CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-12463 611 2018-07-12 2018-09-07
7.5
None Remote Low Not required Partial Partial Partial
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
2 CVE-2018-7096 17 Exec Code 2018-08-14 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.
3 CVE-2018-7095 284 Bypass 2018-08-14 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.
4 CVE-2018-7093 254 DoS 2018-08-14 2018-10-11
7.8
None Remote Low Not required None None Complete
A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.
5 CVE-2018-7074 Exec Code 2018-08-06 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.
6 CVE-2018-6490 20 DoS 2018-03-01 2018-03-16
7.8
None Remote Low Not required None None Complete
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.
7 CVE-2018-5924 119 Exec Code Overflow 2018-08-13 2018-10-23
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.
8 CVE-2017-14356 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
9 CVE-2017-14351 Exec Code 2017-09-29 2017-11-10
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
10 CVE-2017-14349 284 2017-09-29 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
11 CVE-2017-12545 476 DoS 2018-02-15 2018-03-02
7.8
None Remote Low Not required None None Complete
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
12 CVE-2017-9003 119 Exec Code Overflow Mem. Corr. 2018-08-06 2018-10-18
7.8
None Remote Low Not required None None Complete
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
13 CVE-2017-8994 20 Exec Code 2017-10-10 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
14 CVE-2017-8990 Exec Code 2018-08-06 2018-10-05
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.
15 CVE-2017-8987 264 DoS 2018-08-06 2018-10-04
7.8
None Remote Low Not required None None Complete
A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions.
16 CVE-2017-8968 264 Exec Code 2018-08-06 2018-10-05
7.2
None Local Low Not required Complete Complete Complete
A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.
17 CVE-2017-8960 284 Bypass 2018-02-15 2018-03-15
7.5
None Remote Low Not required Partial Partial Partial
An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.
18 CVE-2017-8955 20 Exec Code 2018-02-15 2018-03-06
7.8
None Remote Low Not required None None Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
19 CVE-2017-8946 Exec Code 2018-02-15 2018-03-15
7.6
None Remote High Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.
20 CVE-2017-5822 284 Exec Code 2018-02-15 2018-02-24
7.8
None Remote Low Not required None Complete None
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
21 CVE-2017-5818 20 Exec Code 2018-02-15 2018-02-24
7.8
None Remote Low Not required None None Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
22 CVE-2017-5811 200 Exec Code +Info 2018-02-15 2018-03-07
7.8
None Remote Low Not required Complete None None
A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
23 CVE-2017-5810 89 Sql 2018-02-15 2018-03-07
7.5
None Remote Low Not required Partial Partial Partial
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
24 CVE-2017-5808 20 Exec Code 2018-02-15 2018-03-07
7.8
None Remote Low Not required None None Complete
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
25 CVE-2017-5797 200 +Info 2018-02-15 2018-03-15
7.8
None Remote Low Not required Complete None None
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.
26 CVE-2017-5795 200 +Info 2018-02-15 2018-03-06
7.1
None Remote Medium Not required Complete None None
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.
27 CVE-2017-5792 502 Exec Code 2018-02-15 2018-02-24
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
28 CVE-2017-5789 284 Exec Code Overflow 2017-10-11 2018-02-16
7.5
None Remote Low Not required Partial Partial Partial
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
29 CVE-2017-3210 16 Exec Code 2018-07-24 2018-10-17
7.2
None Local Low Not required Complete Complete Complete
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
30 CVE-2017-2742 399 DoS 2018-01-23 2018-02-09
7.8
None Remote Low Not required None None Complete
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.
31 CVE-2017-2740 264 2018-01-23 2018-02-12
7.2
None Local Low Not required Complete Complete Complete
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
32 CVE-2016-8529 284 Exec Code 2018-02-15 2018-03-12
7.3
None Local Network Low Not required Partial Partial Complete
A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.
33 CVE-2016-8512 119 Exec Code Overflow 2018-02-15 2018-03-09
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
34 CVE-2016-8511 502 Exec Code 2018-02-15 2018-03-13
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
35 CVE-2016-4543 119 DoS Overflow 2016-05-21 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
36 CVE-2016-4404 119 Exec Code Overflow 2018-08-06 2018-10-05
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.
37 CVE-2016-4403 119 Exec Code Overflow Mem. Corr. 2018-08-06 2018-10-05
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.
38 CVE-2016-4402 119 Exec Code Overflow 2018-08-06 2018-10-05
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.
39 CVE-2016-4396 119 Overflow 2016-10-28 2017-02-16
7.8
None Remote Low Not required None Complete None
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
40 CVE-2016-4395 119 Overflow 2016-10-28 2017-02-16
7.8
None Remote Low Not required None Complete None
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
41 CVE-2016-4385 502 Exec Code 2016-09-29 2018-02-16
7.5
None Remote Low Not required Partial Partial Partial
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
42 CVE-2016-4377 Exec Code 2016-08-22 2016-11-28
7.6
None Remote High Not required Complete Complete Complete
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.
43 CVE-2016-4375 DoS +Info 2016-09-08 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
44 CVE-2016-4373 284 Exec Code 2016-07-31 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
45 CVE-2016-4372 20 Exec Code 2016-07-15 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
46 CVE-2016-4368 20 Exec Code 2016-06-08 2016-06-10
7.5
None Remote Low Not required Partial Partial Partial
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
47 CVE-2016-4366 DoS +Info 2016-06-08 2017-11-17
7.5
None Remote Low Not required Partial Partial Partial
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
48 CVE-2016-4364 +Priv 2016-06-08 2016-08-23
7.2
None Local Low Not required Complete Complete Complete
HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.
49 CVE-2016-4359 119 Exec Code Overflow 2016-06-08 2017-11-02
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
50 CVE-2016-4357 +Info 2016-06-08 2016-08-23
7.5
None Remote Low Single system Partial Complete None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
Total number of vulnerabilities : 397   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.