CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28622
https://notcve.org/view.php?id=CVE-2022-28622
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. Se ha identificado una posible vulnerabilidad de seguridad en el software HPE StoreOnce. El servidor SSH admite algoritmos de intercambio de claves débiles que podrían conllevar a un acceso remoto no autorizado. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04311en_us • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-28620
https://notcve.org/view.php?id=CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers. Se ha detectado una vulnerabilidad de omisión de autenticación remota en HPE Cray Legacy Shasta System Solutions versiones; HPE Slingshot; y HPE Cray EX: Antes del firmware del controlador de nodo asociado a HPE Cray EX liquid cooled blades, y todas las versiones del firmware del controlador de chasis asociado a HPE Cray EX liquid cooled cabinets anteriores a 1.6.27/1.5.33/1.4.27; Todas las versiones de Slingshot anteriores a 1.7.2; Todas las versiones del firmware del controlador de nodo asociado a HPE Cray EX liquid cooled blades, y todas las versiones del firmware de HPE Cray EX liquid cooled cabinets anteriores a 1.6.27/1.5.33/1.4.27. HPE ha proporcionado una actualización de software para resolver esta vulnerabilidad en HPE Cray Legacy Shasta System Solutions, HPE Slingshot y HPE Cray EX Supercomputers • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbcr04284en_us •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28619
https://notcve.org/view.php?id=CVE-2022-28619
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. Se ha identificado una posible vulnerabilidad de seguridad en el instalador de HPE Version Control Repository Manager. La vulnerabilidad podría permitir una escalada local de privilegios. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28618
https://notcve.org/view.php?id=CVE-2022-28618
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. Se ha identificado una vulnerabilidad de seguridad de inyección de comandos en las matrices HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays y HPE Nimble Storage Secondary Flash Arrays que podría permitir a un atacante ejecutar comandos arbitrarios en un dispositivo Nimble. HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad en HPE Nimble Storage: versiones 5.0.10.100 o posteriores, versiones 5.2.1.0 o posteriores, versiones 6.0.0.100 o posteriores • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04276en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23705
https://notcve.org/view.php?id=CVE-2022-23705
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. Se ha identificado una vulnerabilidad de seguridad en las matrices HPE Nimble Storage Hybrid Flash, las matrices HPE Nimble Storage All Flash y las matrices HPE Nimble Storage Secondary Flash que podría permitir una carga, pero no una ejecución, de binarios de actualización no autorizados en la matriz. HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad en HPE Nimble Storage: versiones 5.0.10.100 o posteriores, versiones 5.2.1.0 o posteriores, versiones 6.0.0.100 o posteriores • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04273en_us •