VYPR

Vendor CVEs

HPE

All CVEs

585 total · sorted by risk
  • CVE-2017-12553MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12552MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12551MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12550MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12549MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12548MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12547MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12546MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2016-2023MedMay 30, 2016
    risk 0.36cvss 5.5epss 0.00

    HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2016MedMay 14, 2016
    risk 0.36cvss 5.5epss 0.00

    Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and…

  • CVE-2018-7070MedAug 6, 2018
    risk 0.35cvss 5.3epss 0.02

    HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

  • CVE-2016-4392MedAug 6, 2018
    risk 0.35cvss 5.4epss 0.01

    A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.

  • CVE-2017-5800MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.

  • CVE-2017-5783MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.01

    A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

  • CVE-2017-5782MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

  • CVE-2017-12544MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.05

    A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2016-8532MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.

  • CVE-2016-8531MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.02

    A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.

  • CVE-2016-8522MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

  • CVE-2017-14359MedNov 3, 2017
    risk 0.35cvss 5.4epss 0.01

    A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.

  • CVE-2017-13991MedSep 30, 2017
    risk 0.35cvss 5.3epss 0.01

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

  • CVE-2017-13990MedSep 30, 2017
    risk 0.35cvss 5.3epss 0.01

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

  • CVE-2016-4393MedOct 28, 2016
    risk 0.35cvss 5.4epss 0.01

    HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

  • CVE-2016-4380MedSep 8, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-2011MedMay 7, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

  • CVE-2016-2010MedMay 7, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

  • CVE-2015-5447MedJan 5, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2025-37131MedSep 16, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.

  • CVE-2016-4381MedSep 8, 2016
    risk 0.29cvss 4.5epss 0.00

    HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors.

  • CVE-2024-42504MedOct 3, 2024
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.

  • CVE-2018-7071MedAug 6, 2018
    risk 0.28cvss 4.3epss 0.01

    HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.

  • CVE-2024-54009MedDec 19, 2024
    risk 0.26cvss 4.0epss 0.00

    Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.

  • CVE-2024-11856LowDec 2, 2024
    risk 0.24cvss 3.7epss 0.00

    A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.

  • CVE-2016-4379LowSep 8, 2016
    risk 0.24cvss 3.7epss 0.02

    The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay…

  • CVE-2025-37109LowJul 31, 2025
    risk 0.23cvss 3.5epss 0.00

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product

  • CVE-2025-37108LowJul 31, 2025
    risk 0.23cvss 3.5epss 0.00

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product

  • CVE-2016-8535LowFeb 15, 2018
    risk 0.23cvss 3.5epss 0.01

    A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

  • CVE-2024-54010LowJan 8, 2025
    risk 0.22cvss 3.4epss 0.00

    A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires…

  • CVE-2025-25040LowMar 18, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is…

  • CVE-2021-29203May 6, 2021
    risk 0.07cvss epss 0.68

    A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of…

  • CVE-2024-53676Nov 27, 2024
    risk 0.06cvss epss 0.51

    A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.

  • CVE-2020-7136Apr 30, 2020
    risk 0.05cvss epss 0.80

    A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the…

  • CVE-2005-3277Oct 21, 2005
    risk 0.05cvss epss 0.19

    The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different…

  • CVE-2019-11944Jun 5, 2019
    risk 0.03cvss epss 0.13

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2006-5557Oct 27, 2006
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…

  • CVE-2006-5556Oct 27, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

  • CVE-2003-1097Dec 31, 2003
    risk 0.03cvss epss 0.04

    Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

  • CVE-2003-1461Dec 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).

  • CVE-2003-0840Nov 17, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

  • CVE-2002-1473Apr 22, 2003
    risk 0.03cvss epss 0.04

    Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

Page 7 of 12