Vulnerabilities > HPE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-29 | CVE-2021-25126 | Classic Buffer Overflow vulnerability in HPE products The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function. | 7.8 |
| 2021-01-29 | CVE-2021-25125 | Path Traversal vulnerability in HPE products The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability. | 7.8 |
| 2021-01-29 | CVE-2021-25124 | Path Traversal vulnerability in HPE products The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability. | 7.8 |
| 2021-01-29 | CVE-2021-25123 | Classic Buffer Overflow vulnerability in HPE products The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function. | 7.8 |
| 2020-10-02 | CVE-2020-24628 | Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 8.8 |
| 2020-09-23 | CVE-2020-24625 | Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9 Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | 7.5 |
| 2020-09-23 | CVE-2020-24624 | Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9 Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | 7.5 |
| 2020-05-19 | CVE-2020-7139 | Unspecified vulnerability in HPE Nimbleos Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. | 8.1 |
| 2020-05-19 | CVE-2020-7138 | Unspecified vulnerability in HPE Nimbleos Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. | 8.8 |
| 2019-11-14 | CVE-2019-11137 | Improper Input Validation vulnerability in multiple products Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 8.2 |