Filtered by vendor Hp
Subscribe
Total
2460 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8963 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | |||||
CVE-2017-14350 | 1 Hp | 1 Application Performance Management | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | |||||
CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | |||||
CVE-2017-14358 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | |||||
CVE-2017-3733 | 2 Hp, Openssl | 2 Operations Agent, Openssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | |||||
CVE-2017-14360 | 1 Hp | 1 Content Manager | 2025-04-20 | 5.0 MEDIUM | 5.9 MEDIUM |
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | |||||
CVE-2016-8106 | 3 Hp, Intel, Lenovo | 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | |||||
CVE-2017-13987 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | |||||
CVE-2017-17556 | 1 Hp | 1 Synaptics Touchpad Driver | 2025-04-20 | 3.6 LOW | 5.1 MEDIUM |
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | |||||
CVE-2017-14356 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | |||||
CVE-2016-4396 | 1 Hp | 1 System Management Homepage | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | |||||
CVE-2014-2648 | 2 Hp, Opengroup | 2 Operations Manager, Unix | 2025-04-12 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2016-4366 | 1 Hp | 1 Systems Insight Manager | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||||
CVE-2015-5451 | 1 Hp | 1 Operations Orchestration | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2015-2120 | 1 Hp | 1 Sitescope | 2025-04-12 | 8.7 HIGH | N/A |
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. | |||||
CVE-2014-7881 | 1 Hp | 1 Insight Control Server Deployment | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-3092 | 4 Apache, Canonical, Debian and 1 more | 6 Commons Fileupload, Tomcat, Ubuntu Linux and 3 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | |||||
CVE-2015-5446 | 1 Hp | 1 Storeonce Backup System Software | 2025-04-12 | 5.8 MEDIUM | 7.5 HIGH |
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2016-4388 | 1 Hp | 1 Keyview | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. |