Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Total 2460 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2107 2 Hp, Sap 2 Operations Manager I Management Pack, Netweaver 2025-04-12 6.8 MEDIUM N/A
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.
CVE-2016-2243 3 Hp, Samsung, Zyxel 30 1000 Series Firmware, 700 Series Firmware, 800 Series Firmware and 27 more 2025-04-12 5.4 MEDIUM 7.9 HIGH
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
CVE-2015-3148 7 Apple, Canonical, Debian and 4 more 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more 2025-04-12 5.0 MEDIUM N/A
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
CVE-2013-6204 1 Hp 1 Application Information Optimizer 2025-04-12 7.5 HIGH N/A
The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004.
CVE-2015-5426 1 Hp 1 Loadrunner 2025-04-12 4.6 MEDIUM N/A
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
CVE-2016-2775 4 Fedoraproject, Hp, Isc and 1 more 9 Fedora, Hp-ux, Bind and 6 more 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2016-2776 3 Hp, Isc, Oracle 5 Hp-ux, Bind, Linux and 2 more 2025-04-12 7.8 HIGH 7.5 HIGH
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2015-5422 1 Hp 1 Keyview 2025-04-12 7.5 HIGH N/A
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.
CVE-2015-5431 1 Hp 1 Matrix Operating Environment 2025-04-12 6.5 MEDIUM N/A
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-5434 1 Hp 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more 2025-04-12 6.4 MEDIUM 6.5 MEDIUM
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
CVE-2014-2629 1 Hp 1 Nonstop Safeguard Security 2025-04-12 4.0 MEDIUM N/A
HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time.
CVE-2015-2111 2 Hp, Microsoft 3 Intelligent Provisioning, Windows Server 2008, Windows Server 2012 2025-04-12 2.1 LOW N/A
Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.
CVE-2016-2021 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2025-04-12 7.7 HIGH 8.1 HIGH
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
CVE-2016-1987 1 Hp 1 Hp-ux Ipfilter 2025-04-12 2.6 LOW 5.9 MEDIUM
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.
CVE-2015-3200 3 Hp, Lighttpd, Oracle 3 Virtual Customer Access System, Lighttpd, Solaris 2025-04-12 5.0 MEDIUM 7.5 HIGH
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
CVE-2016-0728 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Android and 2 more 2025-04-12 7.2 HIGH 7.8 HIGH
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
CVE-2016-1997 1 Hp 2 Operations Orchestration, Operations Orchestration Content 2025-04-12 10.0 HIGH 9.8 CRITICAL
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVE-2016-1994 1 Hp 1 System Management Homepage 2025-04-12 4.0 MEDIUM 6.5 MEDIUM
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-5995 3 Hp, Ibm, Linux 5 Hp-ux, Aix, Db2 and 2 more 2025-04-12 6.9 MEDIUM 7.3 HIGH
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
CVE-2015-2122 1 Hp 1 Sdn Van Controller 2025-04-12 7.8 HIGH N/A
The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port.