29 matches found
CVE-2011-4155
CVE-2011-4155 is an XSS vulnerability reported for HP Network Node Manager i (NNMi) in 9.0x and 9.1x, enabling remote injection of arbitrary web script/HTML via unspecified vectors. Connected documents also describe related entries (CVE-2011-5184) with multiple XSS vectors in NNMi 9.10 (specific ...
CVE-2014-2624
HP NNMi on Windows/Linux (versions 9.0x/9.1x/9.2x) is affected by CVE-2014-2624, a remote-code-execution vulnerability due to memory corruption in ovopi.dll and the PMD service. The root cause involves unsafe handling of user-controlled data (strcpy/strcat) when processing stack_option UDP packet...
CVE-2011-1483
CVE-2011-1483 affects JBossWS Native and several JBoss platforms where wsf/common/DOMUtils.java fails to properly handle recursion during entity expansion. A crafted XML document with a DOCTYPE and deeply nested entities can cause excessive memory and CPU usage, enabling remote attackers to trigg...
CVE-2011-4156
CVE-2011-4156 is described in the supplied records as a cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi). The connected documents discuss multiple XSS vulnerabilities in NNMi v9.10 (and references to potential duplicates of 2011-4155/2011-4156), including XSS via param...
CVE-2011-1534
HP Network Node Manager i (NNMi) is affected by CVE-2011-1534 in NNMi 9.0x and 9.1x across HP-UX, Linux, Solaris, and Windows. The vulnerability could allow remote authenticated users to access NNMi processes via unspecified vectors, with CVSS 2.0 base score 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P). Publ...
CVE-2012-3279
HP NNMi affects NNMi v8.x and v9.0x/v9.1x/v9.20 across HP-UX, Linux, Solaris and Windows. The flaw is remote XSS via unspecified vectors allowing injection of arbitrary web script/HTML; CVSS 2.0 base 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). Remediation per HP security bulletin: upgrade to v9.0x/v9.1x/v...
CVE-2013-2351
HP NNMi (HP Network Node Manager i) versions 9.00, 9.1X, and 9.2X are affected by CVE-2013-2351. The ZDI advisory describes a flaw in pmd.exe that listens on TCP port 162; a specially crafted packet can cause a heap corruption and remote code execution without authentication. HP/SSRT bulletin SSR...
CVE-2011-5184
HP Network Node Manager i 9.10 is affected by multiple cross-site scripting (XSS) vulnerabilities (CVE-2011-5184) triggered via various parameters (nnm/mibdiscover, nnm/protected/configurationpoll.jsp, nnm/protected/ping.jsp, nnm/protected/statuspoll.jsp, nnm/protected/traceroute.jsp, and nmm/val...
CVE-2016-4398
HP Network Node Manager i (NNMi) Software versions 10.00, 10.01 (patch1), 10.01 (patch 2), and 10.10 are affected by a remote arbitrary code execution vulnerability due to Java deserialization. The CVE-2016-4398 weakness enables an attacker to potentially run arbitrary code on a vulnerable host v...
CVE-2011-0897
HP Network Node Manager i (NNMi) v9.00 is affected by CVE-2011-0897, a local vulnerability enabling unauthorized read access to files. The HP Security Bulletin HPSBMA02643 (rev.2) confirms local read access and lists affected platforms (NNMi 9.00 on HP-UX, Linux, Solaris, Windows) and required pa...
CVE-2012-3275
CVE-2012-3275 affects HP Network Node Manager i (NNMi) 9.1x and 9.20 across HP-UX, Linux, Solaris, and Windows. The HP advisory notes a remote code execution possibility via unknown vectors, with CVSSv2 base score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C). Remediation consists of platform-specific hotfixe...
CVE-2012-2018
HP NNMi is vulnerable to a remote Cross-Site Scripting (XSS) in NNMi versions 8.x, 9.0x and 9.1x, allowing injection of arbitrary scripts via unspecified vectors. The CVSS v2.0 base score is 4.3 (MEDIUM) with Network attack vector, no authentication required, but with partial integrity impact. HP...
CVE-2012-2022
HP NNMi (Network Node Manager i) vulnerable to remote cross-site scripting (XSS) in NNMi 8.x and 9.x (9.0x, 9.1x, 9.20). The CVE-2012-2022 entry documents unspecified vectors that could allow an attacker to inject web script or HTML via the NNMi web interface. The security bulletin notes the vuln...
