CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2015-6864 20 Exec Code 2016-01-16 2016-12-01
6.5
None Remote Low ??? Partial Partial Partial
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
52 CVE-2015-5451 352 CSRF 2015-11-23 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
53 CVE-2015-5445 352 CSRF 2016-01-05 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
54 CVE-2015-5434 264 DoS Bypass 2016-01-05 2016-11-28
6.4
None Remote Low Not required None Partial Partial
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
55 CVE-2015-5431 +Info 2015-08-27 2015-08-27
6.5
None Remote Low ??? Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
56 CVE-2015-5412 352 CSRF 2015-08-26 2016-12-22
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
57 CVE-2015-5411 200 +Info 2015-08-26 2016-12-22
6.8
None Remote Low ??? Complete None None
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.
58 CVE-2015-5410 DoS Exec Code 2015-08-26 2016-12-22
6.5
None Remote Low ??? Partial Partial Partial
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.
59 CVE-2015-5408 +Info 2015-08-22 2016-11-28
6.0
None Local High ??? Complete Complete Complete
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.
60 CVE-2015-5407 +Info 2015-08-22 2016-11-28
6.0
None Local High ??? Complete Complete Complete
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.
61 CVE-2015-3237 20 DoS +Info 2015-06-22 2018-10-17
6.4
None Remote Low Not required Partial None Partial
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
62 CVE-2015-2903 2015-11-04 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.
63 CVE-2015-2902 310 +Info 2015-11-04 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
64 CVE-2015-2134 352 CSRF 2015-07-21 2017-09-21
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
65 CVE-2015-2106 DoS Bypass 2015-03-31 2016-11-30
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.
66 CVE-2015-0839 320 Exec Code 2017-08-02 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
67 CVE-2014-7874 352 CSRF 2014-10-19 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
68 CVE-2014-5160 22 Dir. Trav. 2014-08-01 2014-08-01
6.4
None Remote Low Not required None Partial Partial
** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design."
69 CVE-2014-2643 +Priv 2014-10-05 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors.
70 CVE-2014-2641 352 CSRF 2014-10-02 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
71 CVE-2014-2633 352 CSRF 2014-08-23 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
72 CVE-2014-2602 +Priv 2014-05-08 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.
73 CVE-2014-2422 2014-04-16 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
74 CVE-2013-6852 352 1 CSRF 2013-11-22 2013-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
75 CVE-2013-6427 94 Exec Code 2013-12-09 2014-03-06
6.8
None Remote Medium Not required Partial Partial Partial
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
76 CVE-2013-6212 +Info 2014-04-19 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.
77 CVE-2013-6202 352 Exec Code XSS CSRF 2014-02-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.
78 CVE-2013-6200 +Info 2014-03-11 2019-10-09
6.2
None Local Low ??? Complete Complete None
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.
79 CVE-2013-6192 352 CSRF 2013-12-17 2014-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
80 CVE-2013-6188 352 CSRF 2014-03-14 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
81 CVE-2013-4325 264 Bypass 2013-09-23 2014-01-14
6.9
None Local Medium Not required Complete Complete Complete
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
82 CVE-2013-2323 264 Bypass 2013-06-28 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue.
83 CVE-2012-5212 DoS +Info 2013-03-09 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1663.
84 CVE-2012-5199 Exec Code 2013-02-16 2019-10-09
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors.
85 CVE-2012-3286 DoS +Info 2013-02-16 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
86 CVE-2012-3256 352 CSRF 2012-09-08 2013-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
87 CVE-2012-2010 264 +Priv 2012-05-18 2017-12-05
6.9
None Local Medium Not required Complete Complete Complete
The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.
88 CVE-2012-1998 DoS +Info 2013-03-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-1997.
89 CVE-2011-3846 352 CSRF 2012-04-12 2012-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
90 CVE-2011-3164 +Priv 2011-11-04 2017-09-19
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.
91 CVE-2011-3155 Bypass 2011-10-12 2012-02-14
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors.
92 CVE-2011-2697 20 Exec Code 2011-07-29 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
93 CVE-2011-2608 20 2011-07-01 2017-08-29
6.4
None Remote Low Not required None Partial Partial
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
94 CVE-2011-2407 2011-08-11 2019-10-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors.
95 CVE-2011-2403 89 Exec Code Sql 2011-08-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
96 CVE-2011-2398 DoS +Priv 2011-07-11 2017-09-19
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
97 CVE-2011-2328 119 DoS Exec Code Overflow 2011-06-02 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.
98 CVE-2011-1724 +Priv 2011-05-03 2011-09-22
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
99 CVE-2011-1545 352 CSRF 2011-05-03 2011-09-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
100 CVE-2011-1544 +Priv 2011-05-03 2011-09-22
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
Total number of vulnerabilities : 139   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.