Filtered by vendor Hp
Subscribe
Search
Total
257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6501 | 1 Hp | 1 Arcsight Management Center | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls. | |||||
| CVE-2018-6653 | 2 Comforte, Hp | 2 Swap, Nonstop Server | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. | |||||
| CVE-2017-12553 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2018-7073 | 2 Canonical, Hp | 2 Ubuntu Linux, Moonshot Provisioning Manager | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2019-5400 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2019-08-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-5403 | 1 Hp | 1 3par Storeserv Management Console | 2019-08-16 | 3.5 LOW | 4.8 MEDIUM |
| A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2019-5398 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2019-08-16 | 3.5 LOW | 5.4 MEDIUM |
| A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-5401 | 1 Hp | 2 Hp2910al-48g, Hp2910al-48g Firmware | 2019-08-08 | 3.5 LOW | 4.8 MEDIUM |
| A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. | |||||
| CVE-2019-6324 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2019-06-18 | 3.5 LOW | 4.8 MEDIUM |
| HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page | |||||
| CVE-2019-6323 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2019-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page. | |||||
| CVE-2018-7122 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2018-7117 | 1 Hp | 20 Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10, Proliant Dl120 Gen10 and 17 more | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40. | |||||
| CVE-2019-3482 | 1 Hp | 1 Arcsight Logger | 2019-03-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2017-5827 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2019-03-11 | 3.5 LOW | 5.4 MEDIUM |
| A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
| CVE-2018-7115 | 2 Hp, Microsoft | 2 Intelligent Management Center, Windows | 2018-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. | |||||
| CVE-2016-2107 | 5 Google, Hp, Openssl and 2 more | 12 Android, Helion Openstack, Openssl and 9 more | 2018-10-30 | 2.6 LOW | 5.9 MEDIUM |
| The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | |||||
| CVE-2017-9002 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2018-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser. | |||||
| CVE-2018-7068 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7091 | 1 Hp | 1 Xp 9000 Command View | 2018-10-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | |||||
| CVE-2018-7090 | 1 Hp | 1 Xp 9000 Command View | 2018-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | |||||
| CVE-2016-8527 | 1 Hp | 1 Airwave | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. | |||||
| CVE-2018-7070 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7071 | 1 Hp | 1 Network Function Virtualization Director | 2018-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. | |||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
| CVE-2017-8991 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | |||||
| CVE-2017-8985 | 1 Hp | 1 Xp Storage Hitachi Global Link Manager | 2018-03-16 | 4.6 MEDIUM | 5.3 MEDIUM |
| HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. | |||||
| CVE-2017-5788 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2018-03-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found. | |||||
| CVE-2017-5798 | 1 Hp | 1 Opencall Media Platform | 2018-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | |||||
| CVE-2017-8969 | 1 Hp | 1 Insight Control | 2018-03-15 | 3.5 LOW | 5.7 MEDIUM |
| An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. | |||||
| CVE-2017-8970 | 1 Hp | 1 Matrix Operating Environment | 2018-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-8978 | 1 Hp | 3 Icewall Mcrp, Icewall Mfa, Icewall Sso | 2018-03-15 | 4.9 MEDIUM | 4.6 MEDIUM |
| A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found. | |||||
| CVE-2017-12555 | 1 Hp | 1 Intelligent Management Center | 2018-03-13 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. | |||||
| CVE-2017-5800 | 1 Hp | 1 Operations Bridge Analytics | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. | |||||
| CVE-2017-8945 | 1 Hp | 1 Icewall Federation Agent | 2018-03-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. | |||||
| CVE-2017-12543 | 1 Hp | 5 Integrated Lights-out, Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware and 2 more | 2018-03-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | |||||
| CVE-2017-8971 | 1 Hp | 1 Matrix Operating Environment | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-8972 | 1 Hp | 1 Matrix Operating Environment | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-8973 | 1 Hp | 1 Matrix Operating Environment | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-8953 | 1 Hp | 2 Loadrunner, Performance Center | 2018-03-07 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. | |||||
| CVE-2017-5809 | 1 Hp | 1 Data Protector | 2018-03-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
| CVE-2017-5787 | 1 Hp | 1 Version Control Repository Manager | 2018-03-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found. | |||||
| CVE-2017-8950 | 1 Hp | 1 Sitescope | 2018-03-06 | 2.1 LOW | 5.5 MEDIUM |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2017-5795 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 7.1 HIGH | 6.5 MEDIUM |
| A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | |||||
| CVE-2016-8514 | 1 Hp | 1 Version Control Repository Manager | 2018-03-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 6.4 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||