CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3183 – OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936)
https://notcve.org/view.php?id=CVE-2018-3183
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105622 http://www.securitytracker.com/id/1041889 https://access.redhat.com/errata/RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3521 https://access.redhat.com/errata/RHSA-2018:3533 https://access.redhat.com/errata/ • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 394EXPL: 0CVE-2018-5921
https://notcve.org/view.php?id=CVE-2018-5921
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege. Se ha identificado una potencial vulnerabilidad de seguridad en ciertas impresoras HP y MFP en versiones de firmware 2405129_000052 y otras. Esta vulnerabilidad se conoce como Cross-Site Request Forgery (CSRF) y podría explotarse remotamente para permitir la elevación de privilegios. • https://support.hp.com/us-en/document/c05949322 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.6EPSS: 0%CPEs: 68EXPL: 1CVE-2017-2751
https://notcve.org/view.php?id=CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. Se ha notificado una vulnerabilidad de extracción de contraseñas de la BIOS en determinados notebooks de consumo con firmware F.22 y otros. La contraseña de la BIOS se almacenó en CMOS de forma que permitía su extracción. • https://github.com/BaderSZ/CVE-2017-2751 https://support.hp.com/us-en/document/c05913581 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.0EPSS: 0%CPEs: 136EXPL: 0CVE-2018-9069 – BIOS Write Protection Race Condition
https://notcve.org/view.php?id=CVE-2018-9069
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. En algunos modelos de consumidor del notebook Lenovo IdeaPad, una condición de carrera en el mecanismo de bloqueo del dispositivo flash de la BIOS no está protegido adecuadamente, lo que podría permitir que un atacante con acceso de administrador altere el contenido de la BIOS. • https://support.lenovo.com/us/en/solutions/LEN-20184 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7105
https://notcve.org/view.php?id=CVE-2018-7105
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. Podría explotarse remotamente una vulnerabilidad de seguridad en HPE Integrated Lights-Out 5 (iLO 5) para servidores HPE Gen10 en versiones anteriores a la v1.35, HPE Integrated Lights-Out 4 (iLO 4) en versiones anteriores a la v2.61 y HPE Integrated Lights-Out 3 (iLO 3) en versiones anteriores a la v1.90 para ejecutar código arbitrario, lo que conduce a una divulgación de información. • http://www.securityfocus.com/bid/105425 http://www.securitytracker.com/id/1041649 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us •