CVE-2017-8948
CVE-2017-8948 describes a remote bypass of security restrictions in HP/NNMi (HPE Network Node Manager i) software. Affected are NNMi versions v10.0x, v10.1x, and v10.2x. The CVSS metrics indicate high severity (CVSSv3: 9.8) with unauthenticated network access and no user interaction required; imp...
CVE-2011-0895
HP Network Node Manager i (NNMi) versions 9.0x and 8.1x are affected by CVE-2011-0895, a remote information disclosure vulnerability exploitable by a remote authenticated user via unknown vectors. The HP Security Bulletin HPSBMA02652/SSRT100432 rev.2 confirms the base score of 4.0 (CVSS 2.0) and ...
CVE-2016-2010
Summary: CVE-2016-2010 is a cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi). The issue affects NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 and could allow a remote authenticated user to inject arbitrary web script or HTML via unspecified vectors. The conne...
CVE-2013-6220
HP Network Node Manager i (NNMi) versions 9.0, 9.10 and 9.20 are affected by a remote cross-site scripting (XSS) vulnerability (CVE-2013-6220) that could allow injection of script/HTML via unspecified vectors. HP/NNMi Security Bulletin HPSBMU03035_REV.1 documents the impact and provides hotfixes ...
CVE-2012-3267
CVE-2012-3267 affects HP Network Node Manager i (NNMi) v9.20. It enables remote disclosure of information via unspecified vectors. Affected platforms are NNMi v9.20 on HP-UX, Linux, Solaris, and Windows. The HP Security Bulletin HPSBMU02817 assigns CVSS v2 base 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) an...
CVE-2016-4399
HP Network Node Manager i (NNMi) is affected by CVE-2016-4399 (XSS) in NNMi versions 10.00, 10.01 (patch1/patch2), and 10.10. Connected sources describe multiple reflected cross-site scripting vectors that could exfiltrate cookies or run script in a user’s browser when handling crafted input. The...
CVE-2011-0898
HP Network Node Manager i (NNMi) 9.00 is affected by CVE-2011-0898, a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The issue is associated with NNMi 9.00 and has a CVSS2 base score of 4.3 (Medium) with n...
CVE-2013-6218
HP Network Node Manager I (NNMi) versions 9.0X, 9.1X, and 9.2X are affected by CVE-2013-6218. The security bulletin notes remote unauthorized access and arbitrary code execution via unknown vectors, with a CVSS v2 base score of 10.0. HP provides hotfixes to address the vulnerability for NNMi 9.0X...
CVE-2016-4397
CVE-2016-4397 affects HP Network Node Manager i (NNMi) versions 10.00, 10.10 and 10.20. The connected sources describe a local code execution vulnerability that could allow an attacker to execute arbitrary code in the NNMi application context, potentially leading to a denial of service or full co...
CVE-2016-2009
CVE-2016-2009 affects HPE Network Node Manager i (NNMi) versions 9.20, 9.23, 9.24, 9.25, 10.00 and 10.01, where remote authenticated users can execute arbitrary commands via a crafted serialized Java object tied to the Apache Commons Collections (ACC) library. The root cause is not explicitly bro...
CVE-2016-4400
HP Network Node Manager i (NNMi) is affected by CVE-2016-4400 as part of a group of NNMi vulnerabilities described across multiple sources. Affected software includes NNMi versions 10.00, 10.01 (patch1/patch2), and 10.10. The documented flaw is a cross-site scripting (XSS) vulnerability resulting...
CVE-2011-1855
CVE-2011-1855 affects HP Network Node Manager i (NNMi) 9.0x. The vulnerability enables a local user to read or modify (1) log files or (2) other data via unknown vectors. HP’s security bulletin lists affected versions (NNMi v9.0x for HP-UX, Linux, Solaris, Windows) and provides patches: PHSS_4198...
CVE-2016-2011
CVE-2016-2011 is a Cross-Site Scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) affecting NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01. The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The provided documents do ...
CVE-2016-2012
CVE-2016-2012 affects HPE Network Node Manager i (NNMi) software. Affected versions include 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01. The vulnerability is an authentication bypass allowing remote attackers to bypass authentication via unspecified vectors. Several connected sources (NVD, CNVD) con...
CVE-2016-2014
CVE-2016-2014 affects HPE Network Node Manager i (NNMi) versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01. The vulnerability allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. The provided connected sources confirm the affected product and the i...
CVE-2016-2013
The CVE-2016-2013 entry affects HPE Network Node Manager i (NNMi) versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01. The connected documents describe an information disclosure vulnerability that could allow an authenticated remote user to obtain sensitive information via unspecified vectors. Ther...