Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30903 | 0.00 | — | 0.00 | Jun 16, 2023 | HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. | |||
| CVE-2023-22779 | 0.00 | — | 0.02 | May 8, 2023 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of… | |||
| CVE-2023-28092 | 0.00 | — | 0.00 | May 1, 2023 | A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. | |||
| CVE-2023-28084 | 0.00 | — | 0.00 | Apr 25, 2023 | HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | |||
| CVE-2023-28090 | 0.00 | — | 0.00 | Apr 25, 2023 | An HPE OneView appliance dump may expose SNMPv3 read credentials | |||
| CVE-2023-28089 | 0.00 | — | 0.00 | Apr 25, 2023 | An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | |||
| CVE-2023-28088 | 0.00 | — | 0.00 | Apr 25, 2023 | An HPE OneView appliance dump may expose SAN switch administrative credentials | |||
| CVE-2023-28087 | 0.00 | — | 0.00 | Apr 25, 2023 | An HPE OneView appliance dump may expose OneView user accounts | |||
| CVE-2023-28086 | 0.00 | — | 0.00 | Apr 25, 2023 | An HPE OneView appliance dump may expose proxy credential settings | |||
| CVE-2023-28091 | 0.00 | — | 0.00 | Apr 14, 2023 | HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump | |||
| CVE-2022-37940 | 0.00 | — | 0.00 | Mar 15, 2023 | Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE… | |||
| CVE-2022-37939 | 0.00 | — | 0.00 | Mar 8, 2023 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex… | |||
| CVE-2023-22749 | 0.00 | — | 0.02 | Feb 28, 2023 | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these… | |||
| CVE-2022-37938 | 0.00 | — | 0.01 | Feb 22, 2023 | Unauthenticated server side request forgery in HPE Serviceguard Manager | |||
| CVE-2022-37936 | 0.00 | — | 0.01 | Feb 22, 2023 | Unauthenticated Java deserialization vulnerability in Serviceguard Manager | |||
| CVE-2022-37935 | 0.00 | — | 0.00 | Feb 18, 2023 | HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | |||
| CVE-2022-37934 | 0.00 | — | 0.02 | Jan 3, 2023 | A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850… | |||
| CVE-2022-37933 | 0.00 | — | 0.00 | Jan 3, 2023 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome… | |||
| CVE-2022-37931 | 0.00 | — | 0.00 | Nov 22, 2022 | A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. | |||
| CVE-2022-23678 | 0.00 | — | 0.01 | Sep 6, 2022 | A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for… | |||
| CVE-2022-28623 | 0.00 | — | 0.01 | Jul 8, 2022 | Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL… | |||
| CVE-2022-28624 | 0.00 | — | 0.00 | Jul 8, 2022 | A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE… | |||
| CVE-2022-28621 | 0.00 | — | 0.01 | Jun 28, 2022 | A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. | |||
| CVE-2022-28622 | 0.00 | — | 0.01 | Jun 27, 2022 | A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce… | |||
| CVE-2022-28620 | 0.00 | — | 0.01 | Jun 24, 2022 | A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis… | |||
| CVE-2022-28618 | 0.00 | — | 0.02 | May 20, 2022 | A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has… | |||
| CVE-2022-23705 | 0.00 | — | 0.01 | May 9, 2022 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array.… | |||
| CVE-2022-23703 | 0.00 | — | 0.01 | Apr 12, 2022 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for… | |||
| CVE-2022-23702 | 0.00 | — | 0.00 | Apr 12, 2022 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware… | |||
| CVE-2021-29220 | 0.00 | — | 0.02 | Feb 24, 2022 | Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and… | |||
| CVE-2021-29218 | 0.00 | — | 0.00 | Feb 4, 2022 | A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a… | |||
| CVE-2021-29219 | 0.00 | — | 0.00 | Feb 4, 2022 | A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version… | |||
| CVE-2021-29215 | 0.00 | — | 0.01 | Jan 18, 2022 | A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9:… | |||
| CVE-2021-29214 | 0.00 | — | 0.01 | Dec 10, 2021 | A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays… | |||
| CVE-2021-29213 | 0.00 | — | 0.00 | Nov 1, 2021 | A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause… | |||
| CVE-2021-26589 | 0.00 | — | 0.01 | Oct 19, 2021 | A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the… | |||
| CVE-2021-37732 | 0.00 | — | 0.03 | Oct 12, 2021 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and… | |||
| CVE-2021-26588 | 0.00 | — | 0.02 | Oct 11, 2021 | A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts… | |||
| CVE-2021-26587 | 0.00 | — | 0.00 | Sep 27, 2021 | A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the… | |||
| CVE-2021-26586 | 0.00 | — | 0.02 | Aug 5, 2021 | A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates… | |||
| CVE-2021-34618 | 0.00 | — | 0.00 | Jul 19, 2021 | A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x:… | |||
| CVE-2021-26584 | 0.00 | — | 0.01 | Jun 3, 2021 | A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC). | |||
| CVE-2021-29209 | 0.00 | — | 0.01 | May 25, 2021 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity… | |||
| CVE-2021-29208 | 0.00 | — | 0.01 | May 25, 2021 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity… | |||
| CVE-2021-29211 | 0.00 | — | 0.01 | May 25, 2021 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380… | |||
| CVE-2021-29210 | 0.00 | — | 0.01 | May 25, 2021 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity… | |||
| CVE-2021-29207 | 0.00 | — | 0.01 | May 25, 2021 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380… | |||
| CVE-2021-29206 | 0.00 | — | 0.01 | May 25, 2021 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380… | |||
