Vulnerabilities > HPE > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-12 | CVE-2021-41004 | Unspecified vulnerability in HPE products A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 7.8 |
2022-03-02 | CVE-2021-41002 | Path Traversal vulnerability in HPE Arubaos-Cx Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. | 8.5 |
2022-01-18 | CVE-2021-29215 | Unspecified vulnerability in HPE TEZ A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. | 7.5 |
2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
2021-11-01 | CVE-2021-29213 | Unspecified vulnerability in HPE products A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. | 7.2 |
2021-06-25 | CVE-2021-33895 | Improper Authentication vulnerability in multiple products ETINET BACKBOX E4.09 and H4.09 mismanages password access control. | 8.1 |
2021-02-08 | CVE-2021-26576 | Command Injection vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. | 7.2 |
2021-02-08 | CVE-2021-26577 | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function. | 7.2 |
2021-02-08 | CVE-2021-26575 | Path Traversal vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. | 7.2 |
2021-02-08 | CVE-2021-26574 | Path Traversal vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function. | 7.2 |