CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4379 310 +Info 2016-09-08 2016-09-08
4.3
None Remote Medium Not required Partial None None
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.
2 CVE-2016-4378 200 +Info 2016-08-26 2016-08-29
5.0
None Remote Low Not required Partial None None
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.
3 CVE-2016-4375 DoS +Info 2016-09-08 2016-09-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
4 CVE-2016-4374 918 DoS +Info 2016-08-07 2016-08-12
4.0
None Remote Low Single system None Partial None
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.
5 CVE-2016-4371 352 +Info 2016-06-18 2016-06-21
6.0
None Remote Medium Single system Partial Partial Partial
HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.
6 CVE-2016-4370 Exec Code +Info 2016-06-09 2016-06-10
6.5
None Remote Low Single system Partial Partial Partial
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
7 CVE-2016-4367 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.
8 CVE-2016-4366 DoS +Info 2016-06-08 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
9 CVE-2016-4365 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
10 CVE-2016-4362 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
11 CVE-2016-4358 +Info 2016-06-08 2016-08-23
4.8
None Local Network Low Not required Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
12 CVE-2016-4357 +Info 2016-06-08 2016-08-23
7.5
None Remote Low Single system Partial Complete None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
13 CVE-2016-2244 200 +Info 2016-03-04 2016-03-10
5.0
None Remote Low Not required Partial None None
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
14 CVE-2016-2107 310 +Info 2016-05-04 2016-08-08
2.6
None Remote High Not required Partial None None
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
15 CVE-2016-2030 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
16 CVE-2016-2029 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
17 CVE-2016-2028 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
18 CVE-2016-2027 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
19 CVE-2016-2026 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
20 CVE-2016-2025 200 +Info 2016-05-29 2016-08-22
5.0
None Remote Low Not required Partial None None
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
21 CVE-2016-2024 DoS +Info 2016-06-08 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
22 CVE-2016-2023 200 +Info 2016-05-29 2016-08-23
2.1
None Local Low Not required Partial None None
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.
23 CVE-2016-2022 +Info 2016-06-08 2016-08-23
4.7
None Remote Low Multiple systems Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.
24 CVE-2016-2021 +Info 2016-06-08 2016-08-23
7.7
None Remote Low Multiple systems Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
25 CVE-2016-2020 +Info 2016-06-08 2016-08-23
8.5
None Remote Low Single system Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
26 CVE-2016-2019 +Info 2016-06-08 2016-08-23
7.7
None Remote Low Multiple systems Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
27 CVE-2016-2018 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
28 CVE-2016-2017 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
29 CVE-2016-2015 200 +Info 2016-05-14 2016-08-23
6.6
None Local Low Not required Complete Complete None
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
30 CVE-2016-2013 200 +Info 2016-05-07 2016-08-23
4.0
None Remote Low Single system Partial None None
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.
31 CVE-2016-2001 +Info 2016-04-12 2016-08-17
5.8
None Remote Medium Not required Partial Partial None
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
32 CVE-2016-1996 +Info 2016-03-18 2016-08-17
3.6
None Local Low Not required Partial Partial None
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
33 CVE-2016-1994 200 +Info 2016-03-18 2016-08-17
4.0
None Remote Low Single system Partial None None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
34 CVE-2016-1993 +Info 2016-03-18 2016-08-17
5.5
None Remote Low Single system Partial Partial None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
35 CVE-2016-1992 200 +Info 2016-03-17 2016-08-18
4.0
None Remote Low Single system Partial None None
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
36 CVE-2016-1989 Exec Code +Info 2016-03-14 2016-08-18
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
37 CVE-2016-1988 Exec Code +Info 2016-03-14 2016-08-18
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
38 CVE-2015-8317 119 Overflow +Info 2015-12-15 2016-08-29
5.0
None Remote Low Not required Partial None None
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
39 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2016-08-29
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
40 CVE-2015-8241 119 DoS Overflow +Info 2015-12-15 2016-08-26
6.4
None Remote Low Not required Partial None Partial
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
41 CVE-2015-7499 119 Overflow +Info 2015-12-15 2016-08-25
5.0
None Remote Low Not required Partial None None
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
42 CVE-2015-6862 284 Bypass +Info 2016-01-07 2016-08-22
7.2
None Local Low Not required Complete Complete Complete
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
43 CVE-2015-6858 200 +Info 2016-01-05 2016-01-05
4.3
None Remote Medium Not required Partial None None
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
44 CVE-2015-5443 200 +Info 2015-10-12 2015-10-13
4.0
None Remote Low Single system Partial None None
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
45 CVE-2015-5440 200 +Info 2015-09-16 2015-09-17
4.9
None Local Low Not required Complete None None
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.
46 CVE-2015-5433 +Info 2015-08-26 2015-08-27
4.0
None Remote Low Single system Partial None None
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.
47 CVE-2015-5432 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
48 CVE-2015-5431 +Info 2015-08-26 2015-08-27
6.5
None Remote Low Single system Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
49 CVE-2015-5430 200 +Info 2015-08-26 2015-08-27
5.0
None Remote Low Not required Partial None None
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.
50 CVE-2015-5429 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.
Total number of vulnerabilities : 207   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.