VYPR

Vendor CVEs

HPE

All CVEs

585 total · sorted by risk
  • CVE-2015-6862HigJan 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

  • CVE-2015-6860HigJan 5, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

  • CVE-2024-22435HigApr 15, 2024
    risk 0.54cvss 8.3epss 0.00

    A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop system.

  • CVE-2017-14355HigDec 5, 2017
    risk 0.54cvss 7.8epss 0.02

    A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.

  • CVE-2016-4382HigSep 21, 2016
    risk 0.54cvss 8.3epss 0.02

    HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.

  • CVE-2018-7092HigAug 6, 2018
    risk 0.53cvss 7.5epss 0.53

    A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.

  • CVE-2016-8530HigFeb 15, 2018
    risk 0.53cvss 7.5epss 0.49

    A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

  • CVE-2017-13989HigSep 30, 2017
    risk 0.53cvss 8.1epss 0.01

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

  • CVE-2016-4390HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.

  • CVE-2016-4389HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.

  • CVE-2016-4388HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.

  • CVE-2016-4387HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.09

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.

  • CVE-2016-4377HigAug 22, 2016
    risk 0.53cvss 8.1epss 0.07

    HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP…

  • CVE-2016-4362HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-4358HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.01

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

  • CVE-2016-4357HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

  • CVE-2016-2030HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

  • CVE-2016-2028HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

  • CVE-2016-2022HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

  • CVE-2016-2021HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2020HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2019HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2017HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2014HigMay 7, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

  • CVE-2016-1993HigMar 18, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-8513HigFeb 15, 2018
    risk 0.52cvss 8.0epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

  • CVE-2016-4371HigJun 19, 2016
    risk 0.52cvss 8.0epss 0.01

    HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…

  • CVE-2016-1991HigMar 16, 2016
    risk 0.52cvss 8.0epss 0.02

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

  • CVE-2026-23599HigFeb 18, 2026
    risk 0.51cvss 7.8epss 0.00

    A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

  • CVE-2025-37186HigJan 13, 2026
    risk 0.51cvss 7.8epss 0.00

    A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

  • CVE-2016-4386HigSep 29, 2016
    risk 0.51cvss 7.8epss 0.01

    HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.

  • CVE-2016-1990HigMar 16, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.

  • CVE-2015-6859HigJan 5, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.

  • CVE-2025-37100HigJun 10, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system…

  • CVE-2017-5822HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.12

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5818HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.12

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5811HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.17

    A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

  • CVE-2017-5808HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.16

    A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

  • CVE-2016-8529HigFeb 15, 2018
    risk 0.50cvss 7.6epss 0.04

    A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

  • CVE-2016-8206HigJan 14, 2017
    risk 0.50cvss 7.5epss 0.15

    A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.

  • CVE-2016-7426HigJan 13, 2017
    risk 0.50cvss 7.5epss 0.12

    NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

  • CVE-2016-4374HigAug 8, 2016
    risk 0.50cvss 7.7epss 0.02

    HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.

  • CVE-2016-1996HigMar 18, 2016
    risk 0.50cvss 7.7epss 0.01

    HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2026-23826HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition.…

  • CVE-2026-23593HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.

  • CVE-2025-37166HigJan 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this…

  • CVE-2025-37165HigJan 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets.

  • CVE-2025-37125HigSep 16, 2025
    risk 0.49cvss 7.5epss 0.00

    A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly

  • CVE-2024-6206HigJun 25, 2024
    risk 0.49cvss 7.5epss 0.00

    A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the…

  • CVE-2018-7102HigSep 27, 2018
    risk 0.49cvss 7.5epss 0.03

    A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.

Page 4 of 12