Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0812 | 0.03 | — | 0.03 | Aug 12, 2002 | Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by… | |||
| CVE-2000-0702 | 0.03 | — | 0.01 | Oct 20, 2000 | The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. | |||
| CVE-2000-0468 | 0.03 | — | 0.01 | Jun 2, 2000 | man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. | |||
| CVE-1999-0050 | 0.03 | — | 0.01 | Dec 1, 1996 | Buffer overflow in HP-UX newgrp program. | |||
| CVE-2024-53675 | 0.02 | — | 0.84 | Nov 26, 2024 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | |||
| CVE-2021-29212 | 0.01 | — | 0.13 | Nov 1, 2021 | A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to… | |||
| CVE-2021-25140 | 0.01 | — | 0.12 | Feb 9, 2021 | A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500… | |||
| CVE-2021-25139 | 0.01 | — | 0.08 | Feb 9, 2021 | A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500… | |||
| CVE-2020-7199 | 0.01 | — | 0.09 | Dec 2, 2020 | A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands,… | |||
| CVE-2004-1332 | 0.01 | — | 0.10 | Dec 31, 2004 | Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. | |||
| CVE-2026-23816 | 0.00 | — | 0.01 | Mar 11, 2026 | A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | |||
| CVE-2026-23600 | 0.00 | — | 0.01 | Mar 2, 2026 | A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). | |||
| CVE-2025-37107 | 0.00 | — | 0.00 | Jul 16, 2025 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | |||
| CVE-2025-37106 | 0.00 | — | 0.00 | Jul 16, 2025 | An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | |||
| CVE-2025-37105 | 0.00 | — | 0.01 | Jul 16, 2025 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | |||
| CVE-2024-51770 | 0.00 | — | 0.00 | Jul 14, 2025 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||
| CVE-2024-51769 | 0.00 | — | 0.00 | Jul 14, 2025 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||
| CVE-2024-51768 | 0.00 | — | 0.00 | Jul 14, 2025 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||
| CVE-2024-51767 | 0.00 | — | 0.01 | Jul 14, 2025 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||
| CVE-2025-37099 | 0.00 | — | 0.01 | Jul 1, 2025 | A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. | |||
| CVE-2025-37098 | 0.00 | — | 0.30 | Jul 1, 2025 | A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. | |||
| CVE-2025-37097 | 0.00 | — | 0.00 | Jul 1, 2025 | A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service | |||
| CVE-2025-37096 | 0.00 | — | 0.01 | Jun 2, 2025 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37095 | 0.00 | — | 0.01 | Jun 2, 2025 | A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37094 | 0.00 | — | 0.01 | Jun 2, 2025 | A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37093 | 0.00 | — | 0.01 | Jun 2, 2025 | An authentication bypass vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37092 | 0.00 | — | 0.01 | Jun 2, 2025 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37091 | 0.00 | — | 0.01 | Jun 2, 2025 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37090 | 0.00 | — | 0.01 | Jun 2, 2025 | A server-side request forgery vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-37089 | 0.00 | — | 0.01 | Jun 2, 2025 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||
| CVE-2025-27086 | 0.00 | — | 0.00 | Apr 21, 2025 | A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication. | |||
| CVE-2025-23053 | 0.00 | — | 0.00 | Jan 28, 2025 | A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system. | |||
| CVE-2025-23054 | 0.00 | — | 0.00 | Jan 28, 2025 | A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user… | |||
| CVE-2025-23057 | 0.00 | — | 0.00 | Jan 28, 2025 | A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web… | |||
| CVE-2025-23056 | 0.00 | — | 0.00 | Jan 28, 2025 | A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web… | |||
| CVE-2025-23055 | 0.00 | — | 0.00 | Jan 28, 2025 | A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web… | |||
| CVE-2024-51773 | 0.00 | — | 0.00 | Dec 3, 2024 | A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the… | |||
| CVE-2024-51771 | 0.00 | — | 0.01 | Dec 3, 2024 | A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the… | |||
| CVE-2024-53674 | 0.00 | — | 0.47 | Nov 26, 2024 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | |||
| CVE-2024-53673 | 0.00 | — | 0.01 | Nov 26, 2024 | A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. | |||
| CVE-2024-11622 | 0.00 | — | 0.02 | Nov 26, 2024 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | |||
| CVE-2024-41136 | 0.00 | — | 0.01 | Jul 24, 2024 | An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying… | |||
| CVE-2024-22441 | 0.00 | — | 0.00 | Jun 13, 2024 | HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | |||
| CVE-2023-30912 | 0.00 | — | 0.01 | Oct 25, 2023 | A remote code execution issue exists in HPE OneView. | |||
| CVE-2023-30910 | 0.00 | — | 0.00 | Oct 9, 2023 | HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | |||
| CVE-2023-30909 | 0.00 | — | 0.01 | Sep 14, 2023 | A remote authentication bypass issue exists in some OneView APIs. | |||
| CVE-2023-30908 | 0.00 | — | 0.01 | Sep 7, 2023 | A remote authentication bypass issue exists in a OneView API. | |||
| CVE-2023-38402 | 0.00 | — | 0.00 | Aug 15, 2023 | A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting… | |||
| CVE-2023-38401 | 0.00 | — | 0.00 | Aug 15, 2023 | A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. | |||
| CVE-2023-30904 | 0.00 | — | 0.00 | Jun 16, 2023 | A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. |
- CVE-2002-0812Aug 12, 2002risk 0.03cvss —epss 0.03
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by…
- CVE-2000-0702Oct 20, 2000risk 0.03cvss —epss 0.01
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
- CVE-2000-0468Jun 2, 2000risk 0.03cvss —epss 0.01
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
- CVE-1999-0050Dec 1, 1996risk 0.03cvss —epss 0.01
Buffer overflow in HP-UX newgrp program.
