| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-4362 |
255 |
2
|
|
2012-08-20 |
2012-08-21 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. |
|
2 |
CVE-2012-4361 |
78 |
2
|
Exec Code |
2012-08-20 |
2012-08-21 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
|
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. |
|
3 |
CVE-2012-3277 |
|
|
DoS |
2012-12-13 |
2012-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. |
|
4 |
CVE-2012-3276 |
16 |
|
DoS |
2012-12-13 |
2012-12-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. |
|
5 |
CVE-2012-3275 |
|
|
Exec Code |
2012-12-06 |
2013-03-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors. |
|
6 |
CVE-2012-3274 |
119 |
|
Exec Code Overflow |
2012-12-06 |
2012-12-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data. |
|
7 |
CVE-2012-3273 |
|
|
+Info |
2012-12-06 |
2013-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors. |
|
8 |
CVE-2012-3272 |
79 |
|
XSS |
2012-12-06 |
2013-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
9 |
CVE-2012-3271 |
|
|
+Info |
2012-11-29 |
2013-04-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. |
|
10 |
CVE-2012-3270 |
|
|
DoS +Info |
2012-11-07 |
2012-11-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269. |
|
11 |
CVE-2012-3269 |
|
|
DoS +Info |
2012-11-07 |
2013-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270. |
|
12 |
CVE-2012-3267 |
|
|
+Info |
2012-10-04 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. |
|
13 |
CVE-2012-3266 |
|
|
+Info |
2012-10-02 |
2012-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors. |
|
14 |
CVE-2012-3264 |
|
|
Exec Code |
2012-09-25 |
2012-09-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472. |
|
15 |
CVE-2012-3263 |
|
|
Exec Code |
2012-09-25 |
2012-09-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465. |
|
16 |
CVE-2012-3262 |
|
|
Exec Code |
2012-09-25 |
2012-09-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464. |
|
17 |
CVE-2012-3261 |
|
|
Exec Code |
2012-09-25 |
2012-09-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463. |
|
18 |
CVE-2012-3260 |
|
|
Exec Code |
2012-09-25 |
2012-09-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462. |
|
19 |
CVE-2012-3259 |
|
|
Exec Code |
2012-09-25 |
2013-01-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. |
|
20 |
CVE-2012-3258 |
|
|
Exec Code |
2012-09-19 |
2013-03-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors. |
|
21 |
CVE-2012-3257 |
|
|
|
2012-09-08 |
2013-03-21 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. |
|
22 |
CVE-2012-3256 |
352 |
|
CSRF |
2012-09-08 |
2013-03-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
23 |
CVE-2012-3255 |
79 |
|
XSS |
2012-09-08 |
2013-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
24 |
CVE-2012-3254 |
|
|
Exec Code Overflow |
2012-08-30 |
2012-08-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet. |
|
25 |
CVE-2012-3253 |
|
|
Exec Code Overflow |
2012-08-30 |
2012-08-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet. |
|
26 |
CVE-2012-3252 |
|
|
DoS |
2012-08-20 |
2013-02-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. |
|
27 |
CVE-2012-3251 |
79 |
|
XSS |
2012-08-16 |
2012-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
28 |
CVE-2012-3250 |
|
|
DoS |
2012-08-16 |
2012-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. |
|
29 |
CVE-2012-3249 |
200 |
|
+Info |
2012-08-16 |
2012-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
30 |
CVE-2012-3248 |
200 |
|
+Info |
2012-08-16 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
31 |
CVE-2012-3247 |
|
|
DoS |
2012-08-16 |
2013-03-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors. |
|
32 |
CVE-2012-2986 |
78 |
|
Exec Code |
2012-08-20 |
2012-08-21 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
|
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. |
|
33 |
CVE-2012-2960 |
79 |
|
XSS |
2012-08-08 |
2013-02-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. |
|
34 |
CVE-2012-2561 |
264 |
|
Exec Code |
2012-05-21 |
2012-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. |
|
35 |
CVE-2012-2022 |
79 |
|
XSS |
2012-08-07 |
2012-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
36 |
CVE-2012-2021 |
79 |
|
XSS |
2012-07-16 |
2012-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
37 |
CVE-2012-2020 |
|
|
Exec Code |
2012-07-11 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. |
|
38 |
CVE-2012-2019 |
|
|
Exec Code |
2012-07-11 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. |
|
39 |
CVE-2012-2018 |
79 |
|
XSS |
2012-07-05 |
2013-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40 |
CVE-2012-2017 |
|
|
DoS |
2012-06-30 |
2013-03-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors. |
|
41 |
CVE-2012-2016 |
|
|
+Info |
2012-06-29 |
2012-07-02 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. |
|
42 |
CVE-2012-2015 |
|
|
+Priv +Info |
2012-06-29 |
2012-07-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. |
|
43 |
CVE-2012-2014 |
|
|
|
2012-06-29 |
2012-07-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. |
|
44 |
CVE-2012-2013 |
|
|
DoS +Info |
2012-06-29 |
2012-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors. |
|
45 |
CVE-2012-2012 |
|
|
|
2012-06-29 |
2012-07-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
|
46 |
CVE-2012-2011 |
79 |
|
XSS |
2012-06-13 |
2013-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47 |
CVE-2012-2010 |
264 |
|
+Priv |
2012-05-18 |
2012-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. |
|
48 |
CVE-2012-2009 |
264 |
|
+Priv |
2012-05-09 |
2012-05-16 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors. |
|
49 |
CVE-2012-2008 |
79 |
|
XSS |
2012-05-09 |
2012-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50 |
CVE-2012-2007 |
89 |
|
Exec Code Sql |
2012-05-09 |
2012-05-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
