Filtered by vendor Hpe
Subscribe
Total
132 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28618 | 1 Hpe | 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
CVE-2022-23705 | 1 Hpe | 1 Nimbleos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more | 2022-05-23 | 2.6 LOW | 5.3 MEDIUM |
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||||
CVE-2022-23704 | 2 Hp, Hpe | 59 Integrated Lights-out 4, Apollo 4200 Gen9 Server, Proliant Bl420c Gen8 Server and 56 more | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later. | |||||
CVE-2021-26579 | 1 Hpe | 1 Unified Data Management | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys. | |||||
CVE-2022-23702 | 1 Hpe | 4 Superdome Flex 280 Server, Superdome Flex 280 Server Firmware, Superdome Flex Server and 1 more | 2022-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. | |||||
CVE-2021-41005 | 1 Hpe | 14 Aruba Instant On 1930 24g 4sfp\/sfp\+, Aruba Instant On 1930 24g 4sfp\/sfp\+ Firmware, Aruba Instant On 1930 24g Class4 Poe 4sfp\/sfp\+ 195w and 11 more | 2022-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | |||||
CVE-2021-41004 | 1 Hpe | 14 Aruba Instant On 1930 24g 4sfp\/sfp\+, Aruba Instant On 1930 24g 4sfp\/sfp\+ Firmware, Aruba Instant On 1930 24g Class4 Poe 4sfp\/sfp\+ 195w and 11 more | 2022-04-20 | 7.8 HIGH | 7.5 HIGH |
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | |||||
CVE-2016-9042 | 4 Freebsd, Hpe, Ntp and 1 more | 5 Freebsd, Hpux-ntp, Ntp and 2 more | 2022-04-19 | 4.3 MEDIUM | 5.9 MEDIUM |
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. | |||||
CVE-2022-23703 | 1 Hpe | 1 Nimbleos | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 | |||||
CVE-2019-11136 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2022-04-18 | 4.6 MEDIUM | 6.7 MEDIUM |
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
CVE-2022-23701 | 1 Hpe | 2 Integrated Lights-out, Integrated Lights-out 4 | 2022-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4). | |||||
CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2022-03-04 | 5.8 MEDIUM | 6.1 MEDIUM |
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
CVE-2021-29216 | 1 Hpe | 1 Oneview Global Dashboard | 2022-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
CVE-2022-25256 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2022-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. | |||||
CVE-2021-29219 | 1 Hpe | 14 Flexnetwork 5130 Jg932a, Flexnetwork 5130 Jg932a Firmware, Flexnetwork 5130 Jg933a and 11 more | 2022-02-09 | 4.6 MEDIUM | 7.8 HIGH |
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. | |||||
CVE-2021-29218 | 2 Hpe, Microsoft | 14 Agentless Management, Apollo 20, Apollo 2000 Gen 10 Plus and 11 more | 2022-02-09 | 4.6 MEDIUM | 6.7 MEDIUM |
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. | |||||
CVE-2021-29215 | 1 Hpe | 2 Ezmeral Data Fabric, Tez | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric. | |||||
CVE-2021-29213 | 1 Hpe | 6 Proliant Dl20 Gen10 Server, Proliant Dl20 Gen10 Server Firmware, Proliant Microserver Gen10 Plus and 3 more | 2021-11-02 | 7.2 HIGH | 6.7 MEDIUM |
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity. | |||||
CVE-2021-26588 | 1 Hpe | 19 3par Os, 3par Storeserv 10400, 3par Storeserv 10800 and 16 more | 2021-10-18 | 10.0 HIGH | 9.8 CRITICAL |
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware. |