CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51771 – Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2024-51771
03 Dec 2024 — A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53676 – Hewlett Packard Enterprise Insight Remote Support processAtatchmentDataStream Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53676
27 Nov 2024 — A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the processAtatchmentDataStream method. The issue results from the lack of proper validation of a user-supplied path prior to... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53675 – Hewlett Packard Enterprise Insight Remote Support validateAgainstXSD XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-53675
26 Nov 2024 — An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the validateAgainstXSD method. Due to the improper restriction of XML External Entity (XXE)... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53674 – Hewlett Packard Enterprise Insight Remote Support getDocumentRootElement XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-53674
26 Nov 2024 — An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getDocumentRootElement method. Due to the improper restriction of XML External Entity (... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53673 – Hewlett Packard Enterprise Insight Remote Support DESTA Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53673
26 Nov 2024 — A java deserialization vulnerability in HPE Remote Insight Support allows an unauthenticated attacker to execute code. A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DESTA service, which lis... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11622 – Hewlett Packard Enterprise Insight Remote Support setInputStream XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-11622
26 Nov 2024 — An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the setInputStream method. Due to the improper restriction of XML External Entity (XXE) ref... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2208 – Sound Research SECOMN64 Escalation of Privilege
https://notcve.org/view.php?id=CVE-2024-2208
12 Nov 2024 — Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities. • https://support.hp.com/us-en/document/ish_11567250-11567490-16/hpsbhf03987 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47464 – Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files
https://notcve.org/view.php?id=CVE-2024-47464
05 Nov 2024 — An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote unauthorized access to files. Existe una vulnerabilidad de Path Traversal autenticado en Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad permite a un atacante copiar archivos arbitrarios a una u... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47463 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47463
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. Existe una vulnerabilidad de creación de archivos arbitrarios en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad podría permitir que un atacant... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47462 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47462
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. Existe una vulnerabilidad de creación de archivos arbitrarios en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad podría permitir que un atacant... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •