Filtered by vendor Hp
Subscribe
Search
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2019-12-27 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2019-11-22 | 7.5 HIGH | 10.0 CRITICAL |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | |||||
| CVE-2019-6327 | 1 Hp | 20 Laserjet Pro M280-m281 T6b80a, Laserjet Pro M280-m281 T6b80a Firmware, Laserjet Pro M280-m281 T6b81a and 17 more | 2019-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow. | |||||
| CVE-2017-14349 | 1 Hp | 1 Sitescope | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | |||||
| CVE-2018-7096 | 1 Hp | 1 3par Service Provider | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. | |||||
| CVE-2018-7120 | 1 Hp | 2 Synergy, Synergy Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. | |||||
| CVE-2018-7072 | 1 Hp | 1 Moonshot Provisioning Manager | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2017-8960 | 1 Hp | 4 Msa 1040 San Storage, Msa 1040 San Storage Firmware, Msa 2040 San Storage and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. | |||||
| CVE-2017-8948 | 1 Hp | 1 Network Node Manager I | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found. | |||||
| CVE-2017-5823 | 1 Hp | 1 Intelligent Management Center | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
| CVE-2017-5821 | 1 Hp | 1 Intelligent Management Center | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
| CVE-2017-5820 | 1 Hp | 1 Intelligent Management Center | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
| CVE-2017-8992 | 1 Hp | 1 Centralview Fraud Risk Management | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7095 | 1 Hp | 1 3par Service Provider | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. | |||||
| CVE-2017-8988 | 1 Hp | 1 Xp Command View | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX). | |||||
| CVE-2017-8979 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out 2 Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. | |||||
| CVE-2017-2741 | 1 Hp | 76 D3q15a, D3q15a Firmware, D3q15b and 73 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code. | |||||
| CVE-2017-5802 | 1 Hp | 1 Vertica | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. | |||||
| CVE-2017-5789 | 1 Hp | 2 Loadrunner, Performance Center | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | |||||
| CVE-2019-11991 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2019-07-16 | 9.7 HIGH | 9.8 CRITICAL |
| HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays. | |||||
| CVE-2016-2006 | 1 Hp | 1 Data Protector | 2019-07-16 | 10.0 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. | |||||
| CVE-2016-2007 | 1 Hp | 1 Data Protector | 2019-07-16 | 10.0 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | |||||
| CVE-2016-2008 | 1 Hp | 1 Data Protector | 2019-07-16 | 7.5 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-2005 | 1 Hp | 1 Data Protector | 2019-07-16 | 10.0 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. | |||||
| CVE-2016-2004 | 1 Hp | 1 Data Protector | 2019-07-12 | 9.3 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | |||||
| CVE-2019-5356 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2018-7121 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2017-5641 | 2 Apache, Hp | 2 Flex Blazeds, Xp Command View Advanced Edition | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution. | |||||
| CVE-2018-5923 | 1 Hp | 276 Color Laserjet Cm4540 Mfp, Color Laserjet Cm4540 Mfp Firmware, Color Laserjet Cp5525 and 273 more | 2019-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. | |||||
| CVE-2017-5824 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2019-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
| CVE-2017-12557 | 1 Hp | 1 Intelligent Management Center | 2019-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2016-2002 | 1 Hp | 1 Vertica | 2019-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. | |||||
| CVE-2018-7114 | 1 Hp | 1 Intelligent Management Center | 2018-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. | |||||
| CVE-2018-7076 | 1 Hp | 1 Intelligent Management Center | 2018-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. | |||||
| CVE-2016-4543 | 4 Fedoraproject, Hp, Opensuse and 1 more | 4 Fedora, System Management Homepage, Leap and 1 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||
| CVE-2018-7074 | 1 Hp | 1 Intelligent Management Center | 2018-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2018-7058 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2018-10-18 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent. | |||||
| CVE-2017-9000 | 1 Hp | 1 Arubaos | 2018-10-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. | |||||
| CVE-2017-8989 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso, Windows and 1 more | 2018-10-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. | |||||
| CVE-2016-4391 | 1 Hp | 1 Arcsight Winc Connector | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | |||||
| CVE-2017-8990 | 1 Hp | 1 Imc Wireless Service Manager | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version. | |||||
| CVE-2016-4403 | 1 Hp | 1 Keyview | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption. | |||||
| CVE-2016-4404 | 1 Hp | 1 Keyview | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue. | |||||
| CVE-2016-4402 | 1 Hp | 1 Keyview | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow. | |||||
| CVE-2017-12542 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out 4 Firmware | 2018-07-23 | 10.0 HIGH | 10.0 CRITICAL |
| A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | |||||
| CVE-2017-8947 | 1 Hp | 1 Ucmdb Configuration Manager | 2018-03-15 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. | |||||
| CVE-2016-8511 | 1 Hp | 1 Network Automation | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | |||||
| CVE-2016-8512 | 1 Hp | 2 Loadrunner, Performance Center | 2018-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. | |||||
| CVE-2017-8976 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2017-8977 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 8.5 HIGH | 9.1 CRITICAL |
| A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||