CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39238 120 Overflow 2021-11-03 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.
2 CVE-2021-26583 Exec Code 2021-05-10 2021-05-21
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution.
3 CVE-2020-12695 276 2020-06-08 2021-04-23
7.8
None Remote Medium Not required Partial None Complete
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
4 CVE-2020-7209 Exec Code 2020-02-13 2020-06-10
7.5
None Remote Low Not required Partial Partial Partial
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
5 CVE-2020-7206 94 2020-07-17 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.
6 CVE-2020-7203 Exec Code 2020-12-18 2020-12-21
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.
7 CVE-2020-7200 Exec Code 2020-12-18 2021-03-25
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
8 CVE-2020-7197 287 Bypass 2020-10-26 2020-11-16
7.5
None Remote Low Not required Partial Partial Partial
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.
9 CVE-2020-7133 862 2020-04-24 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
10 CVE-2019-18909 20 Exec Code 2019-11-22 2021-07-21
7.7
None Local Network Low ??? Complete Complete Complete
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
11 CVE-2019-16287 Exec Code +Priv Bypass 2019-11-22 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
12 CVE-2019-6333 427 Exec Code 2019-10-11 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.
13 CVE-2019-6330 2020-01-09 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.
14 CVE-2019-6329 +Priv 2019-06-25 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
15 CVE-2019-6328 +Priv 2019-06-25 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
16 CVE-2019-5355 917 DoS 2019-06-05 2020-08-24
7.8
None Remote Low Not required None None Complete
A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
17 CVE-2019-3484 20 Exec Code 2019-03-25 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.
18 CVE-2019-3481 611 2019-03-25 2019-03-25
7.5
None Remote Low ??? Complete None Partial
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.
19 CVE-2019-3479 20 Exec Code 2019-03-25 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.
20 CVE-2018-12463 611 2018-07-12 2020-09-16
7.5
None Remote Low Not required Partial Partial Partial
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
21 CVE-2018-7123 287 DoS 2019-06-05 2019-06-06
7.8
None Remote Low Not required None None Complete
A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
22 CVE-2018-7096 Exec Code 2018-08-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.
23 CVE-2018-7095 Bypass 2018-08-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.
24 CVE-2018-7074 Exec Code 2018-08-06 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.
25 CVE-2018-7072 668 Bypass 2018-08-06 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
26 CVE-2018-6490 20 DoS 2018-03-02 2019-10-09
7.8
None Remote Low Not required None None Complete
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.
27 CVE-2018-5390 400 DoS 2018-08-06 2020-09-18
7.8
None Remote Low Not required None None Complete
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
28 CVE-2017-14356 89 Sql 2017-10-31 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
29 CVE-2017-14351 Exec Code 2017-09-30 2017-11-11
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
30 CVE-2017-14349 269 2017-09-30 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
31 CVE-2017-9003 119 Exec Code Overflow Mem. Corr. 2018-08-06 2018-10-18
7.8
None Remote Low Not required None None Complete
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
32 CVE-2017-8994 20 Exec Code 2017-10-10 2017-11-09
7.5
None Remote Low Not required Partial Partial Partial
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
33 CVE-2017-8992 2018-08-06 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
34 CVE-2017-8990 Exec Code 2018-08-06 2018-10-05
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.
35 CVE-2017-8988 Bypass 2018-08-06 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).
36 CVE-2017-8968 Exec Code 2018-08-06 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.
37 CVE-2017-8955 20 Exec Code 2018-02-15 2018-03-06
7.8
None Remote Low Not required None None Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
38 CVE-2017-8946 Exec Code 2018-02-15 2018-03-15
7.6
None Remote High Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.
39 CVE-2017-8944 200 +Info 2018-02-15 2018-03-15
7.8
None Remote Low Not required Complete None None
A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.
40 CVE-2017-5822 Exec Code 2018-02-15 2019-10-03
7.8
None Remote Low Not required None Complete None
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
41 CVE-2017-5818 20 Exec Code 2018-02-15 2018-02-24
7.8
None Remote Low Not required None None Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
42 CVE-2017-5811 200 Exec Code +Info 2018-02-15 2018-03-07
7.8
None Remote Low Not required Complete None None
A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
43 CVE-2017-5810 89 Sql 2018-02-15 2018-03-07
7.5
None Remote Low Not required Partial Partial Partial
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
44 CVE-2017-5808 20 Exec Code 2018-02-15 2018-03-07
7.8
None Remote Low Not required None None Complete
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
45 CVE-2017-5797 200 +Info 2018-02-15 2018-03-15
7.8
None Remote Low Not required Complete None None
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.
46 CVE-2017-5795 200 +Info 2018-02-15 2018-03-06
7.1
None Remote Medium Not required Complete None None
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.
47 CVE-2017-5792 502 Exec Code 2018-02-15 2018-02-24
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
48 CVE-2017-5789 119 Exec Code Overflow 2017-10-11 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
49 CVE-2017-5641 502 Exec Code 2017-12-28 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.
50 CVE-2017-3210 16 Exec Code 2018-07-24 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
Total number of vulnerabilities : 388   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.