Vulnerabilities (CVE)

Filtered by vendor Ipmitool Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5208 4 Debian, Fedoraproject, Ipmitool Project and 1 more 4 Debian Linux, Fedora, Ipmitool and 1 more 2024-11-21 6.5 MEDIUM 7.7 HIGH
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
CVE-2011-4339 2 Ipmitool Project, Redhat 2 Ipmitool, Enterprise Linux 2024-11-21 3.6 LOW N/A
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.