CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7102 – Hewlett Packard Enterprise Intelligent Management Center imciccdm createFabricAutoCfgFile Directory Traversal Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2018-7102
A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification. Podría explotarse remotamente una vulnerabilidad de seguridad en HPE Intelligent Management Center (iMC) PLAT E0506P09, en createFabricAutoCfgFile, mediante un salto de directorio para permitir la modificación de archivos arbitrarios. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imciccdm component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03887en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7100
https://notcve.org/view.php?id=CVE-2018-7100
A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. Se ha identificado una potencial vulnerabilidad de seguridad en HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 y versiones anteriores, HP 1810-48G PK.1.34 y versiones anteriores y HP 1810-8 v2 P.2.22 y versiones anteriores). La vulnerabilidad podría permitir la divulgación local de información sensible. • http://www.securitytracker.com/id/1041445 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-7099
https://notcve.org/view.php?id=CVE-2018-7099
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. Se ha identificado una vulnerabilidad de seguridad en 3PAR Service Processor (SP) en versiones anteriores a la SP-4.4.0.GA-110(MU7). La vulnerabilidad se podría explotar de forma local para permitir la divulgación de información privilegiada. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-7096
https://notcve.org/view.php?id=CVE-2018-7096
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. Se ha identificado una vulnerabilidad de seguridad en 3PAR Service Processor (SP) en versiones anteriores a la SP-4.4.0.GA-110(MU7). La vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us •