VYPR

Vendor CVEs

HPE

All CVEs

585 total · sorted by risk
  • CVE-2026-23817MedMar 11, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.

  • CVE-2025-37130MedSep 16, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.

  • CVE-2024-51766MedNov 22, 2024
    risk 0.42cvss 6.5epss 0.00

    A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.

  • CVE-2024-22436MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.

  • CVE-2018-7109MedSep 27, 2018
    risk 0.42cvss 6.5epss 0.01

    HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.

  • CVE-2017-5787MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.02

    A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found.

  • CVE-2017-5785MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.01

    A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.

  • CVE-2017-5784MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.01

    A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

  • CVE-2017-5780MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.02

    A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

  • CVE-2017-12560MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.03

    A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

  • CVE-2017-12559MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.03

    A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

  • CVE-2017-12543MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.01

    A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.

  • CVE-2016-8514MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.02

    A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

  • CVE-2017-13985MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.03

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.

  • CVE-2017-13984MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.02

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.

  • CVE-2016-4394MedOct 28, 2016
    risk 0.42cvss 6.5epss 0.03

    HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

  • CVE-2016-4376MedAug 22, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-2013MedMay 7, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2012MedMay 7, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

  • CVE-2016-1994MedMar 18, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2017-5813MedFeb 15, 2018
    risk 0.41cvss 6.3epss 0.02

    A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

  • CVE-2015-6864MedJan 16, 2016
    risk 0.41cvss 6.3epss 0.01

    HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

  • CVE-2018-7091MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.

  • CVE-2018-7090MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.

  • CVE-2018-7075MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.

  • CVE-2018-7068MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

  • CVE-2016-4406MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.03

    A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.

  • CVE-2016-8517MedFeb 15, 2018
    risk 0.40cvss 6.1epss 0.02

    A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

  • CVE-2017-13986MedSep 30, 2017
    risk 0.40cvss 6.1epss 0.01

    A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

  • CVE-2016-4363MedJun 8, 2016
    risk 0.40cvss 6.1epss 0.02

    HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.

  • CVE-2025-37149MedOct 14, 2025
    risk 0.39cvss 6.0epss 0.00

    A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware.

  • CVE-2025-37112MedJul 31, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

  • CVE-2025-37111MedJul 31, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

  • CVE-2025-37110MedJul 31, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

  • CVE-2018-7108MedSep 27, 2018
    risk 0.39cvss 5.9epss 0.02

    HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific…

  • CVE-2017-14360MedNov 8, 2017
    risk 0.39cvss 5.9epss 0.02

    A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

  • CVE-2024-24456MedMar 31, 2025
    risk 0.38cvss 5.9epss 0.00

    An E-RAB Release Command packet containing a malformed NAS PDU will cause the Athonet MME to immediately crash, potentially due to a buffer overflow.

  • CVE-2024-24457MedNov 15, 2024
    risk 0.38cvss 5.9epss 0.00

    An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

  • CVE-2024-24455MedNov 15, 2024
    risk 0.38cvss 5.9epss 0.00

    An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

  • CVE-2024-24453MedNov 15, 2024
    risk 0.38cvss 5.9epss 0.00

    An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a…

  • CVE-2024-24452MedNov 15, 2024
    risk 0.38cvss 5.9epss 0.00

    An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

  • CVE-2016-1987MedFeb 18, 2016
    risk 0.38cvss 5.9epss 0.02

    HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.

  • CVE-2025-25041MedApr 1, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft…

  • CVE-2024-51764MedNov 15, 2024
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

  • CVE-2018-7100MedAug 14, 2018
    risk 0.36cvss 5.5epss 0.01

    A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of…

  • CVE-2018-7094MedAug 14, 2018
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.

  • CVE-2018-7073MedAug 6, 2018
    risk 0.36cvss 5.5epss 0.01

    A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

  • CVE-2017-5809MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.02

    A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

  • CVE-2017-5788MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

  • CVE-2017-5786MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14

Page 6 of 12