- CVE-2024-53675Nov 26, 2024risk 0.02cvss —epss 0.84
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
- CVE-2021-29212Nov 1, 2021risk 0.01cvss —epss 0.13
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to…
- CVE-2021-25140Feb 9, 2021risk 0.01cvss —epss 0.12
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500…
- CVE-2021-25139Feb 9, 2021risk 0.01cvss —epss 0.08
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500…
- CVE-2020-7199Dec 2, 2020risk 0.01cvss —epss 0.09
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands,…
- CVE-2004-1332Dec 31, 2004risk 0.01cvss —epss 0.10
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
- CVE-2026-23816Mar 11, 2026risk 0.00cvss —epss 0.01
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
- CVE-2026-23600Mar 2, 2026risk 0.00cvss —epss 0.01
A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS).
- CVE-2025-37107Jul 16, 2025risk 0.00cvss —epss 0.00
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
- CVE-2025-37106Jul 16, 2025risk 0.00cvss —epss 0.00
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
- CVE-2025-37105Jul 16, 2025risk 0.00cvss —epss 0.01
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
- CVE-2024-51770Jul 14, 2025risk 0.00cvss —epss 0.00
An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
- CVE-2024-51769Jul 14, 2025risk 0.00cvss —epss 0.00
An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
- CVE-2024-51768Jul 14, 2025risk 0.00cvss —epss 0.00
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
- CVE-2024-51767Jul 14, 2025risk 0.00cvss —epss 0.01
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
- CVE-2025-37099Jul 1, 2025risk 0.00cvss —epss 0.01
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
- CVE-2025-37098Jul 1, 2025risk 0.00cvss —epss 0.30
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
- CVE-2025-37097Jul 1, 2025risk 0.00cvss —epss 0.00
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service
- CVE-2025-37096Jun 2, 2025risk 0.00cvss —epss 0.01
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37095Jun 2, 2025risk 0.00cvss —epss 0.01
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37094Jun 2, 2025risk 0.00cvss —epss 0.01
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37093Jun 2, 2025risk 0.00cvss —epss 0.01
An authentication bypass vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37092Jun 2, 2025risk 0.00cvss —epss 0.01
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37091Jun 2, 2025risk 0.00cvss —epss 0.01
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37090Jun 2, 2025risk 0.00cvss —epss 0.01
A server-side request forgery vulnerability exists in HPE StoreOnce Software.
- CVE-2025-37089Jun 2, 2025risk 0.00cvss —epss 0.01
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
- CVE-2025-27086Apr 21, 2025risk 0.00cvss —epss 0.00
A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.
- CVE-2025-23053Jan 28, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system.
- CVE-2025-23054Jan 28, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user…
- CVE-2025-23057Jan 28, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web…
- CVE-2025-23056Jan 28, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web…
- CVE-2025-23055Jan 28, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web…
- CVE-2024-51773Dec 3, 2024risk 0.00cvss —epss 0.00
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the…
- CVE-2024-51771Dec 3, 2024risk 0.00cvss —epss 0.01
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the…
- CVE-2024-53674Nov 26, 2024risk 0.00cvss —epss 0.47
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
- CVE-2024-53673Nov 26, 2024risk 0.00cvss —epss 0.01
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.
- CVE-2024-11622Nov 26, 2024risk 0.00cvss —epss 0.02
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
- CVE-2024-41136Jul 24, 2024risk 0.00cvss —epss 0.01
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying…
- CVE-2024-22441Jun 13, 2024risk 0.00cvss —epss 0.00
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.
- CVE-2023-30912Oct 25, 2023risk 0.00cvss —epss 0.01
A remote code execution issue exists in HPE OneView.
- CVE-2023-30910Oct 9, 2023risk 0.00cvss —epss 0.00
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.
- CVE-2023-30909Sep 14, 2023risk 0.00cvss —epss 0.01
A remote authentication bypass issue exists in some OneView APIs.
- CVE-2023-30908Sep 7, 2023risk 0.00cvss —epss 0.01
A remote authentication bypass issue exists in a OneView API.
- CVE-2023-38402Aug 15, 2023risk 0.00cvss —epss 0.00
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting…
- CVE-2023-38401Aug 15, 2023risk 0.00cvss —epss 0.00
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
- CVE-2023-30904Jun 16, 2023risk 0.00cvss —epss 0.00
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
Page 8 of 12