CVSS: 6.1EPSS: 0%CPEs: 1133EXPL: 0CVE-2023-5113 – Certain HP Enterprise LaserJet, LaserJet Managed printers - Potential denial of service, potential Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-5113
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Certain HP Enterprise LaserJet and HP LaserJet Managed Printers son potencialmente vulnerables a la denegación de servicio debido a la solicitud de WS-Print y posibles inyecciones de Cross Site Scripting (XSS) a través de jQuery-UI. • https://support.hp.com/us-en/document/ish_9365285-9365309-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30909
https://notcve.org/view.php?id=CVE-2023-30909
A remote authentication bypass issue exists in some OneView APIs. Existe un problema de omisión de autenticación remota en algunas API de OneView. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04538en_us • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30908 – Hewlett Packard Enterprise OneView resetAdminPassword Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-30908
A remote authentication bypass issue exists in a OneView API. Existe un problema de omisión de autenticación remota en una API de OneView. This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetAdminPassword endpoint. The issue results from the lack of proper validation of the attacker's IP address. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1391
https://notcve.org/view.php?id=CVE-2015-1391
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. Aruba AirWave antes de la versión 8.0.7 permite eludir un mecanismo de protección CSRF. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1390
https://notcve.org/view.php?id=CVE-2015-1390
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. Aruba AirWave anterior a 8.0.7 permite ataques XSS contra un administrador. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •