CVSS: 5.5EPSS: 0%CPEs: 205EXPL: 0CVE-2018-7112
https://notcve.org/view.php?id=CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. • http://www.securitytracker.com/id/1041984 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12543
https://notcve.org/view.php?id=CVE-2017-12543
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. Se ha encontrado una vulnerabilidad de divulgación remota de información en Moonshot Remote Console Administrator en versiones anteriores a la 2.50; iLO 4 en versiones anteriores a la v2.53, iLO3 en versiones anteriores a la v1.89 y iLO2 en versiones anteriores a la v2.30. • http://www.securityfocus.com/bid/101944 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 0CVE-2015-2106
https://notcve.org/view.php?id=CVE-2015-2106
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el firmware HP Integrated Lights-Out (iLO) 2 anterior a 2.27, 3 anterior a 1.82, y 4 anterior a 2.10 permite a atacantes remotos evadir las restricciones de acceso o causar una denegación de servicio a través de vectores desconocidos. • http://www.securityfocus.com/bid/73324 http://www.securitytracker.com/id/1031974 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582368 •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2014-7876
https://notcve.org/view.php?id=CVE-2014-7876
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el firmware HP Integrated Lights-Out (iLO) 2 anterior a 2.27 y 4 anterior a 2.03 y el firmware iLO Chassis Management (CM) anterior a 1.30 permite a atacantes remotos ganar privilegios, ejecutar código arbitrario o causar una denegación de servicio a través de vectores desconocidos. • http://www.securitytracker.com/id/1031972 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04486432 •
CVSS: 7.8EPSS: 2%CPEs: 11EXPL: 0CVE-2014-2601
https://notcve.org/view.php?id=CVE-2014-2601
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. El servidor en HP Integrated Lights-Out 2 (también conocido como iLO 2) 2.23 y anteriores permite a atacantes remotos causar una denegación de servicio a través de trafico HTTPS manipulado, tal y como fue demostrado por trafico de una herramienta de asesoramiento de vulnerabilidad de CVE-2014-0160. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04249852-1 http://www.securitytracker.com/id/1030148 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787 https://isc.sans.edu/forums/diary/Be+Careful+what+you+Scan+for/18017 •