Power Manager
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2685 | 0.10 | — | 0.85 | Nov 6, 2009 | Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. | |||
| CVE-2009-3999 | 0.08 | — | 0.61 | Jan 20, 2010 | Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | |||
| CVE-2009-4000 | 0.03 | — | 0.32 | Jan 20, 2010 | Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. | |||
| CVE-2010-4113 | 0.01 | — | 0.07 | Dec 22, 2010 | Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server. | |||
| CVE-2023-25543 | 0.00 | — | 0.00 | Feb 6, 2024 | Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. | |||
| CVE-2023-32450 | 0.00 | — | 0.00 | Jul 27, 2023 | Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | |||
| CVE-2023-28051 | 0.00 | — | 0.00 | Apr 7, 2023 | Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | |||
| CVE-2011-0280 | 0.00 | — | 0.01 | Mar 14, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3)… | |||
| CVE-2011-0277 | 0.00 | — | 0.00 | Feb 9, 2011 | Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | |||
| CVE-2009-4997 | 0.00 | — | 0.00 | Sep 7, 2010 | gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a… | |||
| CVE-2006-7240 | 0.00 | — | 0.00 | Sep 7, 2010 | gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a… |
- CVE-2009-2685Nov 6, 2009risk 0.10cvss —epss 0.85
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
- CVE-2009-3999Jan 20, 2010risk 0.08cvss —epss 0.61
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
- CVE-2009-4000Jan 20, 2010risk 0.03cvss —epss 0.32
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
- CVE-2010-4113Dec 22, 2010risk 0.01cvss —epss 0.07
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
- CVE-2023-25543Feb 6, 2024risk 0.00cvss —epss 0.00
Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.
- CVE-2023-32450Jul 27, 2023risk 0.00cvss —epss 0.00
Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.
- CVE-2023-28051Apr 7, 2023risk 0.00cvss —epss 0.00
Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.
- CVE-2011-0280Mar 14, 2011risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3)…
- CVE-2011-0277Feb 9, 2011risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
- CVE-2009-4997Sep 7, 2010risk 0.00cvss —epss 0.00
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a…
- CVE-2006-7240Sep 7, 2010risk 0.00cvss —epss 0.00
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a…