CVE-2024-33519 – Authenticated Server-Side prototype pollution Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-33519
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-6206
https://notcve.org/view.php?id=CVE-2024-6206
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system. Se ha identificado una vulnerabilidad de seguridad en el software HPE Athonet Mobile Core. La aplicación principal contiene una vulnerabilidad de inyección de código donde un actor de amenazas podría ejecutar comandos arbitrarios con el privilegio del contenedor subyacente, lo que llevaría a tomar el control completo del sistema de destino. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-22441
https://notcve.org/view.php?id=CVE-2024-22441
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. El servicio de lanzamiento de aplicaciones paralelas (PALS) de HPE Cray está sujeto a una omisión de autenticación. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04653en_us&docLocale=en_US •
CVE-2024-22436
https://notcve.org/view.php?id=CVE-2024-22436
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. Una vulnerabilidad de seguridad en los productos HPE IceWall Agent podría explotarse de forma remota para provocar una denegación de servicio. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbmu04626en_us • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-50272
https://notcve.org/view.php?id=CVE-2023-50272
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. Se ha identificado una posible vulnerabilidad de seguridad en HPE Integrated Lights-Out 5 (iLO 5) y Integrated Lights-Out 6 (iLO 6). La vulnerabilidad podría explotarse de forma remota para permitir eludir la autenticación. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us •