CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4374 918 DoS +Info 2016-08-07 2016-08-12
4.0
None Remote Low Single system None Partial None
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.
2 CVE-2016-4371 352 +Info 2016-06-18 2016-06-21
6.0
None Remote Medium Single system Partial Partial Partial
HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.
3 CVE-2016-4370 Exec Code +Info 2016-06-09 2016-06-10
6.5
None Remote Low Single system Partial Partial Partial
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
4 CVE-2016-4367 200 +Info 2016-06-08 2016-08-22
5.0
None Remote Low Not required Partial None None
The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.
5 CVE-2016-4366 DoS +Info 2016-06-08 2016-08-22
7.5
None Remote Low Not required Partial Partial Partial
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
6 CVE-2016-4365 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
7 CVE-2016-4362 +Info 2016-06-08 2016-08-22
5.5
None Remote Low Single system Partial Partial None
HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
8 CVE-2016-4358 +Info 2016-06-08 2016-08-23
4.8
None Local Network Low Not required Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
9 CVE-2016-4357 +Info 2016-06-08 2016-08-23
7.5
None Remote Low Single system Partial Complete None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
10 CVE-2016-2244 200 +Info 2016-03-04 2016-03-10
5.0
None Remote Low Not required Partial None None
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
11 CVE-2016-2107 310 +Info 2016-05-04 2016-08-08
2.6
None Remote High Not required Partial None None
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
12 CVE-2016-2030 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
13 CVE-2016-2029 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
14 CVE-2016-2028 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
15 CVE-2016-2027 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
16 CVE-2016-2026 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
17 CVE-2016-2025 200 +Info 2016-05-29 2016-08-22
5.0
None Remote Low Not required Partial None None
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
18 CVE-2016-2024 DoS +Info 2016-06-08 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
19 CVE-2016-2023 200 +Info 2016-05-29 2016-08-23
2.1
None Local Low Not required Partial None None
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.
20 CVE-2016-2022 +Info 2016-06-08 2016-08-23
4.7
None Remote Low Multiple systems Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.
21 CVE-2016-2021 +Info 2016-06-08 2016-08-23
7.7
None Remote Low Multiple systems Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
22 CVE-2016-2020 +Info 2016-06-08 2016-08-23
8.5
None Remote Low Single system Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
23 CVE-2016-2019 +Info 2016-06-08 2016-08-23
7.7
None Remote Low Multiple systems Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
24 CVE-2016-2018 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
25 CVE-2016-2017 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
26 CVE-2016-2015 200 +Info 2016-05-14 2016-08-23
6.6
None Local Low Not required Complete Complete None
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
27 CVE-2016-2013 200 +Info 2016-05-07 2016-08-23
4.0
None Remote Low Single system Partial None None
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.
28 CVE-2016-2001 +Info 2016-04-12 2016-08-17
5.8
None Remote Medium Not required Partial Partial None
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
29 CVE-2016-1996 +Info 2016-03-18 2016-08-17
3.6
None Local Low Not required Partial Partial None
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
30 CVE-2016-1994 200 +Info 2016-03-18 2016-08-17
4.0
None Remote Low Single system Partial None None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
31 CVE-2016-1993 +Info 2016-03-18 2016-08-17
5.5
None Remote Low Single system Partial Partial None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
32 CVE-2016-1992 200 +Info 2016-03-17 2016-08-18
4.0
None Remote Low Single system Partial None None
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
33 CVE-2016-1989 Exec Code +Info 2016-03-14 2016-08-18
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
34 CVE-2016-1988 Exec Code +Info 2016-03-14 2016-08-18
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
35 CVE-2015-6862 284 Bypass +Info 2016-01-07 2016-08-22
7.2
None Local Low Not required Complete Complete Complete
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
36 CVE-2015-6858 200 +Info 2016-01-05 2016-01-05
4.3
None Remote Medium Not required Partial None None
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
37 CVE-2015-5443 200 +Info 2015-10-12 2015-10-13
4.0
None Remote Low Single system Partial None None
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
38 CVE-2015-5440 200 +Info 2015-09-16 2015-09-17
4.9
None Local Low Not required Complete None None
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.
39 CVE-2015-5433 +Info 2015-08-26 2015-08-27
4.0
None Remote Low Single system Partial None None
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.
40 CVE-2015-5432 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
41 CVE-2015-5431 +Info 2015-08-26 2015-08-27
6.5
None Remote Low Single system Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
42 CVE-2015-5430 200 +Info 2015-08-26 2015-08-27
5.0
None Remote Low Not required Partial None None
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.
43 CVE-2015-5429 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.
44 CVE-2015-5428 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.
45 CVE-2015-5427 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.
46 CVE-2015-5413 264 +Priv +Info 2015-08-26 2015-08-27
4.0
None Remote Low Single system Partial None None
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.
47 CVE-2015-5411 200 +Info 2015-08-26 2015-08-27
6.8
None Remote Low Single system Complete None None
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.
48 CVE-2015-5408 +Info 2015-08-22 2015-08-24
6.0
None Local High Single system Complete Complete Complete
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.
49 CVE-2015-5407 +Info 2015-08-22 2015-08-24
6.0
None Local High Single system Complete Complete Complete
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.
50 CVE-2015-5406 +Info 2015-08-22 2015-08-24
9.0
None Remote Low Single system Complete Complete Complete
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408.
Total number of vulnerabilities : 198   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.