Vulnerabilities > HPE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-02 | CVE-2021-41001 | Command Injection vulnerability in HPE Arubaos-Cx An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. | 8.8 |
| 2022-03-02 | CVE-2021-41002 | Path Traversal vulnerability in HPE Arubaos-Cx Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. | 8.1 |
| 2022-02-04 | CVE-2021-29219 | Classic Buffer Overflow vulnerability in HPE products A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. | 7.8 |
| 2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
| 2021-06-25 | CVE-2021-33895 | Improper Authentication vulnerability in multiple products ETINET BACKBOX E4.09 and H4.09 mismanages password access control. | 8.1 |
| 2021-03-22 | CVE-2021-26578 | SQL Injection vulnerability in HPE Network Orchestrator A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. | 7.5 |
| 2021-02-09 | CVE-2021-3191 | Unspecified vulnerability in HPE web Viewpoint Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H). | 8.8 |
| 2021-02-08 | CVE-2021-26576 | Command Injection vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. | 7.8 |
| 2021-02-08 | CVE-2021-26577 | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function. | 7.8 |
| 2021-02-08 | CVE-2021-26575 | Path Traversal vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. | 7.8 |