Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X -....
6.9CVSS
6.8AI Score
0.002EPSS
HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial....
5.5CVSS
5.7AI Score
0.0004EPSS
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in...
6.1CVSS
5.9AI Score
0.001EPSS
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a...
9.8CVSS
9.7AI Score
0.002EPSS
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
9.4CVSS
9.1AI Score
0.003EPSS
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
6.3CVSS
6.1AI Score
0.001EPSS
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
6.3CVSS
6.3AI Score
0.001EPSS
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr...
6.5CVSS
6.4AI Score
0.001EPSS
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
8.8CVSS
8.6AI Score
0.001EPSS
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
4.8CVSS
4.9AI Score
0.001EPSS
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
7.3CVSS
7.1AI Score
0.001EPSS
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
7.2CVSS
6.9AI Score
0.001EPSS
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
9.4CVSS
9.1AI Score
0.002EPSS
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
5.4CVSS
5.4AI Score
0.001EPSS
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
9.4CVSS
9.2AI Score
0.001EPSS
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
9.4CVSS
9.3AI Score
0.003EPSS
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
8.8CVSS
8.6AI Score
0.004EPSS
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version...
9.8CVSS
9.4AI Score
0.011EPSS
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of...
7.8CVSS
7.4AI Score
0.0004EPSS
A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD.....
7CVSS
6.9AI Score
0.0004EPSS
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of...
9.8CVSS
9AI Score
0.002EPSS
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under...
5.3CVSS
6.3AI Score
0.005EPSS
7.5CVSS
7.5AI Score
0.002EPSS
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization...
9.8CVSS
9.7AI Score
0.01EPSS
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout...
6.1CVSS
5.9AI Score
0.001EPSS
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the...
5.9CVSS
5.5AI Score
0.002EPSS
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a...
5.9CVSS
5.8AI Score
0.002EPSS
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of...
8.8CVSS
8.8AI Score
0.001EPSS
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged...
5.5CVSS
5.4AI Score
0.0004EPSS
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its...
7.5CVSS
7.2AI Score
0.033EPSS
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an...
5.3CVSS
6.3AI Score
0.002EPSS
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source...
7.5CVSS
6.4AI Score
0.058EPSS
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist...
7.5CVSS
6.1AI Score
0.965EPSS
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow"...
7.5CVSS
7.7AI Score
0.058EPSS
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow"...
7.5CVSS
7.7AI Score
0.058EPSS
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS"...
6.5CVSS
6.7AI Score
0.004EPSS
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS"...
5.4CVSS
5.9AI Score
0.002EPSS
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified...
8.8CVSS
8.5AI Score
0.001EPSS
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown...
6.4AI Score
0.0004EPSS
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the...
6.7AI Score
0.003EPSS