Vulnerabilities > HPE > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-29 CVE-2021-25129 Path Traversal vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.
local
low complexity
hpe CWE-22
7.8
2021-01-29 CVE-2021-25128 Path Traversal vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.
local
low complexity
hpe CWE-22
7.8
2021-01-29 CVE-2021-25127 Classic Buffer Overflow vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.
local
low complexity
hpe CWE-120
7.8
2021-01-29 CVE-2021-25126 Classic Buffer Overflow vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.
local
low complexity
hpe CWE-120
7.8
2021-01-29 CVE-2021-25125 Path Traversal vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.
local
low complexity
hpe CWE-22
7.8
2021-01-29 CVE-2021-25124 Path Traversal vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.
local
low complexity
hpe CWE-22
7.8
2021-01-29 CVE-2021-25123 Classic Buffer Overflow vulnerability in HPE products
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.
local
low complexity
hpe CWE-120
7.8
2020-10-02 CVE-2020-24628 Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
network
low complexity
hpe CWE-94
8.8
2020-09-23 CVE-2020-24625 Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
network
low complexity
hpe CWE-22
7.5
2020-09-23 CVE-2020-24624 Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
network
low complexity
hpe CWE-22
7.5