Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hpe Subscribe
Total 132 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26587 1 Hpe 12 Storeonce 3620, Storeonce 3620 Firmware, Storeonce 3640 and 9 more 2021-10-05 6.0 MEDIUM 6.5 MEDIUM
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
CVE-2021-26580 1 Hpe 1 Integrated Lights-out Amplifier 2021-09-14 4.3 MEDIUM 6.1 MEDIUM
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later.
CVE-2020-7138 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2021-07-21 6.5 MEDIUM 8.8 HIGH
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVE-2020-7205 1 Hpe 118 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4200 Gen9 Server and 115 more 2021-07-21 7.2 HIGH 6.7 MEDIUM
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications.
CVE-2020-7139 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2021-07-21 5.5 MEDIUM 8.1 HIGH
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVE-2017-6458 4 Apple, Hpe, Ntp and 1 more 5 Mac Os X, Hpux-ntp, Ntp and 2 more 2021-07-12 6.5 MEDIUM 8.8 HIGH
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
CVE-2021-26581 1 Hpe 2 Superdome Flex Server, Superdome Flex Server Firmware 2021-04-06 4.0 MEDIUM 6.5 MEDIUM
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later.
CVE-2021-26570 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-03-26 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
CVE-2021-26578 1 Hpe 1 Network Orchestrator 2021-03-25 5.0 MEDIUM 7.5 HIGH
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
CVE-2021-3191 1 Hpe 2 Nonstop, Web Viewpoint 2021-02-26 9.0 HIGH 8.8 HIGH
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).
CVE-2021-22267 1 Hpe 2 Nonstop, Web Viewpoint 2021-02-26 4.3 MEDIUM 5.9 MEDIUM
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).
CVE-2021-25141 2 Arubanetworks, Hpe 30 Aruba 2530ya, Aruba 2530ya Firmware, Aruba 2530yb and 27 more 2021-02-16 4.9 MEDIUM 4.4 MEDIUM
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.
CVE-2021-26572 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
CVE-2021-25169 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
CVE-2021-25170 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.
CVE-2021-26571 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
CVE-2021-25171 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
CVE-2021-25168 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.
CVE-2021-25142 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.
CVE-2021-26574 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2021-02-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.