Filtered by vendor Hp
Subscribe
Total
2415 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13985 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | |||||
| CVE-2017-13984 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-11-07 | 5.5 MEDIUM | 6.5 MEDIUM |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | |||||
| CVE-2017-13983 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | |||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
| CVE-2016-6306 | 6 Canonical, Debian, Hp and 3 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | |||||
| CVE-2016-5387 | 8 Apache, Canonical, Debian and 5 more | 21 Http Server, Ubuntu Linux, Debian Linux and 18 more | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. | |||||
| CVE-2016-4543 | 4 Fedoraproject, Hp, Opensuse and 1 more | 4 Fedora, System Management Homepage, Leap and 1 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |||||
| CVE-2016-2182 | 3 Hp, Openssl, Oracle | 6 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-2177 | 3 Hp, Openssl, Oracle | 6 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | |||||
| CVE-2015-5436 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out Firmware | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020. | |||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-11-07 | 4.3 MEDIUM | N/A |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | |||||
| CVE-2014-7810 | 3 Apache, Debian, Hp | 3 Tomcat, Debian Linux, Hp-ux | 2023-11-07 | 5.0 MEDIUM | N/A |
| The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. | |||||
| CVE-2013-4002 | 9 Apache, Canonical, Hp and 6 more | 21 Xerces2 Java, Ubuntu Linux, Hp-ux and 18 more | 2023-11-07 | 7.1 HIGH | N/A |
| XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. | |||||
| CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2023-11-07 | 3.5 LOW | N/A |
| Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | |||||
| CVE-2008-5395 | 2 Hp, Linux | 2 Pa-risc, Linux Kernel | 2023-11-07 | 4.9 MEDIUM | N/A |
| The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. | |||||
| CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2023-11-07 | 5.0 MEDIUM | N/A |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | |||||
| CVE-2004-0492 | 5 Apache, Hp, Ibm and 2 more | 7 Http Server, Virtualvault, Vvos and 4 more | 2023-11-07 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | |||||
| CVE-2000-0573 | 1 Hp | 1 Hp-ux | 2023-11-07 | 10.0 HIGH | N/A |
| The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. | |||||
| CVE-2000-0515 | 1 Hp | 1 Hp-ux | 2023-11-07 | 10.0 HIGH | N/A |
| The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. | |||||