Filtered by vendor Hpe
Subscribe
Total
132 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25133 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-29 | 7.2 HIGH | 7.8 HIGH |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function. | |||||
CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2020-12-09 | 6.4 MEDIUM | N/A |
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | |||||
CVE-2020-24628 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2020-10-14 | 6.5 MEDIUM | 8.8 HIGH |
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | |||||
CVE-2020-24627 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2020-10-14 | 3.5 LOW | 5.4 MEDIUM |
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | |||||
CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2020-10-07 | 5.0 MEDIUM | 7.5 HIGH |
NTP through 4.2.8p12 has a NULL Pointer Dereference. | |||||
CVE-2020-24623 | 1 Hpe | 1 Universal Api Framework | 2020-09-30 | 3.3 LOW | 6.5 MEDIUM |
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). | |||||
CVE-2020-24625 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
CVE-2020-24624 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
CVE-2020-24626 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
CVE-2014-2608 | 3 Hpe, Linux, Microsoft | 3 Smart Update Manager, Linux Kernel, Windows | 2020-09-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors. | |||||
CVE-2018-7185 | 6 Canonical, Hpe, Netapp and 3 more | 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | |||||
CVE-2019-11987 | 1 Hpe | 1 Smart Update Manager | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege. | |||||
CVE-2018-7094 | 1 Hpe | 1 3par Service Provider | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. | |||||
CVE-2019-11996 | 1 Hpe | 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0. | |||||
CVE-2019-11988 | 1 Hpe | 1 Smart Update Manager | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5. | |||||
CVE-2016-7434 | 2 Hpe, Ntp | 2 Hpux-ntp, Ntp | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | |||||
CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |||||
CVE-2018-7170 | 4 Hpe, Netapp, Ntp and 1 more | 10 Hpux-ntp, Hci, Solidfire and 7 more | 2020-06-18 | 3.5 LOW | 5.3 MEDIUM |
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. | |||||
CVE-2020-7137 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2020-05-20 | 4.6 MEDIUM | 6.7 MEDIUM |
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. | |||||
CVE-2020-7136 | 1 Hpe | 1 Smart Update Manager | 2020-05-07 | 10.0 HIGH | 9.8 CRITICAL |
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). |