Filtered by vendor Hpe Subscriptions
Total 177 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-37431 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37430 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37429 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37428 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 7.2 High
A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2023-37427 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 7.2 High
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2023-37426 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 7.4 High
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.
CVE-2023-37424 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 8.1 High
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2023-35982 3 Arubanetworks, Hp, Hpe 3 Arubaos, Instantos, Arba Access Points Running Instantos And Arubaos 10 2024-11-21 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-35981 3 Arubanetworks, Hp, Hpe 3 Arubaos, Instantos, Arba Access Points Running Instantos And Arubaos 10 2024-11-21 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-35980 3 Arubanetworks, Hp, Hpe 3 Arubaos, Instantos, Arba Access Points Running Instantos And Arubaos 10 2024-11-21 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-30912 1 Hpe 1 Oneview 2024-11-21 7.2 High
A remote code execution issue exists in HPE OneView.
CVE-2023-30911 1 Hpe 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more 2024-11-21 6.8 Medium
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
CVE-2023-30910 1 Hpe 6 Msa 1060 Storage, Msa 1060 Storage Firmware, Msa 2060 Storage and 3 more 2024-11-21 5.4 Medium
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 
CVE-2023-30909 2 Hp, Hpe 3 Oneview, Oneview, Oneview Global Dashboard 2024-11-21 9.8 Critical
A remote authentication bypass issue exists in some OneView APIs.
CVE-2023-30906 1 Hpe 1 Intelligent Provisioning 2024-11-21 7.5 High
The vulnerability could be locally exploited to allow escalation of privilege.
CVE-2023-28085 1 Hpe 1 Oneview Global Dashboard 2024-11-21 5.5 Medium
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
CVE-2023-28084 2 Hp, Hpe 2 Oneview, Oneview Global Dashboard 2024-11-21 5.5 Medium
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28083 2 Hp, Hpe 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more 2024-11-21 8.3 High
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
CVE-2023-1168 1 Hpe 20 Aruba Cx 10000-48y6, Aruba Cx 6200f 48g, Aruba Cx 6200m 24g and 17 more 2024-11-21 7.2 High
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.
CVE-2022-37940 1 Hpe 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more 2024-11-21 5.3 Medium
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.