463 matches found
CVE-2022-23701
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 iLO 4 firmware versions: Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with...
CVE-2022-23704
A potential security vulnerability has been identified in Integrated Lights-Out 4 iLO 4. The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 iLO 4 2.80 and later...
HP Integrated Lights-Out Information Disclosure (CVE-2020-7202)
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 4 iLO 4 firmware. The vulnerability could be remotely exploited to disclose the serial number and other information. This plugin only works with Tenable.ot. Please visit...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29207)
"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504392; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29207";...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28638)
An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise h...
HP Integrated Lights-Out Improper Input Validation (CVE-2017-8979)
Security vulnerabilities in the HPE Integrated Lights-Out 2 iLO 2 firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
HP Integrated Lights-Out Improper Input Validatio (CVE-2022-28629)
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availabilit...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28634)
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29208)
"A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504425; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13";...
HP Integrated Lights-Out Denial of Service (CVE-2018-7101)
A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
HP Integrated Lights-Out Buffer Copy without Checking Size of Input (CVE-2021-29202)
"A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504415; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13";...
HP Integrated Lights-Out Improper Input Validation (CVE-2018-7105)
A security vulnerability in HPE Integrated Lights-Out 5 iLO 5 for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 iLO 4 prior to v2.61, HPE Integrated Lights-Out 3 iLO 3 prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. This...
HP Integrated Lights-Out Improper Input Validation (CVE-2016-4375)
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 aka iLO 3 firmware before 1.88, Integrated Lights-Out 4 aka iLO 4 firmware before 2.44, and Integrated Lights-Out 4 aka iLO 4 mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause...
HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...
HP Integrated Lights-Out Improper Access Control (CVE-2017-12542)
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
HP Integrated Lights-Out Remote Code Execution (CVE-2013-2338)
Unspecified vulnerability on HP Integrated Lights-Out 3 aka iLO3 cards with firmware before 1.57 and 4 aka iLO4 cards with firmware before 1.22, when Single-Sign-On SSO is used, allows remote attackers to execute arbitrary code via unknown vectors. This plugin only works with Tenable.ot. Please...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28639)
A remote potential adjacent denial of service DoS and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise h...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28630)
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29204)
"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504406; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29204";...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2023-28083)
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 iLO 6, Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 4 iLO 4. HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. This plugin only works with Tenable.ot...