CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2245 287 Bypass 2016-03-19 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
2 CVE-2016-2244 200 +Info 2016-03-04 2016-03-10
5.0
None Remote Low Not required Partial None None
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
3 CVE-2016-2243 284 DoS 2016-03-04 2016-03-14
5.4
None Local Medium Not required None Partial Complete
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
4 CVE-2016-2008 Exec Code 2016-04-21 2016-04-27
7.5
None Remote Low Not required Partial Partial Partial
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
5 CVE-2016-2007 Exec Code 2016-04-21 2016-04-27
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
6 CVE-2016-2006 Exec Code 2016-04-21 2016-04-27
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
7 CVE-2016-2005 Exec Code 2016-04-21 2016-04-27
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
8 CVE-2016-2004 Exec Code 2016-04-21 2016-04-27
9.3
None Remote Medium Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
9 CVE-2016-2001 +Info 2016-04-12 2016-04-21
5.8
None Remote Medium Not required Partial Partial None
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
10 CVE-2016-2000 19 Exec Code 2016-04-05 2016-04-06
7.5
None Remote Low Not required Partial Partial Partial
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
11 CVE-2016-1998 20 Exec Code 2016-03-22 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
12 CVE-2016-1997 20 Exec Code 2016-03-22 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
13 CVE-2016-1996 +Info 2016-03-18 2016-03-18
3.6
None Local Low Not required Partial Partial None
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
14 CVE-2016-1995 Exec Code 2016-03-18 2016-03-18
10.0
None Remote Low Not required Complete Complete Complete
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
15 CVE-2016-1994 200 +Info 2016-03-18 2016-03-18
4.0
None Remote Low Single system Partial None None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
16 CVE-2016-1993 +Info 2016-03-18 2016-03-18
5.5
None Remote Low Single system Partial Partial None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
17 CVE-2016-1992 200 +Info 2016-03-17 2016-03-21
4.0
None Remote Low Single system Partial None None
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
18 CVE-2016-1991 2016-03-16 2016-03-21
6.0
None Remote Medium Single system Partial Partial Partial
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
19 CVE-2016-1990 264 Exec Code +Priv 2016-03-16 2016-03-21
4.3
None Local Low Single system Partial Partial Partial
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
20 CVE-2016-1989 Exec Code +Info 2016-03-14 2016-03-21
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
21 CVE-2016-1988 Exec Code +Info 2016-03-14 2016-03-21
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
22 CVE-2016-1987 20 DoS 2016-02-18 2016-03-07
2.6
None Remote High Not required None None Partial
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.
23 CVE-2016-1986 94 Exec Code 2016-02-11 2016-02-29
7.5
None Remote Low Not required Partial Partial Partial
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
24 CVE-2016-1985 94 Exec Code 2016-01-30 2016-03-10
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
25 CVE-2015-6867 284 Exec Code 2015-11-03 2015-11-04
7.5
None Remote Low Not required Partial Partial Partial
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
26 CVE-2015-6864 20 Exec Code 2016-01-16 2016-01-21
6.5
None Remote Low Single system Partial Partial Partial
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
27 CVE-2015-6863 20 Exec Code 2016-01-16 2016-01-21
7.5
None Remote Low Not required Partial Partial Partial
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
28 CVE-2015-6862 284 Bypass +Info 2016-01-07 2016-01-08
7.2
None Local Low Not required Complete Complete Complete
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
29 CVE-2015-6860 264 Bypass 2016-01-05 2016-01-05
7.2
None Local Low Not required Complete Complete Complete
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
30 CVE-2015-6859 264 Bypass 2016-01-05 2016-01-07
4.6
None Local Low Not required Partial Partial Partial
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
31 CVE-2015-6858 200 +Info 2016-01-05 2016-01-05
4.3
None Remote Medium Not required Partial None None
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
32 CVE-2015-6857 Exec Code 2015-11-25 2015-11-27
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
33 CVE-2015-6030 264 Exec Code +Priv 2015-11-03 2015-11-04
7.2
None Local Low Not required Complete Complete Complete
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
34 CVE-2015-6029 254 2015-11-03 2015-11-04
5.0
None Remote Low Not required Partial None None
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
35 CVE-2015-5451 352 CSRF 2015-11-22 2015-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
36 CVE-2015-5447 79 XSS 2016-01-05 2016-01-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
37 CVE-2015-5446 Exec Code 2016-01-05 2016-01-05
5.8
None Local Network High Not required Partial Partial Complete
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
38 CVE-2015-5445 352 CSRF 2016-01-05 2016-01-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
39 CVE-2015-5443 200 +Info 2015-10-12 2015-10-13
4.0
None Remote Low Single system Partial None None
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
40 CVE-2015-5442 +Priv 2015-09-29 2015-09-30
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.
41 CVE-2015-5441 79 XSS 2015-11-11 2015-11-12
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
42 CVE-2015-5440 200 +Info 2015-09-16 2015-09-17
4.9
None Local Low Not required Complete None None
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.
43 CVE-2015-5435 DoS 2015-09-29 2015-09-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.
44 CVE-2015-5434 264 DoS Bypass 2016-01-05 2016-01-08
6.4
None Remote Low Not required None Partial Partial
HP H3C Comware 5 and 7 devices allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
45 CVE-2015-5433 +Info 2015-08-26 2015-08-27
4.0
None Remote Low Single system Partial None None
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.
46 CVE-2015-5432 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
47 CVE-2015-5431 +Info 2015-08-26 2015-08-27
6.5
None Remote Low Single system Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
48 CVE-2015-5430 200 +Info 2015-08-26 2015-08-27
5.0
None Remote Low Not required Partial None None
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.
49 CVE-2015-5429 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.
50 CVE-2015-5428 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.
Total number of vulnerabilities : 1295   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.