CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6197 Exec Code 2013-12-28 2014-01-07
5.2
None Local Network Low Single system Partial Partial Partial
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.
2 CVE-2013-6193 DoS 2013-12-17 2014-01-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.
3 CVE-2013-4846 +Info 2014-03-14 2014-03-14
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.
4 CVE-2013-4831 +Info 2013-10-16 2013-10-16
5.5
None Remote Low Single system Partial Partial None
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
5 CVE-2013-4826 +Info 2013-10-13 2013-10-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.
6 CVE-2013-4823 +Info 2013-10-13 2013-10-15
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
7 CVE-2013-4818 +Info 2013-09-23 2013-09-25
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.
8 CVE-2013-4817 +Info 2013-09-23 2013-09-25
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.
9 CVE-2013-3575 20 2013-06-14 2013-06-14
5.0
None Remote Low Not required None Partial None
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
10 CVE-2013-2368 DoS 2013-07-29 2013-07-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.
11 CVE-2013-2363 +Info 2013-07-22 2013-07-22
5.0
None Remote Low Not required Partial None None
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.
12 CVE-2013-2356 +Info 2013-07-22 2013-07-22
5.0
None Remote Low Not required Partial None None
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.
13 CVE-2013-2355 264 Bypass +Info 2013-07-22 2013-07-22
5.0
None Remote Low Not required Partial None None
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.
14 CVE-2013-2336 +Info 2013-06-14 2013-06-17
5.0
None Remote Low Not required Partial None None
HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors.
15 CVE-2012-5222 200 +Info 2013-05-01 2013-10-16
5.0
None Remote Low Not required Partial None None
HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors.
16 CVE-2012-5221 Dir. Trav. 2013-04-29 2013-12-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
17 CVE-2012-5217 264 Bypass +Info 2013-07-22 2013-07-26
5.0
None Remote Low Not required Partial None None
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.
18 CVE-2012-5198 +Info 2013-02-16 2013-02-18
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors.
19 CVE-2012-3277 DoS 2012-12-13 2012-12-13
5.0
None Remote Low Not required None None Partial
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.
20 CVE-2012-3273 +Info 2012-12-06 2013-03-13
5.0
None Remote Low Not required Partial None None
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors.
21 CVE-2012-3267 +Info 2012-10-04 2013-06-04
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.
22 CVE-2012-3266 +Info 2012-10-02 2012-10-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors.
23 CVE-2012-3250 DoS 2012-08-16 2012-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors.
24 CVE-2012-3248 200 +Info 2012-08-16 2013-03-21
5.0
None Remote Low Not required Partial None None
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.
25 CVE-2012-0130 200 +Info 2012-04-05 2012-12-05
5.0
None Remote Low Not required Partial None None
HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.
26 CVE-2012-0128 20 2012-04-05 2012-12-05
5.8
None Remote Medium Not required Partial Partial None
HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
27 CVE-2012-0126 +Info 2012-03-28 2012-06-27
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.
28 CVE-2011-3169 DoS 2011-11-07 2012-02-14
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.
29 CVE-2011-3168 +Info 2011-11-07 2012-02-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.
30 CVE-2011-1860 2011-06-14 2011-09-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.
31 CVE-2011-1859 +Info 2011-06-14 2011-09-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.
32 CVE-2011-1725 200 +Info 2011-04-26 2011-05-11
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.
33 CVE-2011-1539 +Info 2011-05-03 2011-09-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors.
34 CVE-2011-1536 +Info 2011-04-29 2011-09-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors.
35 CVE-2011-1515 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.
36 CVE-2011-1514 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters.
37 CVE-2011-1483 DoS 2013-07-29 2013-07-29
5.0
None Remote Low Not required None None Partial
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
38 CVE-2011-0894 Bypass 2011-04-04 2011-09-21
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors.
39 CVE-2011-0890 200 +Info 2011-03-25 2011-09-21
5.0
None Remote Low Not required Partial None None
HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.
40 CVE-2011-0514 119 1 DoS Overflow 2011-01-20 2011-01-24
5.0
None Remote Low Not required None None Partial
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
41 CVE-2010-4112 200 +Info 2010-12-22 2011-01-11
5.0
None Remote Low Not required Partial None None
HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.
42 CVE-2010-4110 DoS +Priv 2010-12-22 2011-01-11
5.7
None Local Low Single system Partial Partial Complete
Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.
43 CVE-2010-4104 2010-11-01 2010-11-02
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
44 CVE-2010-4103 2010-11-01 2010-11-11
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
45 CVE-2010-4102 2010-11-01 2010-11-11
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
46 CVE-2010-4100 2010-11-01 2011-01-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.
47 CVE-2010-4027 2010-10-28 2010-11-11
5.6
None Local High Not required None Complete Complete
Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.
48 CVE-2010-3990 2010-10-28 2010-11-06
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
49 CVE-2010-3988 DoS Bypass 2010-10-28 2010-11-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.
50 CVE-2010-3986 2010-10-26 2010-11-11
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.
Total number of vulnerabilities : 145   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.