CVE-2020-7200 – Hewlett Packard Enterprise Systems Insight Manager AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7200
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Systems Insight Manager (SIM) versión 7.6. La vulnerabilidad podría ser explotada para permitir una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Systems Insight Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AMF protocol. • https://github.com/alexfrancow/CVE-2020-7200 http://packetstormsecurity.com/files/161721/HPE-Systems-Insight-Manager-AMF-Deserialization-Remote-Code-Execution.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_us https://testbnull.medium.com/hpe-system-insight-manager-sim-amf-deserialization-lead-to-rce-cve-2020-7200-d49a9cf143c0 https://www.zerodayinitiative.com/advisories/ZDI-20-1449 https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_u •
CVE-2012-1994
https://notcve.org/view.php?id=CVE-2012-1994
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information HP Systems Insight Manager versiones anteriores a 7.0, permite a un usuario remoto en una red adyacente acceder a la información. • http://www.securityfocus.com/bid/53315 http://www.securitytracker.com/id?1026987 https://exchange.xforce.ibmcloud.com/vulnerabilities/75294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html http://www.securityfocus.com/bid/108098 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVE-2016-8518
https://notcve.org/view.php?id=CVE-2016-8518
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. Se ha encontrado una vulnerabilidad de denegación de servicio remoto en HPE Systems Insight Manager en todas las versiones anteriores a la 7.6. • http://www.securitytracker.com/id/1037492 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388 •
CVE-2016-8516
https://notcve.org/view.php?id=CVE-2016-8516
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. Se ha encontrado una vulnerabilidad de denegación de servicio remoto en HPE Systems Insight Manager en todas las versiones anteriores a la 7.6. • http://www.securitytracker.com/id/1037492 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388 •