Vulnerabilities > HPE

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-23701 Injection vulnerability in HPE Integrated Lights-Out
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60.
network
low complexity
hpe CWE-74
5.3
5.3
2022-02-04 CVE-2021-29218 Unquoted Search Path or Element vulnerability in HPE products
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0.
local
low complexity
hpe CWE-428
6.7
6.7
2022-02-04 CVE-2021-29219 Classic Buffer Overflow vulnerability in HPE products
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02.
local
low complexity
hpe CWE-120
7.8
7.8
2022-01-18 CVE-2021-29215 Unspecified vulnerability in HPE TEZ
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch.
network
low complexity
hpe
critical
 9.8
9.8
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
7.5
2021-11-01 CVE-2021-29213 Unspecified vulnerability in HPE products
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52.
local
low complexity
hpe
6.7
6.7
2021-10-19 CVE-2021-26589 Incorrect Permission Assignment for Critical Resource vulnerability in HPE products
A potential security vulnerability has been identified in HPE Superdome Flex Servers.
network
low complexity
hpe CWE-732
6.1
6.1
2021-10-11 CVE-2021-26588 Unspecified vulnerability in HPE products
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware.
network
low complexity
hpe
critical
 9.8
9.8
2021-09-27 CVE-2021-26587 Cross-site Scripting vulnerability in HPE products
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce.
network
low complexity
hpe CWE-79
6.5
6.5
2021-06-25 CVE-2021-33895 Improper Authentication vulnerability in multiple products
ETINET BACKBOX E4.09 and H4.09 mismanages password access control.
network
high complexity
hpe etinet CWE-287
8.1
8.1