Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6862 | Hig | 0.55 | 8.4 | 0.01 | Jan 8, 2016 | HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | ||
| CVE-2015-6860 | Hig | 0.55 | 8.4 | 0.01 | Jan 5, 2016 | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | ||
| CVE-2024-22435 | Hig | 0.54 | 8.3 | 0.00 | Apr 15, 2024 | A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop system. | ||
| CVE-2017-14355 | Hig | 0.54 | 7.8 | 0.02 | Dec 5, 2017 | A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | ||
| CVE-2016-4382 | Hig | 0.54 | 8.3 | 0.02 | Sep 21, 2016 | HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. | ||
| CVE-2018-7092 | Hig | 0.53 | 7.5 | 0.53 | Aug 6, 2018 | A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. | ||
| CVE-2016-8530 | Hig | 0.53 | 7.5 | 0.49 | Feb 15, 2018 | A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version. | ||
| CVE-2017-13989 | Hig | 0.53 | 8.1 | 0.01 | Sep 30, 2017 | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | ||
| CVE-2016-4390 | Hig | 0.53 | 8.1 | 0.05 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. | ||
| CVE-2016-4389 | Hig | 0.53 | 8.1 | 0.05 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | ||
| CVE-2016-4388 | Hig | 0.53 | 8.1 | 0.05 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. | ||
| CVE-2016-4387 | Hig | 0.53 | 8.1 | 0.09 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. | ||
| CVE-2016-4377 | Hig | 0.53 | 8.1 | 0.07 | Aug 22, 2016 | HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP… | ||
| CVE-2016-4362 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2016-4358 | Hig | 0.53 | 8.1 | 0.01 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029. | ||
| CVE-2016-4357 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028. | ||
| CVE-2016-2030 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022. | ||
| CVE-2016-2028 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357. | ||
| CVE-2016-2022 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030. | ||
| CVE-2016-2021 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2020 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2019 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2017 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2014 | Hig | 0.53 | 8.1 | 0.02 | May 7, 2016 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | ||
| CVE-2016-1993 | Hig | 0.53 | 8.1 | 0.02 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2016-8513 | Hig | 0.52 | 8.0 | 0.01 | Feb 15, 2018 | A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | ||
| CVE-2016-4371 | Hig | 0.52 | 8.0 | 0.01 | Jun 19, 2016 | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,… | ||
| CVE-2016-1991 | Hig | 0.52 | 8.0 | 0.02 | Mar 16, 2016 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | ||
| CVE-2026-23599 | Hig | 0.51 | 7.8 | 0.00 | Feb 18, 2026 | A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. | ||
| CVE-2025-37186 | Hig | 0.51 | 7.8 | 0.00 | Jan 13, 2026 | A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. | ||
| CVE-2016-4386 | Hig | 0.51 | 7.8 | 0.01 | Sep 29, 2016 | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | ||
| CVE-2016-1990 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2016 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | ||
| CVE-2015-6859 | Hig | 0.51 | 7.8 | 0.00 | Jan 5, 2016 | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | ||
| CVE-2025-37100 | Hig | 0.50 | 7.7 | 0.00 | Jun 10, 2025 | A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system… | ||
| CVE-2017-5822 | Hig | 0.50 | 7.5 | 0.12 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5818 | Hig | 0.50 | 7.5 | 0.12 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5811 | Hig | 0.50 | 7.5 | 0.17 | Feb 15, 2018 | A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-5808 | Hig | 0.50 | 7.5 | 0.16 | Feb 15, 2018 | A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | ||
| CVE-2016-8529 | Hig | 0.50 | 7.6 | 0.04 | Feb 15, 2018 | A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version. | ||
| CVE-2016-8206 | Hig | 0.50 | 7.5 | 0.15 | Jan 14, 2017 | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | ||
| CVE-2016-7426 | Hig | 0.50 | 7.5 | 0.12 | Jan 13, 2017 | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | ||
| CVE-2016-4374 | Hig | 0.50 | 7.7 | 0.02 | Aug 8, 2016 | HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. | ||
| CVE-2016-1996 | Hig | 0.50 | 7.7 | 0.01 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2026-23826 | Hig | 0.49 | 7.5 | 0.00 | May 12, 2026 | A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition.… | ||
| CVE-2026-23593 | Hig | 0.49 | 7.5 | 0.01 | Jan 27, 2026 | A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory. | ||
| CVE-2025-37166 | Hig | 0.49 | 7.5 | 0.00 | Jan 13, 2026 | A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this… | ||
| CVE-2025-37165 | Hig | 0.49 | 7.5 | 0.00 | Jan 13, 2026 | A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets. | ||
| CVE-2025-37125 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2025 | A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly | ||
| CVE-2024-6206 | Hig | 0.49 | 7.5 | 0.00 | Jun 25, 2024 | A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the… | ||
| CVE-2018-7102 | Hig | 0.49 | 7.5 | 0.03 | Sep 27, 2018 | A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification. |
- risk 0.55cvss 8.4epss 0.01
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
- risk 0.55cvss 8.4epss 0.01
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
- risk 0.54cvss 8.3epss 0.00
A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop system.
- risk 0.54cvss 7.8epss 0.02
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
- risk 0.54cvss 8.3epss 0.02
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.
- risk 0.53cvss 7.5epss 0.53
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.
- risk 0.53cvss 7.5epss 0.49
A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
- risk 0.53cvss 8.1epss 0.01
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
- risk 0.53cvss 8.1epss 0.05
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.
- risk 0.53cvss 8.1epss 0.05
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.
- risk 0.53cvss 8.1epss 0.05
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.
- risk 0.53cvss 8.1epss 0.09
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.
- risk 0.53cvss 8.1epss 0.07
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP…
- risk 0.53cvss 8.1epss 0.02
HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.53cvss 8.1epss 0.01
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
- risk 0.53cvss 8.1epss 0.02
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
- risk 0.53cvss 8.1epss 0.02
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
- risk 0.53cvss 8.1epss 0.02
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
- risk 0.53cvss 8.1epss 0.02
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.02
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
- risk 0.53cvss 8.1epss 0.02
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.52cvss 8.0epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
- risk 0.52cvss 8.0epss 0.01
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…
- risk 0.52cvss 8.0epss 0.02
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
- risk 0.51cvss 7.8epss 0.00
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.
- risk 0.51cvss 7.8epss 0.00
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.
- risk 0.51cvss 7.8epss 0.01
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
- risk 0.50cvss 7.7epss 0.00
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system…
- risk 0.50cvss 7.5epss 0.12
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.50cvss 7.5epss 0.12
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.50cvss 7.5epss 0.17
A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.50cvss 7.5epss 0.16
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
- risk 0.50cvss 7.6epss 0.04
A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.
- risk 0.50cvss 7.5epss 0.15
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
- risk 0.50cvss 7.5epss 0.12
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
- risk 0.50cvss 7.7epss 0.02
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.
- risk 0.50cvss 7.7epss 0.01
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.49cvss 7.5epss 0.00
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition.…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.
- risk 0.49cvss 7.5epss 0.00
A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this…
- risk 0.49cvss 7.5epss 0.00
A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets.
- risk 0.49cvss 7.5epss 0.00
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly
- risk 0.49cvss 7.5epss 0.00
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the…
- risk 0.49cvss 7.5epss 0.03
A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.
Page 4 of 12