VYPR

Vendor CVEs

HPE

All CVEs

585 total · sorted by risk
  • CVE-2018-7101HigSep 27, 2018
    risk 0.49cvss 7.5epss 0.07

    A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.

  • CVE-2018-7077HigAug 14, 2018
    risk 0.49cvss 7.5epss 0.02

    A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive…

  • CVE-2018-7069HigAug 6, 2018
    risk 0.49cvss 7.5epss 0.02

    HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

  • CVE-2017-5812HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

  • CVE-2017-5803HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.08

    A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

  • CVE-2017-5801HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.07

    A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.

  • CVE-2017-5797HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.

  • CVE-2017-12545HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.07

    A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2016-8525HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.09

    A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

  • CVE-2016-8518HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

  • CVE-2016-8516HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

  • CVE-2016-4396HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

  • CVE-2016-4395HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

  • CVE-2016-4378HigAug 26, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before…

  • CVE-2016-4367HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4365HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4361HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…

  • CVE-2016-2027HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

  • CVE-2016-2026HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

  • CVE-2016-2025HigMay 30, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

  • CVE-2015-6861HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.01

    HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.

  • CVE-2015-5446HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.03

    HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-2001HigApr 12, 2016
    risk 0.48cvss 7.4epss 0.02

    HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.

  • CVE-2015-6863HigJan 16, 2016
    risk 0.48cvss 7.3epss 0.02

    HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

  • CVE-2026-23592HigJan 27, 2026
    risk 0.47cvss 7.2epss 0.01

    Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

  • CVE-2025-37127HigSep 16, 2025
    risk 0.47cvss 7.2epss 0.00

    A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating…

  • CVE-2025-37126HigSep 16, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…

  • CVE-2025-37102HigJul 8, 2025
    risk 0.47cvss 7.2epss 0.01

    An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system…

  • CVE-2024-54007HigJan 7, 2025
    risk 0.47cvss 7.2epss 0.02

    Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands…

  • CVE-2024-54006HigJan 7, 2025
    risk 0.47cvss 7.2epss 0.02

    Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands…

  • CVE-2024-41135HigJul 24, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…

  • CVE-2024-41134HigJul 24, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…

  • CVE-2024-41133HigJul 24, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…

  • CVE-2024-33519HigJul 24, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to…

  • CVE-2024-22437HigApr 15, 2024
    risk 0.47cvss 7.3epss 0.00

    A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.

  • CVE-2018-7105HigSep 27, 2018
    risk 0.47cvss 7.2epss 0.04

    A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to…

  • CVE-2018-7078HigAug 6, 2018
    risk 0.47cvss 7.2epss 0.07

    A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.

  • CVE-2025-37147HigOct 14, 2025
    risk 0.46cvss 7.1epss 0.00

    A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or…

  • CVE-2025-37104HigJul 16, 2025
    risk 0.46cvss 7.1epss 0.00

    A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized…

  • CVE-2016-2015HigMay 14, 2016
    risk 0.46cvss 7.1epss 0.00

    HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2024-22439MedApr 15, 2024
    risk 0.45cvss 6.9epss 0.00

    A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure.

  • CVE-2025-37129MedSep 16, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if…

  • CVE-2025-37128MedSep 16, 2025
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an…

  • CVE-2025-27081MedApr 10, 2025
    risk 0.44cvss 6.8epss 0.00

    A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.

  • CVE-2024-22440MedApr 17, 2024
    risk 0.44cvss 6.8epss 0.00

    A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files.

  • CVE-2014-5040MedJan 5, 2016
    risk 0.44cvss 6.8epss 0.01

    HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by…

  • CVE-2017-5798MedFeb 15, 2018
    risk 0.43cvss 6.1epss 0.08

    A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).

  • CVE-2017-5795MedFeb 15, 2018
    risk 0.43cvss 6.5epss 0.03

    A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.

  • CVE-2017-12555MedFeb 15, 2018
    risk 0.43cvss 6.5epss 0.03

    A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.

  • CVE-2016-8521MedFeb 15, 2018
    risk 0.43cvss 6.5epss 0.04

    A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

Page 5 of 12