Lucene search

K

HP Security Vulnerabilities

cve
cve

CVE-2013-6852

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword...

7.5AI Score

0.001EPSS

2022-10-03 04:14 PM
25
cve
cve

CVE-2013-3575

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path...

7AI Score

0.005EPSS

2022-10-03 04:14 PM
20
cve
cve

CVE-2013-3573

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown...

7.1AI Score

0.002EPSS

2022-10-03 04:14 PM
20
cve
cve

CVE-2013-3574

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount)...

6.9AI Score

0.005EPSS

2022-10-03 04:14 PM
29
cve
cve

CVE-2007-2281

Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size...

7.5AI Score

0.206EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2007-2280

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different...

7.7AI Score

0.965EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2008-4560

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI...

6AI Score

EPSS

2022-10-03 04:14 PM
37
cve
cve

CVE-2008-4562

Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by...

7.7AI Score

EPSS

2022-10-03 04:14 PM
28
cve
cve

CVE-2008-4559

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by...

7.6AI Score

EPSS

2022-10-03 04:13 PM
33
cve
cve

CVE-2008-5417

HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system...

6.4AI Score

0.0004EPSS

2022-10-03 04:13 PM
25
cve
cve

CVE-2022-28721

Certain HP Print Products are potentially vulnerable to Remote Code...

9.8CVSS

9.5AI Score

0.004EPSS

2022-09-26 03:15 PM
42
5
cve
cve

CVE-2022-28722

Certain HP Print Products are potentially vulnerable to Buffer...

9.8CVSS

9.3AI Score

0.002EPSS

2022-09-26 03:15 PM
29
3
cve
cve

CVE-2022-28638

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise.....

7.8CVSS

7.7AI Score

0.0004EPSS

2022-09-20 09:15 PM
164
cve
cve

CVE-2022-28639

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard...

8.8CVSS

8.9AI Score

0.001EPSS

2022-09-20 09:15 PM
168
cve
cve

CVE-2022-28640

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE...

8.8CVSS

8.7AI Score

0.001EPSS

2022-09-20 09:15 PM
23
2
cve
cve

CVE-2022-28637

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-09-20 09:15 PM
24
2
cve
cve

CVE-2022-34336

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS

5.1AI Score

0.001EPSS

2022-09-13 09:15 PM
28
5
cve
cve

CVE-2022-1602

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in...

5.5CVSS

5.5AI Score

0.0004EPSS

2022-09-13 03:15 PM
24
2
cve
cve

CVE-2022-23678

A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows...

5.9CVSS

5.4AI Score

0.002EPSS

2022-09-06 06:15 PM
35
2
cve
cve

CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and...

5.5CVSS

5AI Score

0.0004EPSS

2022-08-31 04:15 PM
27
4
cve
cve

CVE-2021-39087

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID:...

6.5CVSS

6AI Score

0.001EPSS

2022-08-16 07:15 PM
39
5
cve
cve

CVE-2021-39035

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS

5.2AI Score

0.001EPSS

2022-08-16 07:15 PM
34
5
cve
cve

CVE-2021-39085

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the....

9.8CVSS

9.3AI Score

0.001EPSS

2022-08-16 07:15 PM
38
5
cve
cve

CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

5.3CVSS

4.9AI Score

0.001EPSS

2022-08-16 07:15 PM
43
5
cve
cve

CVE-2022-22477

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

6.1CVSS

5.8AI Score

0.001EPSS

2022-07-14 05:15 PM
39
4
cve
cve

CVE-2022-28623

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO....

9.8CVSS

9.9AI Score

0.001EPSS

2022-07-08 01:15 PM
36
3
cve
cve

CVE-2022-22478

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID:...

5.5CVSS

5AI Score

0.0004EPSS

2022-06-30 05:15 PM
58
6
cve
cve

CVE-2022-22317

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:...

9.8CVSS

8.8AI Score

0.001EPSS

2022-06-20 05:15 PM
47
7
cve
cve

CVE-2022-22318

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the...

9.8CVSS

9.2AI Score

0.001EPSS

2022-06-20 05:15 PM
48
7
cve
cve

CVE-2022-28616

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE...

9.8CVSS

9.3AI Score

0.002EPSS

2022-05-17 09:15 PM
56
6
cve
cve

CVE-2022-23706

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE...

6.1CVSS

5.9AI Score

0.001EPSS

2022-05-17 08:15 PM
54
4
cve
cve

CVE-2022-23704

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and...

7.5CVSS

7.5AI Score

0.006EPSS

2022-05-09 09:15 PM
62
5
cve
cve

CVE-2022-23698

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE...

7.5CVSS

7.3AI Score

0.002EPSS

2022-04-04 08:15 PM
48
cve
cve

CVE-2022-23697

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE...

6.1CVSS

5.9AI Score

0.001EPSS

2022-04-04 08:15 PM
52
cve
cve

CVE-2022-24292

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code...

9.8CVSS

9.7AI Score

0.008EPSS

2022-03-23 08:15 PM
62
cve
cve

CVE-2022-24293

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code...

9.8CVSS

9.7AI Score

0.008EPSS

2022-03-23 08:15 PM
125
cve
cve

CVE-2022-24291

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code...

7.5CVSS

8.4AI Score

0.006EPSS

2022-03-23 08:15 PM
53
cve
cve

CVE-2022-23934

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
77
cve
cve

CVE-2022-23933

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
75
cve
cve

CVE-2022-23931

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
66
cve
cve

CVE-2022-23932

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
59
cve
cve

CVE-2022-23930

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.5AI Score

0.0004EPSS

2022-03-11 06:15 PM
67
2
cve
cve

CVE-2022-23928

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
81
cve
cve

CVE-2022-23929

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
60
cve
cve

CVE-2022-23926

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
57
cve
cve

CVE-2022-23925

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
53
cve
cve

CVE-2022-23927

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

8.4AI Score

0.0004EPSS

2022-03-11 06:15 PM
72
cve
cve

CVE-2022-23924

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...

8.2CVSS

9.1AI Score

0.0004EPSS

2022-03-11 06:15 PM
74
cve
cve

CVE-2022-23954

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of...

5.5CVSS

5.8AI Score

0.0004EPSS

2022-03-02 10:15 PM
70
2
cve
cve

CVE-2022-23957

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of...

5.5CVSS

5.8AI Score

0.0004EPSS

2022-03-02 10:15 PM
77
Total number of security vulnerabilities2364