Vulnerabilities (CVE)

Filtered by vendor Hpe Subscribe
Total 151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7317 11 Canonical, Debian, Hp and 8 more 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more 2024-10-21 2.6 LOW 5.3 MEDIUM
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2023-30912 1 Hpe 1 Oneview 2024-09-17 N/A 9.8 CRITICAL
A remote code execution issue exists in HPE OneView.
CVE-2024-22441 1 Hpe 1 Cray Parallel Application Launch Service 2024-09-05 N/A 9.8 CRITICAL
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.
CVE-2002-20001 6 Balasys, F5, Hpe and 3 more 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more 2024-04-23 5.0 MEDIUM 7.5 HIGH
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVE-2023-50272 1 Hpe 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more 2024-02-28 N/A 9.8 CRITICAL
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.
CVE-2023-39266 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-02-28 N/A 6.1 MEDIUM
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2023-39267 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-02-28 N/A 6.5 MEDIUM
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
CVE-2023-30910 1 Hpe 6 Msa 1060 Storage, Msa 1060 Storage Firmware, Msa 2060 Storage and 3 more 2024-02-28 N/A 5.4 MEDIUM
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 
CVE-2023-30906 1 Hpe 1 Intelligent Provisioning 2024-02-28 N/A 7.8 HIGH
The vulnerability could be locally exploited to allow escalation of privilege.
CVE-2023-39268 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-02-28 N/A 9.8 CRITICAL
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-3718 1 Hpe 27 Aruba Cx 10000-48y6, Aruba Cx 4100i, Aruba Cx 6000 12g and 24 more 2024-02-28 N/A 8.8 HIGH
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
CVE-2023-30911 1 Hpe 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more 2024-02-28 N/A 7.5 HIGH
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
CVE-2022-37940 1 Hpe 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more 2024-02-28 N/A 6.1 MEDIUM
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.
CVE-2023-30905 1 Hpe 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more 2024-02-28 N/A 7.8 HIGH
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
CVE-2023-1168 1 Hpe 20 Aruba Cx 10000-48y6, Aruba Cx 6200f 48g, Aruba Cx 6200m 24g and 17 more 2024-02-28 N/A 8.8 HIGH
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.
CVE-2023-28085 1 Hpe 1 Oneview Global Dashboard 2024-02-28 N/A 5.5 MEDIUM
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
CVE-2023-30904 1 Hpe 1 Insight Remote Support 2024-02-28 N/A 5.5 MEDIUM
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
CVE-2023-28084 2 Hp, Hpe 2 Oneview, Oneview Global Dashboard 2024-02-28 N/A 5.5 MEDIUM
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28083 2 Hp, Hpe 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more 2024-02-28 N/A 5.4 MEDIUM
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
CVE-2022-37932 1 Hpe 38 Officeconnect 1820 J9979a, Officeconnect 1820 J9979a Firmware, Officeconnect 1820 J9980a and 35 more 2024-02-28 N/A 9.8 CRITICAL
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;