Filtered by vendor Hp
Subscribe
Total
2513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4369 | 1 Hp | 1 Discovery And Dependency Mapping Inventory | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
|
|||||
| CVE-2015-5442 | 1 Hp | 1 Software Update | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.
|
|||||
| CVE-2015-5408 | 1 Hp | 6 Centralview Credit Risk Control, Centralview Dealer Performance Audit, Centralview Fraud Risk Management and 3 more | 2025-04-12 | 6.0 MEDIUM | N/A |
|
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.
|
|||||
| CVE-2015-5434 | 1 Hp | 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
|
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
|
|||||
| CVE-2015-5433 | 1 Hp | 2 Matrix Operating Environment, Virtual Connect Enterprise Manager Sdk | 2025-04-12 | 4.0 MEDIUM | N/A |
|
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2015-7942 | 5 Apple, Canonical, Debian and 2 more | 9 Iphone Os, Mac Os X, Tvos and 6 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
|
|||||
| CVE-2015-5412 | 1 Hp | 1 Version Control Repository Manager | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
|
|||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
|
|||||
| CVE-2015-4024 | 5 Apple, Hp, Oracle and 2 more | 12 Mac Os X, System Management Homepage, Linux and 9 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
|
|||||
| CVE-2016-2020 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | 8.5 HIGH | 8.1 HIGH |
|
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
|
|||||
| CVE-2016-4378 | 1 Hp | 2 Xp7 Command View, Xp 9000 Command View | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-4382 | 1 Hp | 1 Performance Center | 2025-04-12 | 6.0 MEDIUM | 8.3 HIGH |
|
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.
|
|||||
| CVE-2016-2776 | 3 Hp, Isc, Oracle | 5 Hp-ux, Bind, Linux and 2 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
|
|||||
| CVE-2014-2609 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | 10.0 HIGH | N/A |
|
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.
|
|||||
| CVE-2014-2625 | 1 Hp | 1 Network Virtualization | 2025-04-12 | 8.5 HIGH | N/A |
|
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.
|
|||||
| CVE-2014-2634 | 1 Hp | 1 Service Manager | 2025-04-12 | 9.4 HIGH | N/A |
|
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.
|
|||||
| CVE-2015-5420 | 1 Hp | 1 Keyview | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.
|
|||||
| CVE-2015-7547 | 10 Canonical, Debian, F5 and 7 more | 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
|
|||||
| CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
|
|||||
| CVE-2015-2116 | 1 Hp | 1 Storage Data Protector | 2025-04-12 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors.
|
|||||
| CVE-2016-2001 | 1 Hp | 1 Universal Cmbd Foundation | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
|
|||||
| CVE-2016-2244 | 1 Hp | 55 A2w75a, A2w76a, A2w77a and 52 more | 2025-04-12 | 5.0 MEDIUM | 5.9 MEDIUM |
|
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2014-2645 | 1 Hp | 1 Systems Insight Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
|
HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors.
|
|||||
| CVE-2015-5419 | 1 Hp | 1 Keyview | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.
|
|||||
| CVE-2014-2637 | 1 Hp | 1 Sprinter | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.
|
|||||
| CVE-2014-2639 | 1 Hp | 1 Mpio Device Specific Module Manager | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.
|
|||||
| CVE-2014-2605 | 1 Hp | 10 Storage Management Software, Storevirtual 4130, Storevirtual 4330 and 7 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2015-5407 | 1 Hp | 6 Centralview Credit Risk Control, Centralview Dealer Performance Audit, Centralview Fraud Risk Management and 3 more | 2025-04-12 | 6.0 MEDIUM | N/A |
|
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.
|
|||||
| CVE-2014-7877 | 1 Hp | 1 Hp-ux | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
|
|||||
| CVE-2015-5410 | 1 Hp | 1 Version Control Repository Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.
|
|||||
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
|
|||||
| CVE-2016-4393 | 1 Hp | 1 System Management Homepage | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.
|
|||||
| CVE-2015-5429 | 1 Hp | 1 Matrix Operating Environment | 2025-04-12 | 7.5 HIGH | N/A |
|
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.
|
|||||
| CVE-2016-2004 | 1 Hp | 1 Data Protector | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
|
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
|
|||||
| CVE-2014-7889 | 1 Hp | 7 Graphical Pos Pole Display Qz704aa, Lcd Pole Display F7a93aa, Ole Point Of Sale Driver and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
|
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511.
|
|||||
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
|
|||||
| CVE-2015-5417 | 1 Hp | 1 Keyview | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.
|
|||||
| CVE-2013-6204 | 1 Hp | 1 Application Information Optimizer | 2025-04-12 | 7.5 HIGH | N/A |
|
The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004.
|
|||||
| CVE-2013-6206 | 1 Hp | 2 Insight Control Server Deployment, Rapid Deployment Pack | 2025-04-12 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
|
|||||