Filtered by vendor Hp
Subscriptions
Total
2449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20560 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling Connect Direct User Interface and 3 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. | ||||
| CVE-2021-20515 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Informix Dynamic Server and 3 more | 2024-11-21 | 6.7 Medium |
| IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. | ||||
| CVE-2021-20480 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 6.5 Medium |
| IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. | ||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 7.5 High |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | ||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 7.5 High |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | ||||
| CVE-2020-7209 | 1 Hp | 1 Linuxki | 2024-11-21 | 9.8 Critical |
| LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | ||||
| CVE-2020-7208 | 1 Hp | 1 Linuxki | 2024-11-21 | 6.1 Medium |
| LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | ||||
| CVE-2020-7207 | 1 Hp | 42 Apollo 2000, Apollo 2000 Firmware, Apollo 4200 Gen10 and 39 more | 2024-11-21 | 6.8 Medium |
| A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board. | ||||
| CVE-2020-7206 | 1 Hp | 1 Nagios-plugins-hpilo | 2024-11-21 | 9.8 Critical |
| HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. | ||||
| CVE-2020-7203 | 1 Hp | 1 Ilo Amplifier Pack | 2024-11-21 | 9.8 Critical |
| A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. | ||||
| CVE-2020-7202 | 1 Hp | 83 Apollo 4200 Gen10 Server, Apollo 4200 Gen9 Server, Apollo 4510 System and 80 more | 2024-11-21 | 5.3 Medium |
| A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information. | ||||
| CVE-2020-7201 | 1 Hp | 4 Storeever 1\/8 G2 Tape Autoloader, Storeever 1\/8 G2 Tape Autoloader Firmware, Storeever Msl2024 and 1 more | 2024-11-21 | 8.8 High |
| A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF). | ||||
| CVE-2020-7200 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 9.8 Critical |
| A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. | ||||
| CVE-2020-7199 | 1 Hp | 1 Edgeline Infrastructure Manager | 2024-11-21 | 9.8 Critical |
| A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. | ||||
| CVE-2020-7198 | 1 Hp | 3 Oneview, Synergy Composer, Synergy Composer 2 | 2024-11-21 | 8.8 High |
| There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. | ||||
| CVE-2020-7197 | 1 Hp | 1 Storeserv Management Console | 2024-11-21 | 9.8 Critical |
| SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later. | ||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2024-11-21 | 6.5 Medium |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | ||||
| CVE-2020-7195 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7194 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7193 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||