CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6071
https://notcve.org/view.php?id=CVE-2023-6071
30 Nov 2023 — An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source. Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando en ESM anterior a la versión 11.6.9 permite a un administrador remoto ejecutar código arbitrario como root en ESM. Esto es posible porque la ... • https://kcm.trellix.com/corporate/index?page=content&id=SB10413 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6070
https://notcve.org/view.php?id=CVE-2023-6070
29 Nov 2023 — A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data Una vulnerabilidad de server-side request forgery en ESM anterior a la versión 11.6.8 permite que un usuario autenticado con pocos privilegios cargue contenido arbitrario, alterando potenci... • https://kcm.trellix.com/corporate/index?page=content&id=SB10413 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3314
https://notcve.org/view.php?id=CVE-2023-3314
03 Jul 2023 — A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. • https://kcm.trellix.com/corporate/index?page=content&id=SB10403 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3313
https://notcve.org/view.php?id=CVE-2023-3313
03 Jul 2023 — An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. • https://kcm.trellix.com/corporate/index?page=content&id=SB10403 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3632 – Directory Traversal vulnerability could lead to elevated privileges
https://notcve.org/view.php?id=CVE-2019-3632
27 Jun 2019 — Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. vulnerabilidad de directorio transversal en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite a los usuarios identificados obtener privilegios elevados a través de una entrada especialmente diseñada.. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3631 – Command Injection could allow authenticated users to execute arbitrary code
https://notcve.org/view.php?id=CVE-2019-3631
27 Jun 2019 — Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Vulnerabilidad de inyección de comandos en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite que el usuario identificado ejecute códigos arbitrarios mediante parámetros creados especiales diseñados • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3630 – Command Injection could allow authenticated users to execute arbitrary code
https://notcve.org/view.php?id=CVE-2019-3630
27 Jun 2019 — Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. La vulnerabilidad de la inyección de comandos en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite al usuario autorizado ejecutar código arbitrario a través de parámetros especialmente diseñados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3629 – Application protections bypass vulnerability could allow unauthenticated user to impersonate system users
https://notcve.org/view.php?id=CVE-2019-3629
27 Jun 2019 — Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. La vulnerabilidad de omisión de la protección de aplicaciones en McAfee Enterprise Security Manager (ESM) anterior a la 11.2.0 y anterior a la 10.4.0 permite a los usuarios no identificados hacerse pasar por usuarios del sistema a través de parámetros especialmente diseñados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1992 – HP Security Bulletin HPSBGN03558 1
https://notcve.org/view.php?id=CVE-2016-1992
16 Mar 2016 — HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. HPE ArcSight ESM en versiones anterioes a 6.8c y ArcSight ESM Express en versiones anteriores a 6.9.1, permiten a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. A potential security vulnerability has been identified with ArcSight ESM and ESM Express. The vulnerability could be remotely exploited to a... • http://www.securitytracker.com/id/1035307 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 90%CPEs: 58EXPL: 0CVE-2015-7704 – ntp: disabling synchronization via crafted KoD packet
https://notcve.org/view.php?id=CVE-2015-7704
21 Oct 2015 — The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. El cliente ntpd en NTP 4.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio empleando una serie de mensajes "KOD" manipulados. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use thi... • http://bugs.ntp.org/show_bug.cgi?id=2901 • CWE-20: Improper Input Validation •