CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30912 – Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-30912
A remote code execution issue exists in HPE OneView. Existe un problema de ejecución remota de código en HPE OneView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Backup functionality. The issue results from the product's use of a hard-coded cryptographic key. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 0CVE-2023-30911
https://notcve.org/view.php?id=CVE-2023-30911
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. HPE Integrated Lights-Out 5 e Integrated Lights-Out 6 que utilizan iLOrest pueden provocar una Denegación de Servicio. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04544en_us •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30910
https://notcve.org/view.php?id=CVE-2023-30910
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. HPE MSA Controller anterior a la versión IN210R004 podría explotarse de forma remota para permitir una interpretación inconsistente de las solicitudes HTTP. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39268 – Memory Corruption Vulnerability in ArubaOS-Switch
https://notcve.org/view.php?id=CVE-2023-39268
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Una vulnerabilidad de corrupción de memoria en ArubaOS-Switch podría provocar la ejecución remota de código no autenticado al recibir paquetes especialmente manipulados. La explotación exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar código arbitrario como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39267 – Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface
https://notcve.org/view.php?id=CVE-2023-39267
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch. Existe una vulnerabilidad de ejecución remota de código autenticada en la interfaz de línea de comandos de ArubaOS-Switch. La explotación exitosa da como resultado una condición de denegación de servicio (DoS) en el switch. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt •