Vulnerabilities > HPE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-7139 | Unspecified vulnerability in HPE Nimbleos Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. | 8.1 |
| 2020-05-19 | CVE-2020-7138 | Unspecified vulnerability in HPE Nimbleos Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. | 8.8 |
| 2019-11-14 | CVE-2019-11137 | Improper Input Validation vulnerability in multiple products Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 8.2 |
| 2019-06-05 | CVE-2019-11987 | Unspecified vulnerability in HPE Smart Update Manager A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege. | 7.8 |
| 2019-05-15 | CVE-2019-8936 | NULL Pointer Dereference vulnerability in multiple products NTP through 4.2.8p12 has a NULL Pointer Dereference. | 7.5 |
| 2018-09-27 | CVE-2018-7107 | SQL Injection vulnerability in HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1 A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. | 8.8 |
| 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | 7.5 |
| 2017-03-27 | CVE-2017-6458 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | 8.8 |
| 2017-01-13 | CVE-2016-7434 | Improper Input Validation vulnerability in multiple products The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | 7.5 |
| 2017-01-13 | CVE-2016-7426 | Resource Exhaustion vulnerability in multiple products NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | 7.5 |