| CVE-2021-29205 | 0.00 | — | 0.01 | May 25, 2021 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380… | |||
| CVE-2021-29204 | 0.00 | — | 0.01 | May 25, 2021 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380… |
- CVE-2023-30903Jun 16, 2023risk 0.00cvss —epss 0.00
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
- CVE-2023-22779May 8, 2023risk 0.00cvss —epss 0.02
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of…
- CVE-2023-28092May 1, 2023risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
- CVE-2023-28084Apr 25, 2023risk 0.00cvss —epss 0.00
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
- CVE-2023-28090Apr 25, 2023risk 0.00cvss —epss 0.00
An HPE OneView appliance dump may expose SNMPv3 read credentials
- CVE-2023-28089Apr 25, 2023risk 0.00cvss —epss 0.00
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
- CVE-2023-28088Apr 25, 2023risk 0.00cvss —epss 0.00
An HPE OneView appliance dump may expose SAN switch administrative credentials
- CVE-2023-28087Apr 25, 2023risk 0.00cvss —epss 0.00
An HPE OneView appliance dump may expose OneView user accounts
- CVE-2023-28086Apr 25, 2023risk 0.00cvss —epss 0.00
An HPE OneView appliance dump may expose proxy credential settings
- CVE-2023-28091Apr 14, 2023risk 0.00cvss —epss 0.00
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
- CVE-2022-37940Mar 15, 2023risk 0.00cvss —epss 0.00
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE…
- CVE-2022-37939Mar 8, 2023risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex…
- CVE-2023-22749Feb 28, 2023risk 0.00cvss —epss 0.02
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these…
- CVE-2022-37938Feb 22, 2023risk 0.00cvss —epss 0.01
Unauthenticated server side request forgery in HPE Serviceguard Manager
- CVE-2022-37936Feb 22, 2023risk 0.00cvss —epss 0.01
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
- CVE-2022-37935Feb 18, 2023risk 0.00cvss —epss 0.00
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password.
- CVE-2022-37934Jan 3, 2023risk 0.00cvss —epss 0.02
A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850…
- CVE-2022-37933Jan 3, 2023risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome…
- CVE-2022-37931Nov 22, 2022risk 0.00cvss —epss 0.00
A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.
- CVE-2022-23678Sep 6, 2022risk 0.00cvss —epss 0.01
A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for…
- CVE-2022-28623Jul 8, 2022risk 0.00cvss —epss 0.01
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL…
- CVE-2022-28624Jul 8, 2022risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE…
- CVE-2022-28621Jun 28, 2022risk 0.00cvss —epss 0.01
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.
- CVE-2022-28622Jun 27, 2022risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce…
- CVE-2022-28620Jun 24, 2022risk 0.00cvss —epss 0.01
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis…
- CVE-2022-28618May 20, 2022risk 0.00cvss —epss 0.02
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has…
- CVE-2022-23705May 9, 2022risk 0.00cvss —epss 0.01
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array.…
- CVE-2022-23703Apr 12, 2022risk 0.00cvss —epss 0.01
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for…
- CVE-2022-23702Apr 12, 2022risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware…
- CVE-2021-29220Feb 24, 2022risk 0.00cvss —epss 0.02
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and…
- CVE-2021-29218Feb 4, 2022risk 0.00cvss —epss 0.00
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a…
- CVE-2021-29219Feb 4, 2022risk 0.00cvss —epss 0.00
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version…
- CVE-2021-29215Jan 18, 2022risk 0.00cvss —epss 0.01
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9:…
- CVE-2021-29214Dec 10, 2021risk 0.00cvss —epss 0.01
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays…
- CVE-2021-29213Nov 1, 2021risk 0.00cvss —epss 0.00
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause…
- CVE-2021-26589Oct 19, 2021risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the…
- CVE-2021-37732Oct 12, 2021risk 0.00cvss —epss 0.03
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and…
- CVE-2021-26588Oct 11, 2021risk 0.00cvss —epss 0.02
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts…
- CVE-2021-26587Sep 27, 2021risk 0.00cvss —epss 0.00
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the…
- CVE-2021-26586Aug 5, 2021risk 0.00cvss —epss 0.02
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates…
- CVE-2021-34618Jul 19, 2021risk 0.00cvss —epss 0.00
A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x:…
- CVE-2021-26584Jun 3, 2021risk 0.00cvss —epss 0.01
A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).
- CVE-2021-29209May 25, 2021risk 0.00cvss —epss 0.01
A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity…
- CVE-2021-29208May 25, 2021risk 0.00cvss —epss 0.01
A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity…
- CVE-2021-29211May 25, 2021risk 0.00cvss —epss 0.01
A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380…
- CVE-2021-29210May 25, 2021risk 0.00cvss —epss 0.01
A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity…
- CVE-2021-29207May 25, 2021risk 0.00cvss —epss 0.01
A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380…
- CVE-2021-29206May 25, 2021risk 0.00cvss —epss 0.01
A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380…
- CVE-2021-29205May 25, 2021risk 0.00cvss —epss 0.01
A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380…
- CVE-2021-29204May 25, 2021risk 0.00cvss —epss 0.01
A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380…
Page 9 of 12