483 matches found
CVE-2022-23701
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 iLO 4 firmware versions: Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with...
CVE-2022-23704
A potential security vulnerability has been identified in Integrated Lights-Out 4 iLO 4. The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 iLO 4 2.80 and later...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-23704)
A potential security vulnerability has been identified in Integrated Lights-Out 4 iLO 4. The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 iLO 4 2.80 and later. This plugin only works with Tenable.ot. Please visit...
HP Integrated Lights-Out Information Disclosure (CVE-2018-7112)
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-46846)
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504393;...
HP Integrated Lights-Out Improper Access Control (CVE-2017-12542)
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28634)
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and...
HP Integrated Lights-Out Remote Code Execution (CVE-2013-2338)
Unspecified vulnerability on HP Integrated Lights-Out 3 aka iLO3 cards with firmware before 1.57 and 4 aka iLO4 cards with firmware before 1.22, when Single-Sign-On SSO is used, allows remote attackers to execute arbitrary code via unknown vectors. This plugin only works with Tenable.ot. Please...
HP Integrated Lights-Out Information Exposure (CVE-2012-3271)
Unspecified vulnerability on the HP Integrated Lights-Out 3 aka iLO3 with firmware before 1.50 and Integrated Lights-Out 4 aka iLO4 with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. This plugin only works with Tenable.ot. Please visit...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29204)
"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504406; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29204";...
HP Integrated Lights-Out Denial of Service (CVE-2004-0525)
HP Integrated Lights-Out iLO 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service hang by accessing iLO using the TCP/IP reserved port zero. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
HP Integrated Lights-Out (CVE-2015-2106)
Unspecified vulnerability in HP Integrated Lights-Out iLO firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. This plugin only works with Tenable.ot. Please visit...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28639)
A remote potential adjacent denial of service DoS and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise h...
HP Integrated Lights-Out Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2019-11983)
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 iLO 4 earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 iLO 5 for Gen10 Servers earlier than version v1.39. This plugin only works with Tenable.ot. Please visit...
HP Integrated Lights-Out Improper Input Validation (CVE-2017-8979)
Security vulnerabilities in the HPE Integrated Lights-Out 2 iLO 2 firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
HP Integrated Lights-Out Improper Input Validation (CVE-2022-28630)
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial...
HP Integrated Lights-Out Improper Input Validation (CVE-2018-7105)
A security vulnerability in HPE Integrated Lights-Out 5 iLO 5 for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 iLO 4 prior to v2.61, HPE Integrated Lights-Out 3 iLO 3 prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. This...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29209)
"A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504390; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13";...
HP Integrated Lights-Out Denial of Service (CVE-2014-2601)
The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. This plugin only works with Tenable.ot. Please visit...
HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...