CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2613 +Priv 2014-06-28 2014-07-24
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors.
2 CVE-2014-2606 +Priv 2014-07-16 2014-07-24
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors.
3 CVE-2014-2602 +Priv 2014-05-08 2014-05-08
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.
4 CVE-2013-6216 +Priv 2014-04-12 2014-04-14
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.
5 CVE-2013-6208 +Priv 2014-03-16 2014-03-17
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.
6 CVE-2012-5220 +Priv 2013-04-26 2013-05-01
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors.
7 CVE-2012-2015 +Priv +Info 2012-06-29 2012-07-02
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors.
8 CVE-2012-2010 264 +Priv 2012-05-18 2012-10-30
6.9
None Local Medium Not required Complete Complete Complete
The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.
9 CVE-2012-2009 264 +Priv 2012-05-09 2012-05-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors.
10 CVE-2011-4834 264 +Priv 2011-12-14 2011-12-15
4.6
None Local Low Not required Partial Partial Partial
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
11 CVE-2011-4159 +Priv 2011-11-18 2013-11-15
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
12 CVE-2011-3164 +Priv 2011-11-04 2013-11-15
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.
13 CVE-2011-2398 DoS +Priv 2011-07-11 2011-09-21
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
14 CVE-2011-1738 264 +Priv 2011-05-13 2011-09-06
7.2
None Local Low Not required Complete Complete Complete
HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access.
15 CVE-2011-1724 +Priv 2011-05-03 2011-09-21
6.0
User Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
16 CVE-2011-1544 +Priv 2011-05-03 2011-09-21
6.0
User Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
17 CVE-2010-4115 255 +Priv 2010-12-17 2010-12-20
9.0
None Remote Low Single system Complete Complete Complete
HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.
18 CVE-2010-4110 DoS +Priv 2010-12-22 2011-01-11
5.7
None Local Low Single system Partial Partial Complete
Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.
19 CVE-2010-4031 +Priv 2010-11-01 2011-01-21
8.0
None Remote Low Single system Partial Complete Partial
Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors.
20 CVE-2010-4026 +Priv 2010-10-28 2010-11-11
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.
21 CVE-2010-3992 +Priv 2010-10-28 2010-11-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.
22 CVE-2010-3290 +Priv 2010-10-23 2010-11-11
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors.
23 CVE-2010-3009 +Priv +Info 2010-09-15 2010-09-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.
24 CVE-2010-3008 DoS +Priv 2010-09-13 2010-09-14
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.
25 CVE-2010-3007 DoS +Priv 2010-09-09 2010-09-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
26 CVE-2010-3005 +Priv 2010-09-08 2010-09-10
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.
27 CVE-2010-2712 +Priv 2010-08-30 2011-07-18
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
28 CVE-2010-1973 +Priv +Info 2010-07-22 2010-07-22
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.
29 CVE-2010-1970 +Priv 2010-07-15 2010-07-15
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors.
30 CVE-2010-1038 +Priv 2010-04-28 2010-06-01
6.5
User Remote Low Single system Partial Partial Partial
Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.
31 CVE-2010-1031 +Priv 2010-04-01 2010-04-05
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.
32 CVE-2010-0450 +Priv 2010-03-31 2010-04-01
8.5
None Remote Low Single system Complete Complete None
Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.
33 CVE-2010-0443 264 +Priv 2010-02-04 2010-02-05
6.8
Admin Local Low Single system Complete Complete Complete
Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.
34 CVE-2009-2686 DoS +Priv 2009-12-02 2011-01-06
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H06.08.00 through H06.18.01, and J06.04.00 through J06.07.01 allows local users to gain privileges, cause a denial of service, or obtain "access to data" via unknown vectors.
35 CVE-2009-2681 +Priv 2009-09-29 2009-09-30
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors.
36 CVE-2009-1422 +Priv 2009-07-14 2009-07-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.
37 CVE-2009-0712 +Priv 2009-03-11 2009-03-21
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors.
38 CVE-2009-0207 +Priv 2009-03-24 2010-08-21
6.8
Admin Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.
39 CVE-2008-4414 264 +Priv 2008-11-07 2009-01-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
40 CVE-2008-4052 119 DoS Overflow +Priv 2008-09-11 2009-03-18
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.
41 CVE-2008-3947 20 +Priv 2008-09-05 2008-10-07
7.2
None Local Low Not required Complete Complete Complete
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
42 CVE-2008-3940 134 +Priv 2008-09-05 2009-03-18
4.4
User Local Medium Not required Partial Partial Partial
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.
43 CVE-2008-2940 264 +Priv 2008-08-14 2012-10-30
7.2
None Local Low Not required Complete Complete Complete
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
44 CVE-2008-1668 264 +Priv 2008-08-13 2013-07-17
10.0
None Remote Low Not required Complete Complete Complete
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
45 CVE-2008-1659 +Priv 2008-05-07 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
46 CVE-2008-0707 264 +Priv 2008-03-19 2008-10-11
7.2
Admin Local Low Not required Complete Complete Complete
HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors.
47 CVE-2007-3908 +Priv 2007-07-19 2012-10-30
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Enterprise Linux (RHEL) 2.1 SG A.11.14.04 through A.11.14.06; RHEL 3.0 SG A.11.16.04 through A.11.16.10; and ServiceGuard Cluster Object Manager B.03.01.02 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2007-0980.
48 CVE-2007-3260 +Priv 2007-06-19 2012-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
49 CVE-2007-2553 +Priv 2007-05-09 2012-11-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.
50 CVE-2007-0915 +Priv 2007-02-13 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
Total number of vulnerabilities : 150   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.