Filtered by vendor Hpe
Subscribe
Total
140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28623 | 3 Hp, Hpe, Redhat | 3 Hp-ux, Icewall Sso Certd, Enterprise Linux | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. | |||||
| CVE-2022-28626 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2024-02-04 | N/A | 6.7 MEDIUM |
| A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28630 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2024-02-04 | N/A | 7.3 HIGH |
| A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2022-28632 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2024-02-04 | N/A | 8.8 HIGH |
| A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | |||||
| CVE-2021-41001 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. | |||||
| CVE-2021-29216 | 1 Hpe | 1 Oneview Global Dashboard | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
| CVE-2022-28618 | 1 Hpe | 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-23705 | 1 Hpe | 1 Nimbleos | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2021-41004 | 1 Hpe | 14 Aruba Instant On 1930 24g 4sfp\/sfp\+, Aruba Instant On 1930 24g 4sfp\/sfp\+ Firmware, Aruba Instant On 1930 24g Class4 Poe 4sfp\/sfp\+ 195w and 11 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | |||||
| CVE-2022-28620 | 1 Hpe | 10 Cray Ex Supercomputers, Cray Ex Supercomputers Firmware, Cray Sh Supercomputer Air Cooled Base System Code and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers. | |||||
| CVE-2021-41005 | 1 Hpe | 14 Aruba Instant On 1930 24g 4sfp\/sfp\+, Aruba Instant On 1930 24g 4sfp\/sfp\+ Firmware, Aruba Instant On 1930 24g Class4 Poe 4sfp\/sfp\+ 195w and 11 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | |||||
| CVE-2021-41000 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2022-23703 | 1 Hpe | 1 Nimbleos | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 | |||||
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | |||||
| CVE-2021-41003 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2022-25256 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. | |||||
| CVE-2022-28621 | 1 Hpe | 1 Nonstop Distributed Systems Management \/ Software Configuration Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. | |||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
| CVE-2021-41002 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more | 2024-02-04 | 8.5 HIGH | 8.1 HIGH |
| Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2022-28622 | 1 Hpe | 2 Storeonce 3640, Storeonce 3640 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | |||||