CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4390 Exec Code 2016-10-05 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.
2 CVE-2016-4389 Exec Code 2016-10-05 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.
3 CVE-2016-4388 Exec Code 2016-10-05 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.
4 CVE-2016-4387 Exec Code 2016-10-05 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.
5 CVE-2016-4385 502 Exec Code 2016-09-29 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
6 CVE-2016-4377 Exec Code 2016-08-22 2016-11-28
7.6
None Remote High Not required Complete Complete Complete
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.
7 CVE-2016-4373 284 Exec Code 2016-07-31 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
8 CVE-2016-4372 20 Exec Code 2016-07-15 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
9 CVE-2016-4370 Exec Code +Info 2016-06-09 2016-06-10
6.5
None Remote Low Single system Partial Partial Partial
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
10 CVE-2016-4369 284 Exec Code 2016-06-08 2016-08-23
6.5
None Remote Low Single system Partial Partial Partial
HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
11 CVE-2016-4368 20 Exec Code 2016-06-08 2016-06-10
7.5
None Remote Low Not required Partial Partial Partial
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
12 CVE-2016-4359 119 Exec Code Overflow 2016-06-08 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
13 CVE-2016-3710 284 Exec Code 2016-05-11 2016-11-30
7.2
None Local Low Not required Complete Complete Complete
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
14 CVE-2016-2009 284 Exec Code 2016-05-07 2016-11-30
6.5
None Remote Low Single system Partial Partial Partial
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
15 CVE-2016-2008 Exec Code 2016-04-21 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
16 CVE-2016-2007 Exec Code 2016-04-21 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
17 CVE-2016-2006 Exec Code 2016-04-21 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
18 CVE-2016-2005 Exec Code 2016-04-21 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
19 CVE-2016-2004 Exec Code 2016-04-21 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
20 CVE-2016-2003 Exec Code 2016-04-20 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
21 CVE-2016-2002 77 Exec Code 2016-04-20 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
22 CVE-2016-2000 19 Exec Code 2016-04-05 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
23 CVE-2016-1999 284 Exec Code 2016-05-29 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
24 CVE-2016-1998 20 Exec Code 2016-03-22 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
25 CVE-2016-1997 20 Exec Code 2016-03-22 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
26 CVE-2016-1995 Exec Code 2016-03-18 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
27 CVE-2016-1990 264 Exec Code +Priv 2016-03-16 2016-12-02
4.3
None Local Low Single system Partial Partial Partial
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
28 CVE-2016-1989 Exec Code +Info 2016-03-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
29 CVE-2016-1988 Exec Code +Info 2016-03-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
30 CVE-2016-1986 94 Exec Code 2016-02-11 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
31 CVE-2016-1985 94 Exec Code 2016-01-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
32 CVE-2015-7547 119 DoS Exec Code Overflow 2016-02-18 2016-12-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
33 CVE-2015-6867 284 Exec Code 2015-11-03 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
34 CVE-2015-6864 20 Exec Code 2016-01-16 2016-11-30
6.5
None Remote Low Single system Partial Partial Partial
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
35 CVE-2015-6863 20 Exec Code 2016-01-16 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
36 CVE-2015-6857 Exec Code 2015-11-25 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
37 CVE-2015-6030 264 Exec Code +Priv 2015-11-03 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
38 CVE-2015-5446 Exec Code 2016-01-05 2016-12-07
5.8
None Local Network High Not required Partial Partial Complete
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
39 CVE-2015-5424 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.
40 CVE-2015-5423 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.
41 CVE-2015-5422 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.
42 CVE-2015-5421 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.
43 CVE-2015-5420 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.
44 CVE-2015-5419 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.
45 CVE-2015-5418 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.
46 CVE-2015-5417 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.
47 CVE-2015-5416 Exec Code 2015-08-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.
48 CVE-2015-5410 DoS Exec Code 2015-08-26 2015-08-27
6.5
None Remote Low Single system Partial Partial Partial
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.
49 CVE-2015-5368 119 DoS Exec Code Overflow 2015-08-27 2016-12-07
7.8
None Remote Medium Not required None Partial Complete
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.
50 CVE-2015-2137 Exec Code 2015-08-22 2015-08-24
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.
Total number of vulnerabilities : 416   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.