Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hpe Subscribe
Total 132 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25133 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2021-01-29 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.
CVE-2002-0812 2 Hpe, Proxim 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more 2020-12-09 6.4 MEDIUM N/A
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVE-2020-24628 1 Hpe 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware 2020-10-14 6.5 MEDIUM 8.8 HIGH
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
CVE-2020-24627 1 Hpe 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware 2020-10-14 3.5 LOW 5.4 MEDIUM
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
CVE-2019-8936 5 Fedoraproject, Hpe, Netapp and 2 more 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more 2020-10-07 5.0 MEDIUM 7.5 HIGH
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2020-24623 1 Hpe 1 Universal Api Framework 2020-09-30 3.3 LOW 6.5 MEDIUM
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
CVE-2020-24625 1 Hpe 1 Utility Computing Service Meter 2020-09-29 5.0 MEDIUM 7.5 HIGH
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVE-2020-24624 1 Hpe 1 Utility Computing Service Meter 2020-09-29 5.0 MEDIUM 7.5 HIGH
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVE-2020-24626 1 Hpe 1 Utility Computing Service Meter 2020-09-29 7.5 HIGH 9.8 CRITICAL
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVE-2014-2608 3 Hpe, Linux, Microsoft 3 Smart Update Manager, Linux Kernel, Windows 2020-09-28 7.2 HIGH N/A
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
CVE-2018-7185 6 Canonical, Hpe, Netapp and 3 more 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more 2020-08-24 5.0 MEDIUM 7.5 HIGH
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
CVE-2019-11987 1 Hpe 1 Smart Update Manager 2020-08-24 4.6 MEDIUM 7.8 HIGH
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
CVE-2018-7094 1 Hpe 1 3par Service Provider 2020-08-24 2.1 LOW 5.5 MEDIUM
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.
CVE-2019-11996 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
CVE-2019-11988 1 Hpe 1 Smart Update Manager 2020-08-24 7.5 HIGH 9.8 CRITICAL
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
CVE-2016-7434 2 Hpe, Ntp 2 Hpux-ntp, Ntp 2020-06-18 4.3 MEDIUM 7.5 HIGH
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more 2020-06-18 4.3 MEDIUM 7.5 HIGH
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2020-06-18 3.5 LOW 5.3 MEDIUM
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2020-7137 1 Hpe 2 Superdome Flex Server, Superdome Flex Server Firmware 2020-05-20 4.6 MEDIUM 6.7 MEDIUM
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue.
CVE-2020-7136 1 Hpe 1 Smart Update Manager 2020-05-07 10.0 HIGH 9.8 CRITICAL
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).