How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac

ThreatDown is happy to announce that our Vulnerability Assessment and Patch Management VPM tool is now available for Mac endpoints. There are hundreds of third-party apps that Mac endpoint use on a daily basis—and with that large number of apps comes a dizzying amount of software updates to apply...

Vulnerabilities fixed in Hewlett Packard OneView

Hewlett Packard has fixed vulnerabilities in OneView. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of authentication Remote code...

CVE-2023-6573

HPE OneView may have a missing passphrase during restore...

CVE-2023-6573

HPE OneView may have a missing passphrase during restore...

Design/Logic Flaw

HPE OneView may have a missing passphrase during restore...

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation...

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation...

Command injection

HPE OneView may allow command injection with local privilege escalation...

Authentication flaw

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CVE-2023-6573

HPE OneView may have a missing passphrase during restore...

CVE-2023-6573

HPE OneView may have a missing passphrase during restore...

CVE-2023-6573

Summary: CVE-2023-6573 affects Hewlett Packard Enterprise OneView due to a missing passphrase during the restore process. The NVD entry assigns a CVSSv3.1 base score of 5.5 (Medium) with Local attack vector, Low attack complexity, no privileges required, and user interaction needed; confidentiali...

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CVE-2023-50275

HPE OneView’s clusterService exposes an authentication bypass that can be exploited remotely to cause DoS. The vulnerability arises from inadequate validation of the attacker’s IP, exposing a function intended for loopback-only use, enabling a denial-of-service without authentication. Affected pr...

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation...

CVE-2023-50274

CVE-2023-50274 affects Hewlett Packard Enterprise OneView. The confirmed issue is a command injection with local privilege escalation. The explicit root cause described by the connected ZDI advisory is a flaw in the startUpgradeCommon method where a user-supplied string is not properly validated ...

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation...