Vulnerabilities > HPE

DATE CVE VULNERABILITY TITLE RISK
2022-03-02 CVE-2021-41002 Path Traversal vulnerability in HPE Arubaos-Cx
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below.
network
low complexity
hpe CWE-22
8.5
2022-03-02 CVE-2021-41003 Unspecified vulnerability in HPE Arubaos-Cx
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below.
network
hpe
4.3
2022-02-24 CVE-2021-29216 Cross-site Scripting vulnerability in HPE Oneview Global Dashboard
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5.
network
hpe CWE-79
4.3
2022-02-24 CVE-2021-29217 Open Redirect vulnerability in HPE Oneview Global Dashboard
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5.
network
hpe CWE-601
5.8
2022-02-24 CVE-2022-23701 Injection vulnerability in HPE Integrated Lights-Out
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60.
network
low complexity
hpe CWE-74
5.0
2022-02-04 CVE-2021-29218 Unquoted Search Path or Element vulnerability in HPE products
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0.
local
low complexity
hpe CWE-428
4.6
2022-02-04 CVE-2021-29219 Classic Buffer Overflow vulnerability in HPE products
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02.
local
low complexity
hpe CWE-120
4.6
2022-01-18 CVE-2021-29215 Unspecified vulnerability in HPE TEZ
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch.
network
low complexity
hpe
7.5
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
2021-11-01 CVE-2021-29213 Unspecified vulnerability in HPE products
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52.
local
low complexity
hpe
7.2