Vulnerabilities > HPE

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2019-11996 Unspecified vulnerability in HPE Nimbleos
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations.
network
low complexity
hpe
critical
9.8
2019-06-05 CVE-2019-11988 Unspecified vulnerability in HPE Smart Update Manager
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
network
low complexity
hpe
critical
9.8
2019-06-05 CVE-2019-11987 Unspecified vulnerability in HPE Smart Update Manager
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
local
low complexity
hpe
7.8
2019-05-15 CVE-2019-8936 NULL Pointer Dereference vulnerability in multiple products
NTP through 4.2.8p12 has a NULL Pointer Dereference.
network
low complexity
netapp fedoraproject opensuse hpe ntp CWE-476
7.5
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2018-10-17 CVE-2018-7110 Race Condition vulnerability in HPE Service Governance Framework 4.2/4.3
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3.
network
high complexity
hpe CWE-362
5.9
2018-09-27 CVE-2018-7108 Improper Authentication vulnerability in HPE Storageworks XP7 Automation Director 8.5.202
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system.
network
high complexity
hpe CWE-287
5.9
2018-09-27 CVE-2018-7107 SQL Injection vulnerability in HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1.
network
low complexity
hpe CWE-89
8.8
2018-08-14 CVE-2018-7094 Unspecified vulnerability in HPE 3Par Service Provider
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA).
local
low complexity
hpe
5.5
2018-06-04 CVE-2016-9042 Improper Input Validation vulnerability in multiple products
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.
network
high complexity
ntp freebsd hpe siemens CWE-20
5.9