CVSS: 9.8EPSS: 0%CPEs: 396EXPL: 0CVE-2019-6318
https://notcve.org/view.php?id=CVE-2019-6318
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code. Los dispositivos de las impresoras HP LaserJet Enterprise, HP PageWide Enterprise, las impresoras administradas HP LaserJet, HP Officejet Enterprise presentan una vulnerabilidad en la comprobación de firma de paquete de solución insuficiente que potencialmente permite la ejecución de código arbitrario. • https://support.hp.com/us-en/document/c06265454 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-7117
https://notcve.org/view.php?id=CVE-2018-7117
A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40. Se identificó una vulnerabilidad del tipo remote cross-site scripting en la Web User Interface de HPE iLO 5 en HPE Integrated Lights-Out 5 (iLO 5) para los servidores ProLiant Gen10 anteriores a la versión v1.40. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03907en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7118
https://notcve.org/view.php?id=CVE-2018-7118
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0. Una vulnerabilidad de omisión de restricción de acceso local, fue identificada en HPE Service Pack para el software ProLiant (SPP) Bundled en las versiones anteriores a 2018.09.0. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03904en_us •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1853
https://notcve.org/view.php?id=CVE-2018-1853
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. IBM Tivoli Storage Manager (IBM Spectrum Protect versiones 7.1 y 8.1), podría permitir a un atacante remoto secuestrar la acción de cliqueo de la víctima. Al persuadir a una víctima a que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de cliqueo de la víctima y posiblemente lanzar más ataques contra la víctima. • http://www.ibm.com/support/docview.wss?uid=ibm10870718 https://exchange.xforce.ibmcloud.com/vulnerabilities/151014 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5380 – Hewlett Packard Enterprise Intelligent Management Center selViewNavContent Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5380
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the selViewNavContent.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •