Filtered by vendor Hpe
Subscribe
Total
189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-23597 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-03-02 | N/A | 6.5 MEDIUM |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | |||||
| CVE-2026-23595 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-02-28 | N/A | 8.8 HIGH |
| An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. | |||||
| CVE-2026-23596 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-02-28 | N/A | 6.5 MEDIUM |
| A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. | |||||
| CVE-2026-23598 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-02-28 | N/A | 6.5 MEDIUM |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | |||||
| CVE-2024-42508 | 1 Hpe | 1 Oneview | 2026-01-08 | N/A | 5.5 MEDIUM |
| This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. | |||||
| CVE-2025-37164 | 1 Hpe | 1 Oneview | 2026-01-08 | N/A | 10.0 CRITICAL |
| A remote code execution issue exists in HPE OneView. | |||||
| CVE-2025-37155 | 1 Hpe | 1 Arubaos-cx | 2025-12-04 | N/A | 7.8 HIGH |
| A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system. | |||||
| CVE-2025-37156 | 1 Hpe | 1 Arubaos-cx | 2025-12-04 | N/A | 6.8 MEDIUM |
| A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional. | |||||
| CVE-2025-37157 | 1 Hpe | 1 Arubaos-cx | 2025-12-04 | N/A | 6.7 MEDIUM |
| A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | |||||
| CVE-2025-37158 | 1 Hpe | 1 Arubaos-cx | 2025-12-04 | N/A | 6.7 MEDIUM |
| A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | |||||
| CVE-2025-37159 | 1 Hpe | 1 Arubaos-cx | 2025-12-04 | N/A | 5.8 MEDIUM |
| A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data. | |||||
| CVE-2025-37160 | 1 Hpe | 1 Arubaos-cx | 2025-12-04 | N/A | 5.3 MEDIUM |
| A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data. | |||||
| CVE-2017-5689 | 3 Hpe, Intel, Siemens | 71 Proliant Ml10 Gen9 Server, Proliant Ml10 Gen9 Server Firmware, Active Management Technology Firmware and 68 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). | |||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2025-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2024-51770 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2024-51769 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2024-51768 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 8.0 HIGH |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2024-51767 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.3 HIGH |
| An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2025-37107 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.3 HIGH |
| An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | |||||
| CVE-2025-37106 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.3 HIGH |
| An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | |||||