Filtered by vendor Hpe
Subscribe
Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28632 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2022-08-16 | N/A | 8.8 HIGH |
| A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28633 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2022-08-16 | N/A | 7.3 HIGH |
| A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28634 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2022-08-16 | N/A | 6.7 MEDIUM |
| A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28635 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2022-08-16 | N/A | 7.4 HIGH |
| A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28636 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2022-08-16 | N/A | 7.4 HIGH |
| A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28623 | 3 Hp, Hpe, Redhat | 3 Hp-ux, Icewall Sso Certd, Enterprise Linux | 2022-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. | |||||
| CVE-2022-28624 | 1 Hpe | 4 Flexfabric 5945, Flexfabric 5945 Firmware, Flexnetwork 5130 Ei and 1 more | 2022-07-16 | 3.5 LOW | 4.8 MEDIUM |
| A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635. | |||||
| CVE-2021-26589 | 1 Hpe | 4 Superdome Flex, Superdome Flex 280, Superdome Flex 280 Firmware and 1 more | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers. | |||||
| CVE-2021-26585 | 1 Hpe | 1 Oneview Global Dashboard | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32. | |||||
| CVE-2022-28621 | 1 Hpe | 1 Nonstop Distributed Systems Management \/ Software Configuration Manager | 2022-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. | |||||
| CVE-2022-28622 | 1 Hpe | 2 Storeonce 3640, Storeonce 3640 Firmware | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | |||||
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2022-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | |||||
| CVE-2022-28618 | 1 Hpe | 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-23704 | 2 Hp, Hpe | 59 Integrated Lights-out 4, Apollo 4200 Gen9 Server, Proliant Bl420c Gen8 Server and 56 more | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later. | |||||
| CVE-2021-26579 | 1 Hpe | 1 Unified Data Management | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys. | |||||
| CVE-2021-41005 | 1 Hpe | 14 Aruba Instant On 1930 24g 4sfp\/sfp\+, Aruba Instant On 1930 24g 4sfp\/sfp\+ Firmware, Aruba Instant On 1930 24g Class4 Poe 4sfp\/sfp\+ 195w and 11 more | 2022-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | |||||
| CVE-2021-41004 | 1 Hpe | 14 Aruba Instant On 1930 24g 4sfp\/sfp\+, Aruba Instant On 1930 24g 4sfp\/sfp\+ Firmware, Aruba Instant On 1930 24g Class4 Poe 4sfp\/sfp\+ 195w and 11 more | 2022-04-20 | 7.8 HIGH | 7.5 HIGH |
| A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | |||||
| CVE-2022-23703 | 1 Hpe | 1 Nimbleos | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 | |||||
| CVE-2022-23701 | 1 Hpe | 2 Integrated Lights-out, Integrated Lights-out 4 | 2022-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4). | |||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2022-03-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||