Vulnerabilities > HPE > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-05 CVE-2019-11987 Unspecified vulnerability in HPE Smart Update Manager
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
local
low complexity
hpe
7.8
7.8
2019-05-15 CVE-2019-8936 NULL Pointer Dereference vulnerability in multiple products
NTP through 4.2.8p12 has a NULL Pointer Dereference.
network
low complexity
netapp fedoraproject opensuse hpe ntp CWE-476
7.5
7.5
2018-09-27 CVE-2018-7107 SQL Injection vulnerability in HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1.
network
low complexity
hpe CWE-89
8.8
8.8
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
7.5
7.5
2017-03-27 CVE-2017-6458 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
network
low complexity
ntp hpe apple siemens CWE-119
8.8
8.8
2017-01-13 CVE-2016-7434 Improper Input Validation vulnerability in multiple products
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
network
low complexity
ntp hpe CWE-20
7.5
7.5
2017-01-13 CVE-2016-7426 Resource Exhaustion vulnerability in multiple products
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
network
low complexity
ntp canonical redhat hpe CWE-400
7.5
7.5
2016-06-09 CVE-2016-4370 Unspecified vulnerability in HPE Project and Portfolio Management Center
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
network
low complexity
hpe
8.8
8.8