| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2321 |
79 |
|
XSS |
2013-05-01 |
2013-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
2 |
CVE-2013-0200 |
59 |
|
|
2013-03-06 |
2013-03-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |
|
3 |
CVE-2012-6501 |
20 |
|
DoS |
2013-01-11 |
2013-01-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process. |
|
4 |
CVE-2012-5222 |
200 |
|
+Info |
2013-05-01 |
2013-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
5 |
CVE-2012-5221 |
|
|
|
2013-04-29 |
2013-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors. |
|
6 |
CVE-2012-5220 |
|
|
+Priv |
2013-04-26 |
2013-05-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors. |
|
7 |
CVE-2012-5219 |
79 |
|
XSS |
2013-04-27 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
8 |
CVE-2012-5218 |
264 |
|
Bypass |
2013-04-24 |
2013-04-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors. |
|
9 |
CVE-2012-5216 |
352 |
|
CSRF |
2013-03-28 |
2013-04-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
10 |
CVE-2012-5215 |
|
|
DoS |
2013-03-09 |
2013-03-17 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213 allows remote attackers to modify data or cause a denial of service via unknown vectors. |
|
11 |
CVE-2012-5214 |
|
|
DoS +Info |
2013-03-09 |
2013-03-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. |
|
12 |
CVE-2012-5213 |
|
|
+Info |
2013-03-09 |
2013-03-16 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1662. |
|
13 |
CVE-2012-5212 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1663. |
|
14 |
CVE-2012-5211 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643. |
|
15 |
CVE-2012-5210 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1646. |
|
16 |
CVE-2012-5209 |
|
|
Exec Code |
2013-03-09 |
2013-03-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659. |
|
17 |
CVE-2012-5208 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1615. |
|
18 |
CVE-2012-5207 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
9.0 |
None |
Remote |
Low |
Not required |
Complete |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1661. |
|
19 |
CVE-2012-5206 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1660. |
|
20 |
CVE-2012-5205 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1650. |
|
21 |
CVE-2012-5204 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1614. |
|
22 |
CVE-2012-5203 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1613. |
|
23 |
CVE-2012-5202 |
|
|
DoS +Info |
2013-03-09 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1612. |
|
24 |
CVE-2012-5201 |
|
|
Exec Code |
2013-03-09 |
2013-03-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611. |
|
25 |
CVE-2012-5200 |
79 |
|
XSS |
2013-03-09 |
2013-03-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
26 |
CVE-2012-5199 |
|
|
Exec Code |
2013-02-16 |
2013-02-18 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors. |
|
27 |
CVE-2012-5198 |
|
|
+Info |
2013-02-16 |
2013-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors. |
|
28 |
CVE-2012-4362 |
255 |
2
|
|
2012-08-20 |
2012-08-21 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. |
|
29 |
CVE-2012-4361 |
78 |
2
|
Exec Code |
2012-08-20 |
2012-08-21 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
|
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. |
|
30 |
CVE-2012-3286 |
|
|
DoS +Info |
2013-02-16 |
2013-02-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. |
|
31 |
CVE-2012-3285 |
|
|
Exec Code |
2013-02-06 |
2013-02-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513. |
|
32 |
CVE-2012-3284 |
|
|
Exec Code |
2013-02-06 |
2013-02-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512. |
|
33 |
CVE-2012-3283 |
|
|
Exec Code |
2013-02-06 |
2013-02-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511. |
|
34 |
CVE-2012-3282 |
|
|
Exec Code |
2013-02-06 |
2013-02-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468. |
|
35 |
CVE-2012-3281 |
|
|
DoS |
2013-02-06 |
2013-02-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors. |
|
36 |
CVE-2012-3280 |
|
|
DoS +Info |
2013-02-13 |
2013-04-29 |
6.3 |
None |
Local Network |
Medium |
Single system |
Partial |
Partial |
Complete |
|
Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remote Operation over an Expand connection. |
|
37 |
CVE-2012-3279 |
79 |
|
XSS |
2013-02-06 |
2013-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
38 |
CVE-2012-3278 |
119 |
|
Exec Code Overflow |
2013-01-25 |
2013-01-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet. |
|
39 |
CVE-2012-3277 |
|
|
DoS |
2012-12-13 |
2012-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. |
|
40 |
CVE-2012-3276 |
16 |
|
DoS |
2012-12-13 |
2012-12-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. |
|
41 |
CVE-2012-3275 |
|
|
Exec Code |
2012-12-06 |
2013-03-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors. |
|
42 |
CVE-2012-3274 |
119 |
|
Exec Code Overflow |
2012-12-06 |
2012-12-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data. |
|
43 |
CVE-2012-3273 |
|
|
+Info |
2012-12-06 |
2013-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors. |
|
44 |
CVE-2012-3272 |
79 |
|
XSS |
2012-12-06 |
2013-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
45 |
CVE-2012-3271 |
|
|
+Info |
2012-11-29 |
2013-04-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. |
|
46 |
CVE-2012-3270 |
|
|
DoS +Info |
2012-11-07 |
2012-11-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269. |
|
47 |
CVE-2012-3269 |
|
|
DoS +Info |
2012-11-07 |
2013-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270. |
|
48 |
CVE-2012-3268 |
200 |
|
+Info |
2013-02-01 |
2013-04-04 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |
|
49 |
CVE-2012-3267 |
|
|
+Info |
2012-10-04 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. |
|
50 |
CVE-2012-3266 |
|
|
+Info |
2012-10-02 |
2012-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors. |
