Filtered by vendor Hpe
Subscriptions
Total
153 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-30910 | 1 Hpe | 6 Msa 1060 Storage, Msa 1060 Storage Firmware, Msa 2060 Storage and 3 more | 2024-09-19 | 5.4 Medium |
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | ||||
CVE-2023-30912 | 1 Hpe | 1 Oneview | 2024-09-17 | 7.2 High |
A remote code execution issue exists in HPE OneView. | ||||
CVE-2016-9042 | 4 Freebsd, Hpe, Ntp and 1 more | 5 Freebsd, Hpux-ntp, Ntp and 2 more | 2024-09-17 | 5.9 Medium |
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. | ||||
CVE-2018-7110 | 2 Hpe, Redhat | 2 Service Governance Framework, Linux | 2024-09-16 | N/A |
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler. | ||||
CVE-2023-30911 | 1 Hpe | 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more | 2024-09-13 | 6.8 Medium |
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. | ||||
CVE-2024-22441 | 1 Hpe | 1 Cray Parallel Application Launch Service | 2024-09-05 | 9.8 Critical |
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | ||||
CVE-2024-22442 | 1 Hpe | 1 3par Service Provider | 2024-09-05 | 9.8 Critical |
The vulnerability could be remotely exploited to bypass authentication. | ||||
CVE-2024-42394 | 3 Arubanetworks, Hp, Hpe | 4 Arubaos, Instantos, Aruba Networking Instantos and 1 more | 2024-08-12 | 9.8 Critical |
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2024-08-08 | 7.5 High |
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | ||||
CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2024-08-08 | N/A |
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | ||||
CVE-2007-5536 | 2 Hp, Hpe | 2 Hp-ux, Openssl | 2024-08-07 | N/A |
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. | ||||
CVE-2014-2608 | 3 Hpe, Linux, Microsoft | 3 Smart Update Manager, Linux Kernel, Windows | 2024-08-06 | N/A |
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors. | ||||
CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-08-06 | N/A |
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | ||||
CVE-2016-7434 | 2 Hpe, Ntp | 2 Hpux-ntp, Ntp | 2024-08-06 | 7.5 High |
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | ||||
CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 10 Ubuntu Linux, Hpux-ntp, Ntp and 7 more | 2024-08-06 | 7.5 High |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | ||||
CVE-2016-4370 | 1 Hpe | 1 Project And Portfolio Management Center | 2024-08-06 | 8.8 High |
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors. | ||||
CVE-2017-6458 | 4 Apple, Hpe, Ntp and 1 more | 5 Mac Os X, Hpux-ntp, Ntp and 2 more | 2024-08-05 | 8.8 High |
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | ||||
CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-08-05 | N/A |
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | ||||
CVE-2018-20732 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-08-05 | N/A |
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | ||||
CVE-2018-7185 | 6 Canonical, Hpe, Netapp and 3 more | 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more | 2024-08-05 | 7.5 High |
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. |