HP Integrated Lights-Out Improper Input Validation (CVE-2022-28636)

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28637)

A local Denial of Service DoS and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2018-7117)

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 iLO 5 for Gen10 ProLiant Servers earlier than version v1.40. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28635)

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

HP Integrated Lights-Out Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2019-11983)

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 iLO 4 earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 iLO 5 for Gen10 Servers earlier than version v1.39. This plugin only works with Tenable.ot. Please visit...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28640)

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2019-11982)

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 iLO 4 earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 iLO 5 for Gen10 Servers earlier than version v1.39. This plugin only works with Tenable.ot. Please visit...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28633)

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29206)

"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504401; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29206";...

HP Integrated Lights-Out Authentication Bypass Using an Alternate Path or Channel (CVE-2018-7113)

A security vulnerability in HPE Integrated Lights-Out 5 iLO 5 prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

HP Integrated Lights-Out Improper Input Validation (CVE-2014-7876)

Unspecified vulnerability in HP Integrated Lights-Out iLO firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management CM firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. This plugin only works with...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28632)

A potential arbitrary code execution and a denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute...

Malicious code in masv-ilo-civasum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c546ba4471e998c3243541bcb8c18e5c6859b2bdba80ea07741816bd5ad2e1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masv-ilo-cvaiu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1eae5620eb6d3f912780804378e364b84700989eccbbd349ec769af03e8a34e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masolv-ilo-cvaihu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f48df2be2770abc2c0d65f2b250ca333e81da77b4016490ef8b1f84047acb1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masv-ilo-cvasm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0912c670f0d874651883742e3d4bddf7731e06dfbbc987e6275fcff763e940a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masolv-ilo-cvhu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 955f5b4fb3d2d201343905c3e29be778345e9ea8d0aa4737be61b839b42e9ada This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masv-ilo-civasaum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c3edd09bdba60d5c255c04c932c91fb20e0913a0e5131c58da09314fb64c844 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in maslv-ilo-cvaginanavcuovhu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 656941ea059e1a32ea8b0a4298dd11fb63992a79bcb320facc3fcb2b6d39de74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183909 Malicious code in masv-ilo-cvaiu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1eae5620eb6d3f912780804378e364b84700989eccbbd349ec769af03e8a34e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...