CVSS: 8.4EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28627
https://notcve.org/view.php?id=CVE-2022-28627
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). Se ha detectado una vulnerabilidad de ejecución local de código arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podría explotar localmente esta vulnerabilidad para ejecutar código arbitrario resultando en una pérdida completa de confidencialidad, integridad y disponibilidad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 8.4EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28628
https://notcve.org/view.php?id=CVE-2022-28628
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). Se ha detectado una vulnerabilidad de ejecución local de código arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podría explotar localmente esta vulnerabilidad para ejecutar código arbitrario resultando en una pérdida completa de confidencialidad, integridad y disponibilidad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 6.7EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28626
https://notcve.org/view.php?id=CVE-2022-28626
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). Se ha detectado una vulnerabilidad de ejecución local de código arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario con altos privilegios podría explotar localmente esta vulnerabilidad para ejecutar código arbitrario resultando en una pérdida completa de confidencialidad, integridad y disponibilidad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2021-29218
https://notcve.org/view.php?id=CVE-2021-29218
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. Se ha identificado una vulnerabilidad de seguridad en la ruta de búsqueda local no citada en HPE Agentless Management Service para Windows versiones: Anteriores a 1.44.0.0, 10.96.0.0. Esta vulnerabilidad podría ser explotada localmente por un usuario con altos privilegios para ejecutar malware que puede conllevar a una pérdida de confidencialidad, integridad y disponibilidad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04233en_us • CWE-428: Unquoted Search Path or Element •
CVSS: 7.2EPSS: 0%CPEs: 124EXPL: 0CVE-2020-7205
https://notcve.org/view.php?id=CVE-2020-7205
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04020en_us •