Filtered by vendor Hp
Subscribe
Total
2441 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5255 | 2 Adobe, Hp | 4 Coldfusion, Livecycle Data Services, Xp7 Command View Advanced Edition and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. | |||||
| CVE-2016-4373 | 1 Hp | 1 Operations Manager | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2014-2604 | 1 Hp | 2 Icewall Mcrp, Icewall Sso | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2015-8242 | 5 Apple, Canonical, Hp and 2 more | 12 Iphone Os, Mac Os X, Tvos and 9 more | 2025-04-12 | 5.8 MEDIUM | N/A |
| The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||||
| CVE-2013-6221 | 1 Hp | 1 Service Virtualization | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031. | |||||
| CVE-2014-7879 | 1 Hp | 1 Hp-ux | 2025-04-12 | 8.5 HIGH | N/A |
| HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2013-6208 | 2 Hp, Linux | 2 Smart Update Manager, Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors. | |||||
| CVE-2016-5388 | 4 Apache, Hp, Oracle and 1 more | 11 Tomcat, System Management Homepage, Linux and 8 more | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
| Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. | |||||
| CVE-2014-2610 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117. | |||||
| CVE-2013-6200 | 1 Hp | 1 Hp-ux | 2025-04-12 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. | |||||
| CVE-2015-5404 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | 7.5 HIGH | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2015-5441 | 1 Hp | 2 Archsight Management Center, Arcsight Logger | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2002 | 1 Hp | 1 Vertica | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. | |||||
| CVE-2016-2000 | 1 Hp | 2 Asset Manager, Asset Manager Cloudsystem Chargeback | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2015-2114 | 2 Hp, Microsoft | 2 Support Solution Framework, Windows | 2025-04-12 | 6.8 MEDIUM | N/A |
| HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | |||||
| CVE-2015-5435 | 1 Hp | 2 Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | |||||
| CVE-2016-2023 | 1 Hp | 1 Restful Interface Tool | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-2902 | 1 Hp | 1 Arcsight Smartconnectors | 2025-04-12 | 6.8 MEDIUM | N/A |
| HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7898 | 2 Hp, Microsoft | 2 Ole Point Of Sale Driver, Windows | 2025-04-12 | 10.0 HIGH | N/A |
| The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-3318 | 5 Ca, Hp, Ibm and 2 more | 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more | 2025-04-12 | 4.6 MEDIUM | N/A |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors. | |||||