| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-7097 |
352 |
|
CSRF |
2018-08-14 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. |
|
2 |
CVE-2018-7092 |
22 |
|
Dir. Trav. |
2018-08-06 |
2018-10-05 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. |
|
3 |
CVE-2018-6493 |
89 |
|
Sql |
2018-05-22 |
2018-06-25 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. |
|
4 |
CVE-2018-5921 |
352 |
|
CSRF |
2018-10-03 |
2018-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege. |
|
5 |
CVE-2017-14353 |
94 |
|
Exec Code |
2017-10-05 |
2017-11-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. |
|
6 |
CVE-2017-12560 |
22 |
|
DoS Dir. Trav. |
2018-02-15 |
2018-02-25 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. |
|
7 |
CVE-2017-12559 |
22 |
|
DoS Dir. Trav. |
2018-02-15 |
2018-02-25 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. |
|
8 |
CVE-2017-12555 |
200 |
|
+Info |
2018-02-15 |
2018-03-13 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
|
A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. |
|
9 |
CVE-2017-8989 |
601 |
|
|
2018-08-06 |
2018-10-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. |
|
10 |
CVE-2017-8979 |
264 |
|
DoS Exec Code Bypass |
2018-02-15 |
2018-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. |
|
11 |
CVE-2017-8959 |
264 |
|
Bypass |
2018-02-15 |
2018-03-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found. |
|
12 |
CVE-2017-5813 |
284 |
|
|
2018-02-15 |
2018-03-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. |
|
13 |
CVE-2017-5787 |
|
|
DoS |
2018-02-15 |
2018-03-07 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found. |
|
14 |
CVE-2017-5785 |
200 |
|
+Info |
2018-02-15 |
2018-03-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. |
|
15 |
CVE-2017-5781 |
352 |
|
CSRF |
2018-02-15 |
2018-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found. |
|
16 |
CVE-2016-8534 |
264 |
|
|
2018-02-15 |
2018-03-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
|
17 |
CVE-2016-8533 |
264 |
|
|
2018-02-15 |
2018-03-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
|
18 |
CVE-2016-8515 |
434 |
|
|
2018-02-15 |
2018-03-06 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. |
|
19 |
CVE-2016-8513 |
352 |
|
CSRF |
2018-02-15 |
2018-03-07 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. |
|
20 |
CVE-2016-4398 |
502 |
|
Exec Code |
2018-08-06 |
2018-10-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. |
|
21 |
CVE-2016-4390 |
|
|
Exec Code |
2016-10-05 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. |
|
22 |
CVE-2016-4389 |
|
|
Exec Code |
2016-10-05 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. |
|
23 |
CVE-2016-4388 |
|
|
Exec Code |
2016-10-05 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. |
|
24 |
CVE-2016-4387 |
|
|
Exec Code |
2016-10-05 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. |
|
25 |
CVE-2016-4386 |
|
|
|
2016-09-29 |
2017-07-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. |
|
26 |
CVE-2016-4382 |
264 |
|
Bypass |
2016-09-20 |
2017-08-12 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. |
|
27 |
CVE-2016-4371 |
352 |
|
+Info |
2016-06-18 |
2016-12-15 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. |
|
28 |
CVE-2016-4370 |
|
|
Exec Code +Info |
2016-06-09 |
2016-06-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors. |
|
29 |
CVE-2016-4369 |
284 |
|
Exec Code |
2016-06-08 |
2016-08-23 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. |
|
30 |
CVE-2016-4360 |
|
|
|
2016-06-08 |
2017-11-02 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555. |
|
31 |
CVE-2016-2029 |
|
|
+Info |
2016-06-08 |
2016-08-23 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. |
|
32 |
CVE-2016-2018 |
|
|
+Info |
2016-06-08 |
2016-08-23 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. |
|
33 |
CVE-2016-2015 |
200 |
|
+Info |
2016-05-14 |
2016-11-30 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
Complete |
None |
|
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. |
|
34 |
CVE-2016-2009 |
284 |
|
Exec Code |
2016-05-07 |
2016-11-30 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. |
|
35 |
CVE-2015-8241 |
119 |
|
DoS Overflow +Info |
2015-12-15 |
2017-09-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
|
36 |
CVE-2015-7942 |
119 |
|
DoS Overflow |
2015-11-18 |
2017-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
|
37 |
CVE-2015-7547 |
119 |
|
DoS Exec Code Overflow |
2016-02-18 |
2018-11-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
|
38 |
CVE-2015-6864 |
20 |
|
Exec Code |
2016-01-16 |
2016-11-30 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. |
|
39 |
CVE-2015-5451 |
352 |
|
CSRF |
2015-11-22 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
40 |
CVE-2015-5445 |
352 |
|
CSRF |
2016-01-05 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
|
41 |
CVE-2015-5434 |
264 |
|
DoS Bypass |
2016-01-05 |
2016-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." |
|
42 |
CVE-2015-5431 |
|
|
+Info |
2015-08-26 |
2015-08-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. |
|
43 |
CVE-2015-5412 |
352 |
|
CSRF |
2015-08-26 |
2016-12-21 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
|
44 |
CVE-2015-5411 |
200 |
|
+Info |
2015-08-26 |
2016-12-21 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
|
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
45 |
CVE-2015-5410 |
|
|
DoS Exec Code |
2015-08-26 |
2016-12-21 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. |
|
46 |
CVE-2015-5408 |
|
|
+Info |
2015-08-22 |
2016-11-28 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407. |
|
47 |
CVE-2015-5407 |
|
|
+Info |
2015-08-22 |
2016-11-28 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408. |
|
48 |
CVE-2015-5405 |
|
|
DoS +Info |
2015-08-26 |
2015-08-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. |
|
49 |
CVE-2015-5367 |
264 |
|
+Priv |
2015-08-27 |
2017-09-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. |
|
50 |
CVE-2015-3237 |
20 |
|
DoS +Info |
2015-06-22 |
2018-10-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. |
