Vulnerabilities > HPE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2021-25141 | A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. | 4.4 |
| 2020-10-02 | CVE-2020-24627 | Cross-site Scripting vulnerability in HPE KVM IP Console Switch G2 Firmware A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 5.4 |
| 2020-09-18 | CVE-2020-24623 | SQL Injection vulnerability in HPE Universal API Framework A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. | 6.5 |
| 2020-07-30 | CVE-2020-7205 | Unspecified vulnerability in HPE products A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. | 6.7 |
| 2020-05-19 | CVE-2020-7137 | Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware 3.20.186/3.20.206 A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. | 6.7 |
| 2020-04-17 | CVE-2019-12001 | Insufficient Session Expiration vulnerability in HPE products A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | 6.4 |
| 2020-04-16 | CVE-2019-11999 | Cross-site Scripting vulnerability in HPE Opencall Media Platform Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. | 6.9 |
| 2020-01-16 | CVE-2019-11998 | Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. | 5.5 |
| 2019-11-14 | CVE-2019-11136 | Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 6.7 |
| 2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |