Vulnerabilities > HPE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-17 | CVE-2018-7110 | Race Condition vulnerability in HPE Service Governance Framework 4.2/4.3 A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. | 5.9 |
| 2018-09-27 | CVE-2018-7108 | Improper Authentication vulnerability in HPE Storageworks XP7 Automation Director 8.5.202 HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. | 5.9 |
| 2018-09-27 | CVE-2018-7107 | SQL Injection vulnerability in HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1 A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. | 8.8 |
| 2018-08-14 | CVE-2018-7094 | Unspecified vulnerability in HPE 3Par Service Provider A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). | 5.5 |
| 2018-06-04 | CVE-2016-9042 | Improper Input Validation vulnerability in multiple products An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. | 5.9 |
| 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | 7.5 |
| 2018-03-06 | CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. | 5.3 |
| 2017-03-27 | CVE-2017-6458 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | 8.8 |
| 2017-01-13 | CVE-2016-7434 | Improper Input Validation vulnerability in multiple products The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | 7.5 |
| 2017-01-13 | CVE-2016-7426 | Resource Exhaustion vulnerability in multiple products NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | 7.5 |