Filtered by vendor Hp
Subscribe
Total
2279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2014 | 1 Hp | 1 Network Node Manager I | 2016-11-30 | 8.5 HIGH | 8.1 HIGH |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2016-1998 | 1 Hp | 1 Service Manager | 2016-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-1999 | 1 Hp | 1 Release Control | 2016-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2015-6864 | 1 Hp | 1 Arcsight Logger | 2016-11-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||||
| CVE-2015-6863 | 1 Hp | 1 Arcsight Logger | 2016-11-30 | 7.5 HIGH | 7.3 HIGH |
| HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||||
| CVE-2015-2111 | 2 Hp, Microsoft | 3 Intelligent Provisioning, Windows Server 2008, Windows Server 2012 | 2016-11-29 | 2.1 LOW | N/A |
| Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2015-2114 | 2 Hp, Microsoft | 2 Support Solution Framework, Windows | 2016-11-29 | 6.8 MEDIUM | N/A |
| HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | |||||
| CVE-2015-2108 | 1 Hp | 1 Operations Orchestration | 2016-11-29 | 3.5 LOW | N/A |
| Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2015-2109 | 1 Hp | 1 Operations Orchestration | 2016-11-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. | |||||
| CVE-2015-2106 | 1 Hp | 3 Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2016-11-29 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. | |||||
| CVE-2016-4375 | 1 Hp | 5 Integrated Lights-out 3, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 and 2 more | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | |||||
| CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2016-11-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-4380 | 1 Hp | 1 Operations Manager | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4379 | 1 Hp | 2 Integrated Lights-out 3, Integrated Lights-out 3 Firmware | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. | |||||
| CVE-2016-4378 | 1 Hp | 2 Xp7 Command View, Xp 9000 Command View | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4377 | 1 Hp | 15 Converged Infrastructure Solution Sizer Suite, Insight Management Sizer, Power Advisor and 12 more | 2016-11-28 | 7.6 HIGH | 8.1 HIGH |
| HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-4374 | 1 Hp | 1 Release Control | 2016-11-28 | 4.0 MEDIUM | 7.7 HIGH |
| HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. | |||||
| CVE-2016-4373 | 1 Hp | 1 Operations Manager | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2015-6867 | 1 Hp | 1 Vertica | 2016-11-28 | 7.5 HIGH | N/A |
| The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | |||||
| CVE-2015-6029 | 1 Hp | 1 Arcsight Logger | 2016-11-28 | 5.0 MEDIUM | N/A |
| HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||