Lucene search

K

HP Security Vulnerabilities

cve
cve

CVE-2017-13988

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule'...

6.5CVSS

6.4AI Score

0.001EPSS

2017-09-30 01:29 AM
25
cve
cve

CVE-2017-13987

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log...

6.5CVSS

6.4AI Score

0.001EPSS

2017-09-30 01:29 AM
23
cve
cve

CVE-2016-2182

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown...

9.8CVSS

9.1AI Score

0.536EPSS

2016-09-16 05:59 AM
221
cve
cve

CVE-2017-17482

An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is...

7.8CVSS

8AI Score

0.0004EPSS

2018-02-07 03:29 PM
27
2
cve
cve

CVE-2017-14354

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site...

6.1CVSS

5.8AI Score

0.002EPSS

2017-10-05 03:29 PM
31
2
cve
cve

CVE-2017-14353

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code...

8.8CVSS

9AI Score

0.037EPSS

2017-10-05 03:29 PM
26
2
cve
cve

CVE-2017-14349

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive...

9.8CVSS

9.3AI Score

0.003EPSS

2017-09-30 01:29 AM
27
cve
cve

CVE-2017-13985

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of...

6.5CVSS

6.5AI Score

0.004EPSS

2017-09-30 01:29 AM
22
cve
cve

CVE-2000-0573

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC...

7.5AI Score

0.97EPSS

2001-05-07 04:00 AM
36
cve
cve

CVE-2017-13982

A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted...

8.8CVSS

8.6AI Score

0.005EPSS

2017-09-30 01:29 AM
30
cve
cve

CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to...

9.8CVSS

8.3AI Score

0.152EPSS

2016-06-20 01:59 AM
240
cve
cve

CVE-2016-6306

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and...

5.9CVSS

7.4AI Score

0.193EPSS

2016-09-26 07:59 PM
175
4
cve
cve

CVE-2017-13983

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass...

9.8CVSS

9.5AI Score

0.178EPSS

2017-09-30 01:29 AM
29
cve
cve

CVE-2000-0515

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain...

6.9AI Score

0.01EPSS

2000-10-13 04:00 AM
47
cve
cve

CVE-2018-6501

Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access...

6.5CVSS

6.4AI Score

0.001EPSS

2018-09-20 04:29 PM
25
cve
cve

CVE-2017-13984

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory...

6.5CVSS

6.6AI Score

0.012EPSS

2017-09-30 01:29 AM
20
cve
cve

CVE-2000-0468

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink...

6.7AI Score

0.0004EPSS

2000-10-13 04:00 AM
26
cve
cve

CVE-2000-0159

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain...

7.3AI Score

0.017EPSS

2000-04-18 04:00 AM
22
cve
cve

CVE-2022-37934

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series...

7.5CVSS

7.5AI Score

0.002EPSS

2023-01-05 07:15 AM
32
cve
cve

CVE-2015-5436

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE.....

7.5CVSS

7.5AI Score

0.001EPSS

2017-05-11 02:29 PM
22
cve
cve

CVE-2017-14352

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site...

6.1CVSS

6.1AI Score

0.001EPSS

2017-09-30 01:29 AM
24
cve
cve

CVE-2017-14351

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code...

9.8CVSS

9.6AI Score

0.004EPSS

2017-09-30 01:29 AM
23
cve
cve

CVE-2004-0492

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be...

8.1AI Score

0.012EPSS

2004-08-06 04:00 AM
278
cve
cve

CVE-2017-14356

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL...

9.8CVSS

9.9AI Score

0.001EPSS

2017-10-31 03:29 PM
28
cve
cve

CVE-2018-6492

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent.....

6.1CVSS

6.8AI Score

0.002EPSS

2018-05-22 07:29 PM
24
cve
cve

CVE-2018-6493

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL...

8.8CVSS

9.1AI Score

0.001EPSS

2018-05-22 07:29 PM
25
cve
cve

CVE-2008-5395

The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace...

5.7AI Score

0.0004EPSS

2008-12-09 12:30 AM
38
cve
cve

CVE-2022-37931

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-11-22 05:15 AM
36
8
cve
cve

CVE-2017-14358

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted...

6.1CVSS

6.2AI Score

0.001EPSS

2017-10-31 03:29 PM
27
cve
cve

CVE-2017-14357

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting...

6.1CVSS

5.8AI Score

0.001EPSS

2017-10-31 03:29 PM
23
cve
cve

CVE-2019-3480

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2019-03-25 05:29 PM
21
cve
cve

CVE-2017-14359

A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site...

5.4CVSS

5.2AI Score

0.001EPSS

2017-11-03 06:29 PM
24
cve
cve

CVE-2014-7810

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection...

6.4AI Score

0.003EPSS

2015-06-07 11:59 PM
144
cve
cve

CVE-2023-42027

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

8.8CVSS

8.3AI Score

0.001EPSS

2023-11-03 12:15 AM
56
cve
cve

CVE-2019-3485

Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to...

6.1CVSS

6AI Score

0.001EPSS

2019-07-24 04:15 PM
98
2
cve
cve

CVE-2019-11656

Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site...

5.4CVSS

5.1AI Score

0.001EPSS

2019-10-04 08:15 PM
173
cve
cve

CVE-2018-6502

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting...

6.5CVSS

5.9AI Score

0.001EPSS

2018-09-20 07:29 PM
25
cve
cve

CVE-2018-12463

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML...

9.8CVSS

9.1AI Score

0.167EPSS

2018-07-12 04:29 PM
41
cve
cve

CVE-2023-42029

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS

5.2AI Score

0.001EPSS

2023-11-03 12:15 AM
32
cve
cve

CVE-2018-6503

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access...

6.5CVSS

6.3AI Score

0.001EPSS

2018-09-20 07:29 PM
17
cve
cve

CVE-2017-14360

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service...

7.5CVSS

7.4AI Score

0.001EPSS

2017-11-08 02:29 PM
22
cve
cve

CVE-2019-3484

Mitigates a remote code execution issue in ArcSight Logger versions prior to...

7.8CVSS

7.9AI Score

0.001EPSS

2019-03-25 05:29 PM
24
cve
cve

CVE-2019-3483

Mitigates a potential information leakage issue in ArcSight Logger versions prior to...

6.5CVSS

6.2AI Score

0.001EPSS

2019-03-25 05:29 PM
24
2
cve
cve

CVE-2019-3481

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to...

7.1CVSS

6.8AI Score

0.001EPSS

2019-03-25 05:29 PM
20
cve
cve

CVE-2019-11655

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous...

8.8CVSS

8.6AI Score

0.001EPSS

2019-10-04 08:15 PM
170
cve
cve

CVE-2018-6505

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File...

7.5CVSS

7.4AI Score

0.001EPSS

2018-09-20 07:29 PM
21
cve
cve

CVE-2018-6500

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory...

7.5CVSS

7.3AI Score

0.002EPSS

2018-09-20 04:29 PM
21
cve
cve

CVE-2018-6490

Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of...

7.5CVSS

7.4AI Score

0.001EPSS

2018-03-02 01:29 AM
26
cve
cve

CVE-2018-18593

Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11....

7.5CVSS

7.6AI Score

0.004EPSS

2018-12-31 03:29 PM
19
cve
cve

CVE-2017-14350

A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code...

9.8CVSS

9.5AI Score

0.03EPSS

2017-09-30 01:29 AM
25
Total number of security vulnerabilities2364