VYPR

Vendor CVEs

HPE

All CVEs

585 total · sorted by risk
  • CVE-2017-5689CriKEVMay 2, 2017
    risk 0.86cvss 9.8epss 0.92

    An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged…

  • CVE-2017-12542CriFeb 15, 2018
    risk 0.76cvss 10.0epss 0.99

    A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.

  • CVE-2017-5816CriFeb 15, 2018
    risk 0.74cvss 9.8epss 0.86

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2016-2004CriApr 21, 2016
    risk 0.74cvss 9.8epss 0.94

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

  • CVE-2017-5817CriFeb 15, 2018
    risk 0.73cvss 9.8epss 0.83

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-12557CriFeb 15, 2018
    risk 0.73cvss 9.8epss 0.80

    A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

  • CVE-2017-5815CriFeb 15, 2018
    risk 0.69cvss 9.8epss 0.34

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5792CriFeb 15, 2018
    risk 0.69cvss 9.8epss 0.35

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

  • CVE-2017-5791CriOct 11, 2017
    risk 0.69cvss 9.8epss 0.69

    The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.

  • CVE-2017-12558CriFeb 15, 2018
    risk 0.67cvss 9.8epss 0.38

    A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

  • CVE-2017-12556CriFeb 15, 2018
    risk 0.67cvss 9.8epss 0.38

    A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

  • CVE-2017-5806CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.23

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

  • CVE-2017-5805CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.23

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

  • CVE-2017-5804CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.23

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

  • CVE-2017-12561CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.31

    A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

  • CVE-2016-8519CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.28

    A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.

  • CVE-2016-1985CriJan 30, 2016
    risk 0.66cvss 10.0epss 0.07

    HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2018-7074CriAug 6, 2018
    risk 0.65cvss 9.8epss 0.17

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.

  • CVE-2016-4391CriAug 6, 2018
    risk 0.65cvss 9.8epss 0.20

    A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.

  • CVE-2017-5823CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5821CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.17

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5820CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5819CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5807CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.22

    A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

  • CVE-2017-5790CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.18

    A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

  • CVE-2016-8511CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.16

    A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.

  • CVE-2017-5789CriOct 11, 2017
    risk 0.65cvss 9.8epss 0.18

    HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.

  • CVE-2016-8205CriJan 14, 2017
    risk 0.65cvss 9.8epss 0.13

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-4359CriJun 8, 2016
    risk 0.65cvss 9.8epss 0.16

    Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch…

  • CVE-2016-2007CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.20

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.

  • CVE-2016-2006CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.20

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.

  • CVE-2016-2005CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.20

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.

  • CVE-2016-1995CriMar 18, 2016
    risk 0.65cvss 9.8epss 0.10

    HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-1989CriMar 15, 2016
    risk 0.65cvss 9.8epss 0.11

    HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.

  • CVE-2016-1988CriMar 15, 2016
    risk 0.65cvss 9.8epss 0.11

    HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

  • CVE-2025-37103CriJul 8, 2025
    risk 0.64cvss 9.8epss 0.01

    Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.

  • CVE-2025-37087CriApr 22, 2025
    risk 0.64cvss 9.8epss 0.00

    A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.

  • CVE-2024-13804CriMar 30, 2025
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated RCE in HPE Insight Cluster Management Utility

  • CVE-2024-42509CriNov 5, 2024
    risk 0.64cvss 9.8epss 0.02

    Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability…

  • CVE-2024-42506CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2018-7104CriSep 27, 2018
    risk 0.64cvss 9.8epss 0.09

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

  • CVE-2018-7103CriSep 27, 2018
    risk 0.64cvss 9.8epss 0.09

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

  • CVE-2018-7096CriAug 14, 2018
    risk 0.64cvss 9.8epss 0.03

    A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.

  • CVE-2018-7095CriAug 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.

  • CVE-2018-7072CriAug 6, 2018
    risk 0.64cvss 9.8epss 0.03

    A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

  • CVE-2017-5814CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.09

    A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

  • CVE-2017-5810CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.05

    A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

  • CVE-2017-5802CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.02

    A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.

  • CVE-2016-8512CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.06

    A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.

  • CVE-2017-14351CriSep 30, 2017
    risk 0.64cvss 9.8epss 0.04

    A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.

Page 1 of 12