Filtered by vendor Hp
Subscribe
Search
Total
2223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2009 | 1 Hp | 1 Network Node Manager I | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2015-6864 | 1 Hp | 1 Arcsight Logger | 2016-12-01 | 6.5 MEDIUM | 6.3 MEDIUM |
| HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||||
| CVE-2015-6863 | 1 Hp | 1 Arcsight Logger | 2016-12-01 | 7.5 HIGH | 7.3 HIGH |
| HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||||
| CVE-2015-2114 | 2 Hp, Microsoft | 2 Support Solution Framework, Windows | 2016-11-30 | 6.8 MEDIUM | N/A |
| HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | |||||
| CVE-2015-2111 | 2 Hp, Microsoft | 3 Intelligent Provisioning, Windows Server 2008, Windows Server 2012 | 2016-11-30 | 2.1 LOW | N/A |
| Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2015-2109 | 1 Hp | 1 Operations Orchestration | 2016-11-30 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. | |||||
| CVE-2015-2106 | 1 Hp | 3 Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2016-11-30 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. | |||||
| CVE-2015-2108 | 1 Hp | 1 Operations Orchestration | 2016-11-30 | 3.5 LOW | N/A |
| Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-4375 | 1 Hp | 5 Integrated Lights-out 3, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 and 2 more | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | |||||
| CVE-2016-4378 | 1 Hp | 2 Xp7 Command View, Xp 9000 Command View | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4377 | 1 Hp | 15 Converged Infrastructure Solution Sizer Suite, Insight Management Sizer, Power Advisor and 12 more | 2016-11-28 | 7.6 HIGH | 8.1 HIGH |
| HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-4373 | 1 Hp | 1 Operations Manager | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2016-11-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-4380 | 1 Hp | 1 Operations Manager | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4374 | 1 Hp | 1 Release Control | 2016-11-28 | 4.0 MEDIUM | 7.7 HIGH |
| HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. | |||||
| CVE-2016-4379 | 1 Hp | 2 Integrated Lights-out 3, Integrated Lights-out 3 Firmware | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. | |||||
| CVE-2015-6867 | 1 Hp | 1 Vertica | 2016-11-28 | 7.5 HIGH | N/A |
| The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | |||||
| CVE-2015-6029 | 1 Hp | 1 Arcsight Logger | 2016-11-28 | 5.0 MEDIUM | N/A |
| HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2015-5406 | 1 Hp | 6 Centralview Credit Risk Control, Centralview Dealer Performance Audit, Centralview Fraud Risk Management and 3 more | 2016-11-28 | 9.0 HIGH | N/A |
| HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408. | |||||
| CVE-2015-5407 | 1 Hp | 6 Centralview Credit Risk Control, Centralview Dealer Performance Audit, Centralview Fraud Risk Management and 3 more | 2016-11-28 | 6.0 MEDIUM | N/A |
| HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408. | |||||
| CVE-2015-5408 | 1 Hp | 6 Centralview Credit Risk Control, Centralview Dealer Performance Audit, Centralview Fraud Risk Management and 3 more | 2016-11-28 | 6.0 MEDIUM | N/A |
| HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407. | |||||
| CVE-2015-5434 | 1 Hp | 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more | 2016-11-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." | |||||
| CVE-2011-3162 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296. | |||||
| CVE-2011-3160 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228. | |||||
| CVE-2011-3161 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229. | |||||
| CVE-2011-3159 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227. | |||||
| CVE-2011-3158 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226. | |||||
| CVE-2011-3156 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222. | |||||
| CVE-2011-3157 | 1 Hp | 2 Data Protector For Personal Computers, Data Protector Notebook Extension | 2016-11-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225. | |||||
| CVE-2005-2552 | 1 Hp | 1 Proliant Dl585 | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down." | |||||
| CVE-2005-1771 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t. | |||||
| CVE-2005-0224 | 1 Hp | 1 Virtualvault | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic. | |||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2016-10-18 | 5.0 MEDIUM | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | |||||
| CVE-2003-0840 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable. | |||||
| CVE-2003-0169 | 1 Hp | 1 Instant Toptools | 2016-10-18 | 5.0 MEDIUM | N/A |
| hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. | |||||
| CVE-2002-1232 | 3 Debian, Hp, Redhat | 3 Debian Linux, Secure Os, Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. | |||||
| CVE-2002-1147 | 1 Hp | 1 Procurve Switch 4000m | 2016-10-18 | 7.1 HIGH | N/A |
| The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. | |||||
| CVE-2002-1134 | 1 Hp | 1 Webes Service Tools | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. | |||||
| CVE-2002-0836 | 3 Hp, Mandrakesoft, Redhat | 3 Secure Os, Mandrake Linux, Linux | 2016-10-18 | 7.5 HIGH | N/A |
| dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||||
| CVE-2002-0711 | 1 Hp | 1 Trucluster Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service. | |||||
| CVE-2002-0638 | 3 Hp, Mandrakesoft, Redhat | 5 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2016-10-18 | 6.2 MEDIUM | N/A |
| setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. | |||||
| CVE-2002-0350 | 1 Hp | 1 Procurve Switch 4000m | 2016-10-18 | 7.8 HIGH | N/A |
| HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service. | |||||
| CVE-2002-0250 | 1 Hp | 7 Advancestack 10base-t Switching Hub J3200a, Advancestack 10base-t Switching Hub J3201a, Advancestack 10base-t Switching Hub J3202a and 4 more | 2016-10-18 | 7.5 HIGH | N/A |
| Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. | |||||
| CVE-2001-0552 | 2 Hp, Ibm | 2 Openview Network Node Manager, Tivoli Netview | 2016-10-18 | 10.0 HIGH | N/A |
| ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. | |||||
| CVE-1999-1433 | 1 Hp | 1 Jetadmin | 2016-10-18 | 7.2 HIGH | N/A |
| HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. | |||||
| CVE-1999-1408 | 2 Hp, Ibm | 2 Hp-ux, Aix | 2016-10-18 | 2.1 LOW | N/A |
| Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. | |||||
| CVE-1999-1161 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. | |||||
| CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2016-10-18 | 10.0 HIGH | N/A |
| Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. | |||||
| CVE-1999-1139 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. | |||||
| CVE-1999-1163 | 1 Hp | 1 9000 | 2016-10-18 | 7.5 HIGH | N/A |
| Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. | |||||