CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7130
https://notcve.org/view.php?id=CVE-2020-7130
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later. HPE OneView Global Dashboard (OVGD) versión 1.9, presenta una vulnerabilidad de divulgación de información remota. HPE OneView Global Dashboard- Después de la Actualización o en Instalación de OVGD versión 1.9, el Firewall del Dispositivo Puede Dejar Los Puertos Abiertos. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf03987en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-6277
https://notcve.org/view.php?id=CVE-2012-6277
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." Múltiples vulnerabilidades no especificadas en Autonomy KeyView IDOL versiones anteriores a 10.16, como es usado en Symantec Mail Security para Microsoft Exchange versiones anteriores a 6.5.8, Symantec Mail Security para Domino versiones anteriores a 8.1.1, Symantec Messaging Gateway versiones anteriores a 10.0.1, Symantec Data Loss Prevention (DLP) versiones anteriores a 11.6.1, IBM Notes versiones 8.5.x, IBM Lotus Domino versiones 8.5.x anteriores a 8.5.3 FP4, y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un archivo diseñado, relacionado con "una serie de problemas subyacentes" en los que "algunos de estos casos demostraron corrupción de la memoria con una entrada controlada por el atacante y podrían ser explotados para ejecutar código arbitrario". • https://support.symantec.com/us/en/article.symsa1262.html https://tools.cisco.com/security/center/viewAlert.x?alertId=27482 https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277 https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277 https://www.kb.cert.org/vuls/id/849841 https://www.securityfocus.com/bid/56610 https&# •
CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 3CVE-2020-7209 – HP LinuxKI 6.01 - Remote Command Injection
https://notcve.org/view.php?id=CVE-2020-7209
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. LinuxKI versiones v6.0-1 y anteriores, es vulnerable a una ejecución de código remota que es resuelta en la versión 6.0-2. HP LinuxKI version 6.01 suffers from a command injection vulnerability. • https://www.exploit-db.com/exploits/48483 http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7208
https://notcve.org/view.php?id=CVE-2020-7208
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. LinuxKI versiones v6.0-1 y anteriores, es vulnerable a un ataque de tipo XSS que es resuelto en la versión 6.0-2. • https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-18915 – HP System Event Utility - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-18915
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service. Se ha identificado una posible vulnerabilidad de seguridad con determinadas versiones de HP System Event Utility versión anterior a 1.4.33. Esta vulnerabilidad puede permitir a un atacante local ejecutar código arbitrario por medio de un servicio de sistema HP System Event Utility. The HP System Event service "HPMSGSVC.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. • https://www.exploit-db.com/exploits/48057 http://seclists.org/fulldisclosure/2020/Feb/8 https://support.hp.com/us-en/document/c06559359 • CWE-428: Unquoted Search Path or Element •