Filtered by vendor Hpe Subscriptions
Total 177 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-30905 1 Hpe 4 Integrity Mc990 X Server Rmc, Integrity Mc990 X Server Rmc Firmware, Sgi Uv 300 Rmc and 1 more 2024-12-17 7.8 High
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
CVE-2023-30904 1 Hpe 1 Insight Remote Support 2024-12-17 5.5 Medium
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
CVE-2024-11622 1 Hpe 1 Insight Remote Support 2024-12-12 7.3 High
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVE-2024-53673 1 Hpe 1 Insight Remote Support 2024-12-12 8.1 High
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.
CVE-2024-53674 1 Hpe 1 Insight Remote Support 2024-12-12 7.3 High
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVE-2024-53675 1 Hpe 1 Insight Remote Support 2024-12-12 7.3 High
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVE-2024-53676 1 Hpe 1 Insight Remote Support 2024-12-11 9.8 Critical
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
CVE-2024-22441 1 Hpe 1 Cray Parallel Application Launch Service 2024-11-21 9.8 Critical
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.
CVE-2023-50272 1 Hpe 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more 2024-11-21 7.5 High
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.
CVE-2023-3718 2 Hewlett Packard Enterprise, Hpe 28 Aruba Cx Switches, Aruba Cx 10000-48y6, Aruba Cx 4100i and 25 more 2024-11-21 8.8 High
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
CVE-2023-39268 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-11-21 4.5 Medium
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-39267 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-11-21 6.6 Medium
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
CVE-2023-39266 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-11-21 8.3 High
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2023-37438 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37437 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37436 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37435 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37434 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37433 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37432 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.