Filtered by vendor Hpe Subscriptions
Total 172 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-9042 4 Freebsd, Hpe, Ntp and 1 more 5 Freebsd, Hpux-ntp, Ntp and 2 more 2024-11-21 5.9 Medium
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
CVE-2016-7434 2 Hpe, Ntp 2 Hpux-ntp, Ntp 2024-11-21 7.5 High
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 10 Ubuntu Linux, Hpux-ntp, Ntp and 7 more 2024-11-21 7.5 High
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-4370 1 Hpe 1 Project And Portfolio Management Center 2024-11-21 8.8 High
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
CVE-2015-9281 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2024-11-21 N/A
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
CVE-2014-2608 3 Hpe, Linux, Microsoft 3 Smart Update Manager, Linux Kernel, Windows 2024-11-21 N/A
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
CVE-2007-5536 2 Hp, Hpe 2 Hp-ux, Openssl 2024-11-21 N/A
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
CVE-2002-20001 6 Balasys, F5, Hpe and 3 more 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more 2024-11-20 7.5 High
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVE-2002-0812 2 Hpe, Proxim 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more 2024-11-20 N/A
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVE-2024-51765 1 Hpe 1 Cray System Management Software 2024-11-19 5.5 Medium
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
CVE-2024-51764 1 Hpe 1 Sgi Cxfs 2024-11-19 5.5 Medium
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
CVE-2024-42394 3 Arubanetworks, Hp, Hpe 4 Arubaos, Instantos, Aruba Networking Instantos and 1 more 2024-08-12 9.8 Critical
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.