| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-11656 |
79 |
|
XSS |
2019-10-04 |
2019-10-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). |
|
2 |
CVE-2019-5403 |
79 |
|
XSS |
2019-08-09 |
2019-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
|
3 |
CVE-2019-5401 |
79 |
|
XSS |
2019-08-01 |
2019-08-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. |
|
4 |
CVE-2018-7098 |
22 |
|
Dir. Trav. |
2018-08-14 |
2018-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. |
|
5 |
CVE-2018-2794 |
|
|
|
2018-04-18 |
2019-10-02 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
|
6 |
CVE-2017-17556 |
200 |
|
+Info |
2017-12-15 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. |
|
7 |
CVE-2017-14359 |
79 |
|
XSS |
2017-11-03 |
2017-11-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. |
|
8 |
CVE-2017-12544 |
79 |
|
XSS |
2018-02-15 |
2018-03-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. |
|
9 |
CVE-2017-8969 |
20 |
|
|
2018-02-15 |
2018-03-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. |
|
10 |
CVE-2017-8953 |
79 |
|
XSS |
2018-02-15 |
2018-03-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. |
|
11 |
CVE-2017-5800 |
79 |
|
XSS |
2018-02-15 |
2018-03-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. |
|
12 |
CVE-2016-8535 |
20 |
|
|
2018-02-15 |
2018-03-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
|
13 |
CVE-2016-8532 |
79 |
|
XSS |
2018-02-15 |
2018-03-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
|
14 |
CVE-2016-8522 |
79 |
|
XSS |
2018-02-15 |
2018-03-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. |
|
15 |
CVE-2016-4400 |
79 |
|
XSS |
2018-08-06 |
2018-10-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
|
16 |
CVE-2016-4399 |
79 |
|
XSS |
2018-08-06 |
2018-10-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
|
17 |
CVE-2016-4393 |
79 |
|
XSS +Info |
2016-10-28 |
2017-02-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. |
|
18 |
CVE-2016-4392 |
79 |
|
XSS |
2018-08-06 |
2018-10-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. |
|
19 |
CVE-2016-4380 |
79 |
|
XSS |
2016-09-08 |
2016-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
20 |
CVE-2016-2011 |
79 |
|
XSS |
2016-05-07 |
2016-11-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. |
|
21 |
CVE-2016-2010 |
79 |
|
XSS |
2016-05-07 |
2016-11-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. |
|
22 |
CVE-2016-1996 |
|
|
+Info |
2016-03-18 |
2016-12-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. |
|
23 |
CVE-2015-5447 |
79 |
|
XSS |
2016-01-05 |
2016-12-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
24 |
CVE-2015-2108 |
200 |
|
+Info |
2015-03-31 |
2016-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. |
|
25 |
CVE-2014-4669 |
200 |
|
+Info |
2014-06-28 |
2015-12-18 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue. |
|
26 |
CVE-2013-6219 |
|
|
Bypass |
2014-04-19 |
2019-10-09 |
3.8 |
None |
Local |
High |
Single system |
None |
Complete |
None |
|
Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. |
|
27 |
CVE-2013-6196 |
79 |
|
XSS |
2013-12-21 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
28 |
CVE-2013-4819 |
|
|
+Info |
2013-09-23 |
2018-05-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. |
|
29 |
CVE-2013-2364 |
79 |
|
XSS |
2013-07-22 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
30 |
CVE-2013-2322 |
200 |
|
+Info |
2013-06-28 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue. |
|
31 |
CVE-2012-5200 |
79 |
|
XSS |
2013-03-09 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
32 |
CVE-2012-1995 |
|
|
+Info |
2013-03-11 |
2019-10-09 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors. |
|
33 |
CVE-2012-1993 |
|
|
+Info |
2012-04-18 |
2017-12-18 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. |
|
34 |
CVE-2012-0135 |
|
|
DoS |
2012-04-18 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. |
|
35 |
CVE-2012-0133 |
|
|
Exec Code |
2012-04-12 |
2017-08-28 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. |
|
36 |
CVE-2012-0125 |
|
|
+Info |
2012-03-28 |
2017-12-05 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. |
|
37 |
CVE-2011-4160 |
|
|
Bypass |
2011-11-23 |
2012-02-16 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. |
|
38 |
CVE-2011-2779 |
264 |
|
|
2011-07-19 |
2017-08-28 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. |
|
39 |
CVE-2011-2406 |
79 |
|
XSS |
2011-08-11 |
2015-03-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
40 |
CVE-2010-1967 |
|
|
|
2010-07-15 |
2019-10-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. |
|
41 |
CVE-2007-4590 |
|
|
|
2007-08-28 |
2018-10-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. |
|
42 |
CVE-2002-2270 |
264 |
|
|
2002-12-31 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors. |
|
43 |
CVE-2000-1127 |
|
|
|
2001-01-09 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. |
