Filtered by vendor Hpe
Subscribe
Total
189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37928 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2025-05-02 | N/A | 8.0 HIGH |
|
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
|
|||||
| CVE-2021-46846 | 2 Hp, Hpe | 45 3par Service Processor, Apollo R2000 Chassis, Integrated Lights-out 5 Firmware and 42 more | 2025-05-02 | N/A | 6.4 MEDIUM |
|
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
|
|||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2025-05-01 | N/A | 6.1 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
|
|||||
| CVE-2016-7434 | 2 Hpe, Ntp | 2 Hpux-ntp, Ntp | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
|
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
|
|||||
| CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
|
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
|
|||||
| CVE-2017-6458 | 4 Apple, Hpe, Ntp and 1 more | 5 Mac Os X, Hpux-ntp, Ntp and 2 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
|
|||||
| CVE-2016-4370 | 1 Hpe | 1 Project And Portfolio Management Center | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2014-2608 | 3 Hpe, Linux, Microsoft | 3 Smart Update Manager, Linux Kernel, Windows | 2025-04-12 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
|
|||||
| CVE-2022-37934 | 2 Hp, Hpe | 20 Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a, Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware, Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a and 17 more | 2025-04-10 | N/A | 6.8 MEDIUM |
|
A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.
|
|||||
| CVE-2022-37933 | 1 Hpe | 4 Superdome Flex, Superdome Flex 280, Superdome Flex 280 Firmware and 1 more | 2025-04-10 | N/A | 7.3 HIGH |
|
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below.
|
|||||
| CVE-2007-5536 | 2 Hp, Hpe | 2 Hp-ux, Openssl | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
|
|||||
| CVE-2024-22441 | 1 Hpe | 1 Cray Parallel Application Launch Service | 2025-03-25 | N/A | 9.8 CRITICAL |
|
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.
|
|||||
| CVE-2022-37938 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | N/A | 9.8 CRITICAL |
|
Unauthenticated server side request forgery in HPE Serviceguard Manager
|
|||||
| CVE-2022-37937 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | N/A | 9.8 CRITICAL |
|
Pre-auth memory corruption in HPE Serviceguard
|
|||||
| CVE-2022-37936 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | N/A | 9.8 CRITICAL |
|
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
|
|||||
| CVE-2024-53676 | 1 Hpe | 1 Insight Remote Support | 2025-03-05 | N/A | 9.8 CRITICAL |
|
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
|
|||||
| CVE-2023-1168 | 1 Hpe | 20 Aruba Cx 10000-48y6, Aruba Cx 6200f 48g, Aruba Cx 6200m 24g and 17 more | 2025-02-26 | N/A | 7.2 HIGH |
|
An authenticated remote code execution vulnerability
exists in the AOS-CX Network Analytics Engine. Successful
exploitation of this vulnerability results in the ability to
execute arbitrary code as a privileged user on the underlying
operating system, leading to a complete compromise of the
switch running AOS-CX.
|
|||||
| CVE-2023-28085 | 1 Hpe | 1 Oneview Global Dashboard | 2025-02-06 | N/A | 5.5 MEDIUM |
|
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
|
|||||
| CVE-2023-28084 | 2 Hp, Hpe | 2 Oneview, Oneview Global Dashboard | 2025-02-03 | N/A | 5.5 MEDIUM |
|
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
|
|||||
| CVE-2018-7185 | 6 Canonical, Hpe, Netapp and 3 more | 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more | 2025-01-14 | 5.0 MEDIUM | 7.5 HIGH |
|
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
|
|||||
| CVE-2018-7170 | 4 Hpe, Netapp, Ntp and 1 more | 10 Hpux-ntp, Hci, Solidfire and 7 more | 2025-01-14 | 3.5 LOW | 5.3 MEDIUM |
|
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
|
|||||
| CVE-2017-9003 | 1 Hpe | 1 Arubaos | 2025-01-07 | 7.8 HIGH | 7.5 HIGH |
|
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
|
|||||
| CVE-2023-30905 | 1 Hpe | 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more | 2024-12-17 | N/A | 7.8 HIGH |
|
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
|
|||||
| CVE-2023-30904 | 1 Hpe | 1 Insight Remote Support | 2024-12-17 | N/A | 5.5 MEDIUM |
|
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
|
|||||
| CVE-2024-11622 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 7.3 HIGH |
|
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
|
|||||
| CVE-2024-53673 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 8.1 HIGH |
|
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.
|
|||||
| CVE-2024-53674 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 7.3 HIGH |
|
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
|
|||||
| CVE-2024-53675 | 1 Hpe | 1 Insight Remote Support | 2024-12-12 | N/A | 7.3 HIGH |
|
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
|
|||||
| CVE-2023-3718 | 1 Hpe | 27 Aruba Cx 10000-48y6, Aruba Cx 4100i, Aruba Cx 6000 12g and 24 more | 2024-11-21 | N/A | 8.8 HIGH |
|
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
|
|||||
| CVE-2023-39268 | 2 Arubanetworks, Hpe | 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more | 2024-11-21 | N/A | 4.5 MEDIUM |
|
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
|||||
| CVE-2023-39267 | 2 Arubanetworks, Hpe | 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more | 2024-11-21 | N/A | 6.6 MEDIUM |
|
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
|
|||||
| CVE-2023-39266 | 2 Arubanetworks, Hpe | 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more | 2024-11-21 | N/A | 8.3 HIGH |
|
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
|
|||||
| CVE-2023-30912 | 1 Hpe | 1 Oneview | 2024-11-21 | N/A | 7.2 HIGH |
|
A remote code execution issue exists in HPE OneView.
|
|||||
| CVE-2023-30911 | 1 Hpe | 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
|
|||||
| CVE-2023-30910 | 1 Hpe | 6 Msa 1060 Storage, Msa 1060 Storage Firmware, Msa 2060 Storage and 3 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.
|
|||||
| CVE-2023-30906 | 1 Hpe | 1 Intelligent Provisioning | 2024-11-21 | N/A | 7.5 HIGH |
|
The vulnerability could be locally exploited to allow escalation of privilege.
|
|||||
| CVE-2023-28083 | 2 Hp, Hpe | 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more | 2024-11-21 | N/A | 8.3 HIGH |
|
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
|
|||||
| CVE-2022-37940 | 1 Hpe | 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.
|
|||||
| CVE-2022-37939 | 1 Hpe | 4 Superdome Flex 280 Server, Superdome Flex 280 Server Firmware, Superdome Flex Server and 1 more | 2024-11-21 | N/A | 2.3 LOW |
|
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.
|
|||||