Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2018-9083
In System Management Module (SMM) versions before 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
Lenovo System Management Module Firmware
9.3
CVSSv2
CVE-2018-8930
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.
Amd Ryzen Mobile Firmware -
Amd Ryzen Pro Firmware -
Amd Epyc Server Firmware -
Amd Ryzen Firmware -
9.3
CVSSv2
CVE-2018-8932
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.
Amd Ryzen Pro Firmware -
Amd Ryzen Firmware -
9.3
CVSSv2
CVE-2018-8933
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.
Amd Epyc Server Firmware -
9.3
CVSSv2
CVE-2018-8934
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
Amd Ryzen Pro Firmware -
Amd Ryzen Firmware -
9
CVSSv2
CVE-2019-16284
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an malicious use...
Hp 260 G1 Dm Firmware
Hp 280 Pro G1 Firmware
Hp 285 G2 Firmware
Hp 340 G3 Firmware
Hp 340 G4 Firmware
Hp 346 G3 Firmware
Hp 346 G4 Firmware
Hp 348 G3 Firmware
Hp 348 G4 Firmware
Hp Elite Slice Firmware
Hp Elite X2 1011 G1 Firmware
Hp Elite X2 1012 G1 Firmware
Hp Elitebook 1030 G1 Firmware
Hp Elitebook 1040 G2 Firmware
Hp Elitebook 720 G1 Firmware
Hp Elitebook 720 G2 Firmware
Hp Elitebook 740 G1 Firmware
Hp Elitebook 740 G2 Firmware
Hp Elitebook 750 G1 Firmware
Hp Elitebook 750 G2 Firmware
Hp Elitebook 820 G1 Firmware
Hp Elitebook 820 G2 Firmware
8.5
CVSSv2
CVE-2018-16089
In System Management Module (SMM) versions before 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Lenovo System Management Module Firmware
7.5
CVSSv2
CVE-2022-29264
An issue exists in coreboot 4.13 up to and including 4.16. On APs, arbitrary code execution in SMM may occur.
Coreboot Coreboot
7.5
CVSSv2
CVE-2021-3849
An authentication bypass vulnerability exists in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not affected.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
7.5
CVSSv2
CVE-2021-3897
An authentication bypass vulnerability exists in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not aff...
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »