Filtered by vendor Hp
Subscriptions
Total
2530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1993 | 1 Hp | 1 System Management Homepage | 2025-04-12 | N/A |
| HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2016-1996 | 1 Hp | 1 System Management Homepage | 2025-04-12 | N/A |
| HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2016-2245 | 1 Hp | 1 Support Assistant | 2025-04-12 | N/A |
| HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2016-5388 | 4 Apache, Hp, Oracle and 1 more | 13 Tomcat, System Management Homepage, Linux and 10 more | 2025-04-12 | N/A |
| Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. | ||||
| CVE-2016-1992 | 1 Hp | 2 Enterprise Security Manager, Enterprise Security Manager Express | 2025-04-12 | N/A |
| HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-1997 | 1 Hp | 2 Operations Orchestration, Operations Orchestration Content | 2025-04-12 | N/A |
| HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-2008 | 1 Hp | 1 Data Protector | 2025-04-12 | N/A |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-4024 | 5 Apple, Hp, Oracle and 2 more | 13 Mac Os X, System Management Homepage, Linux and 10 more | 2025-04-12 | N/A |
| Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. | ||||
| CVE-2015-6864 | 1 Hp | 1 Arcsight Logger | 2025-04-12 | N/A |
| HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | ||||
| CVE-2014-2630 | 1 Hp | 1 Operations Agent | 2025-04-12 | N/A |
| Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors. | ||||
| CVE-2015-6862 | 1 Hp | 1 Ucmdb Browser | 2025-04-12 | N/A |
| HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2015-6860 | 1 Hp | 54 J8692a, J8693a, J8697a and 51 more | 2025-04-12 | N/A |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | ||||
| CVE-2016-6306 | 7 Canonical, Debian, Hp and 4 more | 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more | 2025-04-12 | 5.9 Medium |
| The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | ||||
| CVE-2015-6863 | 1 Hp | 1 Arcsight Logger | 2025-04-12 | N/A |
| HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | ||||
| CVE-2016-0777 | 6 Apple, Hp, Openbsd and 3 more | 8 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 5 more | 2025-04-12 | N/A |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | ||||
| CVE-2015-5447 | 1 Hp | 1 Storeonce Backup System Software | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-2004 | 1 Hp | 1 Data Protector | 2025-04-12 | N/A |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | ||||
| CVE-2015-6857 | 1 Hp | 2 Loadrunner, Performance Center | 2025-04-12 | N/A |
| Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. | ||||
| CVE-2016-4386 | 1 Hp | 1 Network Automation | 2025-04-12 | N/A |
| HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | ||||
| CVE-2016-4389 | 1 Hp | 1 Keyview | 2025-04-12 | N/A |
| The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | ||||