Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Total 2460 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5419 1 Hp 1 Keyview 2025-04-12 7.5 HIGH N/A
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.
CVE-2016-2107 8 Canonical, Debian, Google and 5 more 15 Ubuntu Linux, Debian Linux, Android and 12 more 2025-04-12 2.6 LOW 5.9 MEDIUM
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVE-2014-2633 1 Hp 1 Service Manager 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2016-1998 1 Hp 1 Service Manager 2025-04-12 10.0 HIGH 9.8 CRITICAL
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVE-2014-2622 1 Hp 2 Imc Branch Intelligent Management System Software Module, Intelligent Management Center 2025-04-12 8.5 HIGH N/A
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312.
CVE-2016-2014 1 Hp 1 Network Node Manager I 2025-04-12 8.5 HIGH 8.1 HIGH
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2014-2606 1 Hp 10 Storage Management Software, Storevirtual 4130, Storevirtual 4330 and 7 more 2025-04-12 9.0 HIGH N/A
Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2014-2644 1 Hp 1 Systems Insight Manager 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2025-04-12 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2014-2630 1 Hp 1 Operations Agent 2025-04-12 4.4 MEDIUM N/A
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
CVE-2015-5417 1 Hp 1 Keyview 2025-04-12 7.5 HIGH N/A
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.
CVE-2015-7499 7 Apple, Canonical, Debian and 4 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2025-04-12 5.0 MEDIUM N/A
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2015-8241 5 Canonical, Debian, Hp and 2 more 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more 2025-04-12 6.4 MEDIUM N/A
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2016-4447 8 Apple, Canonical, Debian and 5 more 12 Iphone Os, Itunes, Mac Os X and 9 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2015-2136 1 Hp 1 Arcsight Logger 2025-04-12 4.0 MEDIUM N/A
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
CVE-2016-1995 1 Hp 1 System Management Homepage 2025-04-12 10.0 HIGH 9.8 CRITICAL
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-7810 3 Apache, Debian, Hp 3 Tomcat, Debian Linux, Hp-ux 2025-04-12 5.0 MEDIUM N/A
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
CVE-2015-5441 1 Hp 2 Archsight Management Center, Arcsight Logger 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5433 1 Hp 2 Matrix Operating Environment, Virtual Connect Enterprise Manager Sdk 2025-04-12 4.0 MEDIUM N/A
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-2640 1 Hp 1 System Management Homepage 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.