Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Total 2421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4374 1 Hp 1 Release Control 2025-04-12 4.0 MEDIUM 7.7 HIGH
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.
CVE-2016-2021 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2025-04-12 7.7 HIGH 8.1 HIGH
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
CVE-2016-3627 7 Canonical, Debian, Hp and 4 more 14 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 11 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
CVE-2016-2024 1 Hp 2 Insight Contol, Server Migration Package 2025-04-12 7.5 HIGH 9.8 CRITICAL
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
CVE-2015-5447 1 Hp 1 Storeonce Backup System Software 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2123 1 Hp 1 Nonstop Safeguard Security 2025-04-12 9.0 HIGH N/A
Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access.
CVE-2014-2619 1 Hp 2 Imc Branch Intelligent Management System Software Module, Intelligent Management Center 2025-04-12 7.8 HIGH N/A
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088.
CVE-2015-7942 5 Apple, Canonical, Debian and 2 more 9 Iphone Os, Mac Os X, Tvos and 6 more 2025-04-12 6.8 MEDIUM N/A
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
CVE-2015-2117 1 Hp 2 Tippingpoint Security Management System, Tippingpoint Virtual Security Management System 2025-04-12 7.5 HIGH N/A
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.
CVE-2015-6864 1 Hp 1 Arcsight Logger 2025-04-12 6.5 MEDIUM 6.3 MEDIUM
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
CVE-2016-5385 8 Debian, Drupal, Fedoraproject and 5 more 14 Debian Linux, Drupal, Fedora and 11 more 2025-04-12 5.1 MEDIUM 8.1 HIGH
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
CVE-2015-7499 7 Apple, Canonical, Debian and 4 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2025-04-12 5.0 MEDIUM N/A
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2013-6221 1 Hp 1 Service Virtualization 2025-04-12 10.0 HIGH N/A
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
CVE-2015-2126 1 Hp 1 Hp-ux 2025-04-12 7.2 HIGH N/A
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.
CVE-2016-2776 3 Hp, Isc, Oracle 5 Hp-ux, Bind, Linux and 2 more 2025-04-12 7.8 HIGH 7.5 HIGH
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2014-2635 1 Hp 1 Sprinter 2025-04-12 7.5 HIGH N/A
Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2025-04-12 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2015-2112 1 Hp 9 Easy Tools, T510, T520 and 6 more 2025-04-12 9.0 HIGH N/A
Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2016-4379 1 Hp 2 Integrated Lights-out 3, Integrated Lights-out 3 Firmware 2025-04-12 4.3 MEDIUM 3.7 LOW
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.
CVE-2013-6205 1 Hp 2 Insight Control Server Deployment, Rapid Deployment Pack 2025-04-12 4.1 MEDIUM N/A
Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.