Vulnerabilities (CVE)

Filtered by vendor Hpe Subscribe
Total 140 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11987 1 Hpe 1 Smart Update Manager 2024-02-04 4.6 MEDIUM 7.8 HIGH
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
CVE-2019-8936 5 Fedoraproject, Hpe, Netapp and 2 more 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-11988 1 Hpe 1 Smart Update Manager 2024-02-04 7.5 HIGH 9.8 CRITICAL
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
CVE-2015-9281 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
CVE-2018-7094 1 Hpe 1 3par Service Provider 2024-02-04 2.1 LOW 5.5 MEDIUM
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.
CVE-2018-7108 1 Hpe 1 Storageworks Xp7 Automation Director 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.
CVE-2018-20732 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
CVE-2018-7110 2 Hpe, Redhat 2 Service Governance Framework, Linux 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.
CVE-2018-20733 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
CVE-2018-7107 1 Hpe 1 Device Entitlement Gateway 2024-02-04 6.5 MEDIUM 8.8 HIGH
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
CVE-2016-9042 4 Freebsd, Hpe, Ntp and 1 more 5 Freebsd, Hpux-ntp, Ntp and 2 more 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
CVE-2018-7185 6 Canonical, Hpe, Netapp and 3 more 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2024-02-04 3.5 LOW 5.3 MEDIUM
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2017-6458 4 Apple, Hpe, Ntp and 1 more 5 Mac Os X, Hpux-ntp, Ntp and 2 more 2024-02-04 6.5 MEDIUM 8.8 HIGH
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more 2024-02-04 4.3 MEDIUM 7.5 HIGH
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-7434 2 Hpe, Ntp 2 Hpux-ntp, Ntp 2024-02-04 4.3 MEDIUM 7.5 HIGH
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-4370 1 Hpe 1 Project And Portfolio Management Center 2024-02-04 6.5 MEDIUM 8.8 HIGH
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
CVE-2014-2608 3 Hpe, Linux, Microsoft 3 Smart Update Manager, Linux Kernel, Windows 2024-02-04 7.2 HIGH N/A
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
CVE-2007-5536 2 Hp, Hpe 2 Hp-ux, Openssl 2024-02-04 4.9 MEDIUM N/A
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
CVE-2002-0812 2 Hpe, Proxim 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more 2024-02-04 6.4 MEDIUM N/A
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.