Filtered by vendor Hp
Subscribe
Total
2460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5388 | 4 Apache, Hp, Oracle and 1 more | 11 Tomcat, System Management Homepage, Linux and 8 more | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
| Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. | |||||
| CVE-2015-2124 | 1 Hp | 2 Smart Zero Core, Thinpro Linux | 2025-04-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. | |||||
| CVE-2012-2000 | 1 Hp | 1 System Health Application And Command Line Utilities | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities before 9.0.0 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2013-5895 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | |||||
| CVE-2011-2412 | 1 Hp | 1 Business Service Automation Essentials | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-1727 | 1 Hp | 1 Sitescope | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. | |||||
| CVE-2013-4844 | 1 Hp | 2 Service Center, Service Manager | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2013-6195 | 1 Hp | 1 Storage Data Protector | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. | |||||
| CVE-2012-1993 | 1 Hp | 1 System Management Homepage | 2025-04-11 | 3.2 LOW | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. | |||||
| CVE-2010-2703 | 2 Hp, Microsoft | 2 Openview Network Node Manager, Windows | 2025-04-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. | |||||
| CVE-2011-0343 | 3 Freebsd, Hp, Oneidentity | 3 Freebsd, Hp-ux, Syslog-ng | 2025-04-11 | 6.9 MEDIUM | N/A |
| Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. | |||||
| CVE-2010-1038 | 1 Hp | 1 Systems Insight Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2011-1734 | 1 Hp | 1 Openview Storage Data Protector | 2025-04-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message. | |||||
| CVE-2012-1996 | 1 Hp | 1 Systems Insight Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to modify data via unknown vectors. | |||||
| CVE-2010-2706 | 1 Hp | 7 Procurve Switch 2610, Procurve Switch 2610-24, Procurve Switch 2610-24-pwr and 4 more | 2025-04-11 | 6.1 MEDIUM | N/A |
| Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2013-4802 | 1 Hp | 1 Application Lifecycle Management | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565. | |||||
| CVE-2013-6189 | 1 Hp | 1 Application Information Optimizer | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666. | |||||
| CVE-2013-4828 | 1 Hp | 22 Color Laserjet Cm4540, Color Laserjet Cm4540f, Color Laserjet Cm4540fskm and 19 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-4104 | 1 Hp | 1 Insight Orchestration | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2013-4837 | 1 Hp | 1 Loadrunner | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. | |||||