Filtered by vendor Hp
Subscriptions
Total
2509 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2025-04-20 | 7.8 High |
| The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | ||||
| CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2025-04-20 | N/A |
| The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | ||||
| CVE-2017-5641 | 2 Apache, Hp | 2 Flex Blazeds, Xp Command View Advanced Edition | 2025-04-20 | 9.8 Critical |
| Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution. | ||||
| CVE-2016-8977 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | ||||
| CVE-2016-8963 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2016-8961 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2016-8966 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2017-3733 | 2 Hp, Openssl | 2 Operations Agent, Openssl | 2025-04-20 | N/A |
| During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | ||||
| CVE-2017-5791 | 1 Hp | 1 Intelligent Management Center Plat | 2025-04-20 | N/A |
| The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||||
| CVE-2017-14356 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | ||||
| CVE-2017-5789 | 1 Hp | 2 Loadrunner, Performance Center | 2025-04-20 | N/A |
| HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | ||||
| CVE-2017-8360 | 3 Conexant, Hp, Microsoft | 29 Mictray64, Elite X2 1012 G1, Elitebook 1030 G1 and 26 more | 2025-04-20 | N/A |
| Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. | ||||
| CVE-2016-8106 | 3 Hp, Intel, Lenovo | 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more | 2025-04-20 | N/A |
| A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | ||||
| CVE-2017-13983 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | N/A |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | ||||
| CVE-2017-14359 | 1 Hp | 1 Performance Center | 2025-04-20 | N/A |
| A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | ||||
| CVE-2017-14358 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | ||||
| CVE-2017-14360 | 1 Hp | 1 Content Manager | 2025-04-20 | N/A |
| A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | ||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2025-04-20 | N/A |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | ||||
| CVE-2017-14352 | 1 Hp | 1 Ucmdb Configuration Manager | 2025-04-20 | N/A |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | ||||
| CVE-2017-14354 | 1 Hp | 1 Ucmdb Foundation Software | 2025-04-20 | N/A |
| A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. | ||||