| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-5222 |
200 |
|
+Info |
2013-05-01 |
2013-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
2 |
CVE-2012-5221 |
|
|
|
2013-04-29 |
2013-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors. |
|
3 |
CVE-2012-5198 |
|
|
+Info |
2013-02-16 |
2013-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors. |
|
4 |
CVE-2012-3277 |
|
|
DoS |
2012-12-13 |
2012-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. |
|
5 |
CVE-2012-3273 |
|
|
+Info |
2012-12-06 |
2013-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors. |
|
6 |
CVE-2012-3267 |
|
|
+Info |
2012-10-04 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. |
|
7 |
CVE-2012-3266 |
|
|
+Info |
2012-10-02 |
2012-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors. |
|
8 |
CVE-2012-3250 |
|
|
DoS |
2012-08-16 |
2012-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. |
|
9 |
CVE-2012-3248 |
200 |
|
+Info |
2012-08-16 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
10 |
CVE-2012-0130 |
200 |
|
+Info |
2012-04-05 |
2012-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
11 |
CVE-2012-0128 |
20 |
|
|
2012-04-05 |
2012-12-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
12 |
CVE-2012-0126 |
|
|
+Info |
2012-03-28 |
2012-06-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125. |
|
13 |
CVE-2011-3169 |
|
|
DoS |
2011-11-07 |
2012-02-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors. |
|
14 |
CVE-2011-3168 |
|
|
+Info |
2011-11-07 |
2012-02-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors. |
|
15 |
CVE-2011-1860 |
|
|
|
2011-06-14 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors. |
|
16 |
CVE-2011-1859 |
|
|
+Info |
2011-06-14 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors. |
|
17 |
CVE-2011-1725 |
200 |
|
+Info |
2011-04-26 |
2011-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors. |
|
18 |
CVE-2011-1539 |
|
|
+Info |
2011-05-03 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors. |
|
19 |
CVE-2011-1536 |
|
|
+Info |
2011-04-29 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors. |
|
20 |
CVE-2011-1515 |
399 |
|
DoS |
2011-07-01 |
2011-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters. |
|
21 |
CVE-2011-1514 |
|
|
DoS |
2011-07-01 |
2011-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters. |
|
22 |
CVE-2011-0894 |
|
|
Bypass |
2011-04-04 |
2011-09-21 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors. |
|
23 |
CVE-2011-0890 |
200 |
|
+Info |
2011-03-25 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. |
|
24 |
CVE-2011-0514 |
119 |
1
|
DoS Overflow |
2011-01-20 |
2011-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530. |
|
25 |
CVE-2010-4112 |
200 |
|
+Info |
2010-12-22 |
2011-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path. |
|
26 |
CVE-2010-4110 |
|
|
DoS +Priv |
2010-12-22 |
2011-01-11 |
5.7 |
None |
Local |
Low |
Single system |
Partial |
Partial |
Complete |
|
Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors. |
|
27 |
CVE-2010-4104 |
|
|
|
2010-11-01 |
2010-11-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
28 |
CVE-2010-4103 |
|
|
|
2010-11-01 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
29 |
CVE-2010-4102 |
|
|
|
2010-11-01 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
30 |
CVE-2010-4100 |
|
|
|
2010-11-01 |
2011-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. |
|
31 |
CVE-2010-4027 |
|
|
|
2010-10-28 |
2010-11-11 |
5.6 |
None |
Local |
High |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors. |
|
32 |
CVE-2010-3990 |
|
|
|
2010-10-28 |
2010-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
33 |
CVE-2010-3988 |
|
|
DoS Bypass |
2010-10-28 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors. |
|
34 |
CVE-2010-3986 |
|
|
|
2010-10-26 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. |
|
35 |
CVE-2010-3286 |
|
|
|
2010-10-18 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. |
|
36 |
CVE-2010-3285 |
|
|
DoS |
2010-09-24 |
2010-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors. |
|
37 |
CVE-2010-3011 |
20 |
|
Http R.Spl. |
2010-09-17 |
2010-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
38 |
CVE-2010-1959 |
|
|
|
2010-05-27 |
2010-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors. |
|
39 |
CVE-2010-0448 |
|
|
|
2010-03-31 |
2010-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors. |
|
40 |
CVE-2009-5098 |
399 |
|
DoS |
2011-09-13 |
2012-02-13 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception. |
|
41 |
CVE-2009-3977 |
119 |
|
DoS Overflow Mem. Corr. |
2009-11-18 |
2009-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. |
|
42 |
CVE-2009-3840 |
|
|
DoS |
2009-11-18 |
2009-11-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet. |
|
43 |
CVE-2009-0940 |
352 |
|
CSRF |
2009-03-18 |
2009-10-13 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. |
|
44 |
CVE-2009-0717 |
|
|
DoS |
2009-04-21 |
2009-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors. |
|
45 |
CVE-2009-0713 |
|
|
+Info |
2009-03-11 |
2009-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors. |
|
46 |
CVE-2008-4412 |
200 |
|
+Info |
2008-10-17 |
2009-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. |
|
47 |
CVE-2008-1851 |
399 |
|
DoS |
2008-04-16 |
2012-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments. |
|
48 |
CVE-2008-0979 |
399 |
|
DoS |
2008-02-25 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function. |
|
49 |
CVE-2008-0976 |
399 |
|
DoS |
2008-02-25 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a. |
|
50 |
CVE-2008-0974 |
399 |
|
DoS |
2008-02-25 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception. |
