AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
| CVE-2023-34472 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 5.7 MEDIUM |
| AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. | |||||
| CVE-2023-34471 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 6.3 MEDIUM |
| AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication. | |||||