|
|
HP : Security Vulnerabilities (CVSS score between 3 and 3.99)
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-5200 |
79 |
|
XSS |
2013-03-09 |
2013-03-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
2 |
CVE-2012-1995 |
|
|
+Info |
2013-03-11 |
2013-03-17 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors. |
|
3 |
CVE-2012-1993 |
|
|
+Info |
2012-04-18 |
2012-08-13 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. |
|
4 |
CVE-2012-0135 |
|
|
DoS |
2012-04-18 |
2013-01-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. |
|
5 |
CVE-2012-0133 |
|
|
Exec Code |
2012-04-12 |
2013-01-03 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. |
|
6 |
CVE-2012-0125 |
|
|
+Info |
2012-03-28 |
2012-08-15 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. |
|
7 |
CVE-2011-4160 |
|
|
Bypass |
2011-11-23 |
2012-02-16 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. |
|
8 |
CVE-2011-2779 |
264 |
|
|
2011-07-19 |
2011-08-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. |
|
9 |
CVE-2011-2406 |
79 |
|
XSS |
2011-08-11 |
2011-09-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
10 |
CVE-2010-1967 |
|
|
|
2010-07-15 |
2010-07-15 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. |
|
11 |
CVE-2007-4590 |
|
|
|
2007-08-28 |
2009-03-04 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. |
|
12 |
CVE-2002-2270 |
264 |
|
|
2002-12-31 |
2009-03-04 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors. |
|
13 |
CVE-2000-1127 |
|
|
|
2001-01-09 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. |
Total number of vulnerabilities : 13
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
