| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-3485 |
79 |
|
XSS |
2019-07-24 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1 |
|
2 |
CVE-2018-7118 |
284 |
|
Bypass |
2019-04-09 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0. |
|
3 |
CVE-2018-7090 |
79 |
|
XSS |
2018-08-06 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. |
|
4 |
CVE-2018-7075 |
79 |
|
XSS |
2018-08-06 |
2018-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. |
|
5 |
CVE-2018-7071 |
200 |
|
+Info |
2018-08-06 |
2018-10-06 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. |
|
6 |
CVE-2018-6492 |
79 |
|
XSS |
2018-05-22 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. |
|
7 |
CVE-2018-5927 |
|
|
|
2019-03-27 |
2019-10-02 |
4.1 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
Partial |
|
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. |
|
8 |
CVE-2018-2800 |
|
|
|
2018-04-18 |
2019-10-02 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). |
|
9 |
CVE-2017-17482 |
119 |
|
Overflow |
2018-02-07 |
2018-08-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. |
|
10 |
CVE-2017-14357 |
79 |
|
XSS |
2017-10-31 |
2017-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) |
|
11 |
CVE-2017-14354 |
79 |
|
XSS |
2017-10-05 |
2017-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. |
|
12 |
CVE-2017-14352 |
79 |
|
XSS |
2017-09-29 |
2017-10-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. |
|
13 |
CVE-2017-13988 |
|
|
|
2017-09-29 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. |
|
14 |
CVE-2017-13987 |
|
|
|
2017-09-29 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. |
|
15 |
CVE-2017-13986 |
79 |
|
XSS |
2017-09-29 |
2017-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. |
|
16 |
CVE-2017-13985 |
22 |
|
Dir. Trav. |
2017-09-29 |
2017-10-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. |
|
17 |
CVE-2017-12543 |
200 |
|
+Info |
2018-02-15 |
2018-03-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. |
|
18 |
CVE-2017-8978 |
200 |
|
+Info |
2018-02-15 |
2018-03-15 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found. |
|
19 |
CVE-2017-8973 |
20 |
|
|
2018-02-15 |
2018-03-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. |
|
20 |
CVE-2017-8972 |
20 |
|
|
2018-02-15 |
2018-03-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. |
|
21 |
CVE-2017-8971 |
20 |
|
|
2018-02-15 |
2018-03-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. |
|
22 |
CVE-2017-8951 |
200 |
|
+Info |
2018-02-15 |
2018-03-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. |
|
23 |
CVE-2017-5809 |
275 |
|
Exec Code |
2018-02-15 |
2018-03-07 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. |
|
24 |
CVE-2017-5780 |
20 |
|
|
2018-02-15 |
2018-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. |
|
25 |
CVE-2016-8521 |
20 |
|
|
2018-02-15 |
2018-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. |
|
26 |
CVE-2016-8517 |
79 |
|
XSS |
2018-02-15 |
2018-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. |
|
27 |
CVE-2016-8514 |
200 |
|
+Info |
2018-02-15 |
2018-03-06 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. |
|
28 |
CVE-2016-8106 |
20 |
|
DoS |
2017-01-09 |
2017-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. |
|
29 |
CVE-2016-6306 |
125 |
|
DoS |
2016-09-26 |
2018-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. |
|
30 |
CVE-2016-4406 |
79 |
|
XSS |
2018-08-06 |
2018-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. |
|
31 |
CVE-2016-4397 |
94 |
|
Exec Code |
2018-08-06 |
2018-10-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. |
|
32 |
CVE-2016-4381 |
264 |
|
Bypass |
2016-09-08 |
2016-11-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. |
|
33 |
CVE-2016-4379 |
310 |
|
+Info |
2016-09-08 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. |
|
34 |
CVE-2016-4374 |
918 |
|
DoS +Info |
2016-08-07 |
2016-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. |
|
35 |
CVE-2016-4363 |
79 |
|
XSS |
2016-06-08 |
2016-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. |
|
36 |
CVE-2016-4358 |
|
|
+Info |
2016-06-08 |
2016-08-23 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029. |
|
37 |
CVE-2016-2775 |
20 |
|
DoS |
2016-07-19 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. |
|
38 |
CVE-2016-2022 |
|
|
+Info |
2016-06-08 |
2016-08-23 |
4.7 |
None |
Remote |
Low |
Multiple systems |
Partial |
Partial |
None |
|
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030. |
|
39 |
CVE-2016-2013 |
200 |
|
+Info |
2016-05-07 |
2016-11-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
40 |
CVE-2016-1994 |
200 |
|
+Info |
2016-03-18 |
2016-12-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
41 |
CVE-2016-1992 |
200 |
|
+Info |
2016-03-17 |
2016-12-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
42 |
CVE-2016-0778 |
119 |
|
DoS Overflow |
2016-01-14 |
2018-10-09 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
|
43 |
CVE-2016-0777 |
200 |
|
+Info |
2016-01-14 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
|
44 |
CVE-2015-6859 |
264 |
|
Bypass |
2016-01-05 |
2016-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. |
|
45 |
CVE-2015-6858 |
200 |
|
+Info |
2016-01-05 |
2017-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors. |
|
46 |
CVE-2015-5443 |
200 |
|
+Info |
2015-10-12 |
2015-10-13 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
47 |
CVE-2015-5442 |
|
|
+Priv |
2015-09-29 |
2016-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. |
|
48 |
CVE-2015-5441 |
79 |
|
XSS |
2015-11-11 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
49 |
CVE-2015-5440 |
200 |
|
+Info |
2015-09-16 |
2016-12-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. |
|
50 |
CVE-2015-5435 |
|
|
DoS |
2015-09-29 |
2016-12-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. |
