| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-3662 |
79 |
|
XSS |
2021-10-29 |
2021-11-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). |
|
2 |
CVE-2020-7132 |
79 |
|
XSS |
2020-04-23 |
2020-04-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). |
|
3 |
CVE-2019-18567 |
125 |
|
DoS |
2020-02-03 |
2021-11-03 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. |
|
4 |
CVE-2019-11656 |
79 |
|
XSS |
2019-10-04 |
2019-10-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). |
|
5 |
CVE-2019-5403 |
79 |
|
XSS |
2019-08-09 |
2019-08-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
|
6 |
CVE-2018-7098 |
22 |
|
Dir. Trav. |
2018-08-14 |
2018-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. |
|
7 |
CVE-2018-2794 |
|
|
|
2018-04-19 |
2022-05-13 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
|
8 |
CVE-2018-2602 |
|
|
DoS Exec Code |
2018-01-18 |
2022-05-13 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). |
|
9 |
CVE-2017-17556 |
200 |
|
+Info |
2017-12-15 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. |
|
10 |
CVE-2017-14359 |
79 |
|
XSS |
2017-11-03 |
2017-11-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. |
|
11 |
CVE-2017-8991 |
79 |
|
XSS |
2018-08-06 |
2018-10-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. |
|
12 |
CVE-2017-8969 |
20 |
|
|
2018-02-15 |
2018-03-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. |
|
13 |
CVE-2017-8953 |
79 |
|
XSS |
2018-02-15 |
2018-03-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. |
|
14 |
CVE-2017-5827 |
79 |
|
XSS |
2018-02-15 |
2019-03-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. |
|
15 |
CVE-2017-5800 |
79 |
|
XSS |
2018-02-15 |
2018-03-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. |
|
16 |
CVE-2016-8535 |
20 |
|
|
2018-02-15 |
2018-03-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
|
17 |
CVE-2016-8532 |
79 |
|
XSS |
2018-02-15 |
2018-03-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
|
18 |
CVE-2016-8522 |
79 |
|
XSS |
2018-02-15 |
2018-03-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. |
|
19 |
CVE-2016-4400 |
79 |
|
XSS |
2018-08-06 |
2018-10-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
|
20 |
CVE-2016-4399 |
79 |
|
XSS |
2018-08-06 |
2018-10-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
|
21 |
CVE-2016-4393 |
79 |
|
XSS +Info |
2016-10-28 |
2017-02-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. |
|
22 |
CVE-2016-4392 |
79 |
|
XSS |
2018-08-06 |
2018-10-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. |
|
23 |
CVE-2016-4380 |
79 |
|
XSS |
2016-09-08 |
2016-11-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
24 |
CVE-2016-2011 |
79 |
|
XSS |
2016-05-07 |
2016-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. |
|
25 |
CVE-2016-2010 |
79 |
|
XSS |
2016-05-07 |
2016-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. |
|
26 |
CVE-2016-1996 |
|
|
+Info |
2016-03-18 |
2016-12-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. |
|
27 |
CVE-2015-5447 |
79 |
|
XSS |
2016-01-05 |
2016-12-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
28 |
CVE-2015-2108 |
200 |
|
+Info |
2015-03-31 |
2016-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. |
|
29 |
CVE-2014-4669 |
200 |
|
+Info |
2014-06-28 |
2015-12-18 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue. |
|
30 |
CVE-2013-6196 |
79 |
|
XSS |
2013-12-21 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
31 |
CVE-2013-4819 |
|
|
+Info |
2013-09-23 |
2018-05-10 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. |
|
32 |
CVE-2013-2364 |
79 |
|
XSS |
2013-07-22 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
33 |
CVE-2013-2322 |
200 |
|
+Info |
2013-06-28 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue. |
|
34 |
CVE-2012-5200 |
79 |
|
XSS |
2013-03-09 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
35 |
CVE-2012-3268 |
522 |
|
|
2013-02-01 |
2021-04-06 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |
|
36 |
CVE-2012-1995 |
|
|
+Info |
2013-03-11 |
2019-10-09 |
3.2 |
None |
Local |
Low |
??? |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors. |
|
37 |
CVE-2012-1993 |
|
|
+Info |
2012-04-18 |
2017-12-19 |
3.2 |
None |
Local |
Low |
??? |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. |
|
38 |
CVE-2012-0135 |
|
|
DoS |
2012-04-18 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. |
|
39 |
CVE-2012-0133 |
|
|
Exec Code |
2012-04-12 |
2017-08-29 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. |
|
40 |
CVE-2012-0125 |
|
|
+Info |
2012-03-28 |
2017-12-06 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. |
|
41 |
CVE-2011-2779 |
264 |
|
|
2011-07-19 |
2017-08-29 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. |
|
42 |
CVE-2011-2406 |
79 |
|
XSS |
2011-08-11 |
2015-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
43 |
CVE-2002-2270 |
264 |
|
|
2002-12-31 |
2017-10-11 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors. |
|
44 |
CVE-2000-1127 |
|
|
|
2001-01-09 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. |
