Filtered by vendor Hpe
Subscriptions
Total
302 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44853 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user. | ||||
| CVE-2026-44852 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user. | ||||
| CVE-2026-23819 | 1 Hpe | 1 Arubaos | 2026-05-13 | 8.8 High |
| A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings. | ||||
| CVE-2026-23820 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-23821 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Note: Access Points running AOS-8 Instant software are not affected by this vulnerability. | ||||
| CVE-2026-23822 | 1 Hpe | 1 Arubaos | 2026-05-13 | 5.3 Medium |
| A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruption or reduced availability of the affected system. NOTE: This vulnerability only impacts Access Points running AOS Instant 8.x.x.x | ||||
| CVE-2026-23823 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability. | ||||
| CVE-2026-23824 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.5 High |
| Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | ||||
| CVE-2026-44867 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44868 | 1 Hpe | 1 Arubaos | 2026-05-13 | 7.2 High |
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44874 | 1 Hpe | 1 Arubaos | 2026-05-13 | 4.9 Medium |
| A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device. | ||||
| CVE-2026-44873 | 1 Hpe | 1 Arubaos | 2026-05-13 | 5.4 Medium |
| A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled. | ||||
| CVE-2007-5536 | 2 Hp, Hpe | 2 Hp-ux, Openssl | 2026-04-23 | N/A |
| Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2017-5689 | 3 Hpe, Intel, Siemens | 71 Proliant Ml10 Gen9 Server, Proliant Ml10 Gen9 Server Firmware, Active Management Technology Firmware and 68 more | 2026-04-22 | 9.8 Critical |
| An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). | ||||
| CVE-2026-23599 | 1 Hpe | 1 Aruba Networking Clearpass Policy Manager | 2026-04-18 | 7.8 High |
| A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. | ||||
| CVE-2026-23595 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-04-17 | 8.8 High |
| An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. | ||||
| CVE-2026-23596 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-04-17 | 6.5 Medium |
| A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. | ||||
| CVE-2026-23597 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-04-17 | 6.5 Medium |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | ||||
| CVE-2026-23598 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-04-17 | 6.5 Medium |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | ||||
| CVE-2026-23600 | 1 Hpe | 1 Autopass License Server | 2026-04-16 | N/A |
| A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). | ||||