Vulnerabilities > Supermicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-35861 | OS Command Injection vulnerability in Supermicro products A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | 9.8 |
| 2019-09-21 | CVE-2019-16650 | Unspecified vulnerability in Supermicro products On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. | 10.0 |
| 2019-09-21 | CVE-2019-16649 | Insufficiently Protected Credentials vulnerability in Supermicro products On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. | 10.0 |
| 2019-07-01 | CVE-2019-13131 | Missing Authentication for Critical Function vulnerability in Supermicro Superdoctor 5 Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. | 9.8 |