CVE-2020-7147
published 2020-10-19CVE-2020-7147: A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s)…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.71%
93.1th percentile
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | intelligent_management_center | < 7.3 | 7.3 |
| hp | intelligent_management_center | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v9qj-fjh8-c3g9: A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) vers
ghsa_unreviewed·2022-05-24
CVE-2020-7147 [CRITICAL] CWE-917 GHSA-v9qj-fjh8-c3g9: A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) vers
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Red Hat
nasm: buffer overflow in crc64i() nasmlib/crc64.c
vendor_redhat·2019-04-23·CVSS 5.5
CVE-2020-18974 [MEDIUM] CWE-119 nasm: buffer overflow in crc64i() nasmlib/crc64.c
nasm: buffer overflow in crc64i() nasmlib/crc64.c
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
Package: nasm (Red Hat Enterprise Linux 6) - Out of support scope
Package: nasm (Red Hat Enterprise Linux 7) - Out of support scope
Package: nasm (Red Hat Enterprise Linux 8) - Fix deferred
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-19
Published