CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0407 – Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0407
Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. Ciertas impresoras HP Enterprise LaserJet y HP LaserJet Managed son potencialmente vulnerables a la divulgación de información, cuando las conexiones realizadas por el dispositivo a los servicios habilitados por algunas soluciones pueden haber sido confiables sin el certificado CA apropiado en el almacén de certificados del dispositivo. • https://support.hp.com/us-en/document/ish_10174094-10174120-16 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6573
https://notcve.org/view.php?id=CVE-2023-6573
HPE OneView may have a missing passphrase during restore. Es posible que a HPE OneView le falte una frase de contraseña durante la restauración. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50275 – Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-50275
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. HPE OneView puede permitir la omisión de autenticación del servicio de clúster, lo que resulta en una denegación de servicio. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of proper validation of the attacker's IP address, which results in exposure of functionality that should be available only on the loopback interface. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability. The specific flaw exists within the startUpgradeCommon method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47158 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47158
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.1, 10.5 y 11.1 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 270750. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270750 https://security.netapp.com/advisory/ntap-20240307-0002 https://www.ibm.com/support/pages/node/7105496 • CWE-20: Improper Input Validation •