Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7110 | 0.00 | — | 0.01 | Oct 17, 2018 | A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler. | |||
| CVE-2015-6030 | 0.00 | — | 0.01 | Nov 4, 2015 | HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. | |||
| CVE-2015-5444 | 0.00 | — | 0.02 | Oct 18, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5443 | 0.00 | — | 0.01 | Oct 12, 2015 | HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5440 | 0.00 | — | 0.01 | Sep 16, 2015 | HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2136 | 0.00 | — | 0.02 | Sep 16, 2015 | HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | |||
| CVE-2015-5426 | 0.00 | — | 0.01 | Sep 16, 2015 | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | |||
| CVE-2015-5432 | 0.00 | — | 0.04 | Aug 27, 2015 | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-5431 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-5403 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139. | |||
| CVE-2015-5402 | 0.00 | — | 0.01 | Aug 27, 2015 | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors. | |||
| CVE-2015-2140 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-2139 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. | |||
| CVE-2015-5411 | 0.00 | — | 0.02 | Aug 26, 2015 | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-2608 | 0.00 | — | 0.00 | Dec 10, 2014 | Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors. | |||
| CVE-2009-2682 | 0.00 | — | 0.01 | Sep 24, 2009 | Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | |||
| CVE-2007-0396 | 0.00 | — | 0.02 | Jan 19, 2007 | Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | |||
| CVE-2006-0436 | 0.00 | — | 0.00 | Jan 26, 2006 | Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors. | |||
| CVE-2005-3565 | 0.00 | — | 0.03 | Nov 16, 2005 | Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors. | |||
| CVE-2005-2993 | 0.00 | — | 0.01 | Sep 20, 2005 | Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang). | |||
| CVE-2004-0952 | 0.00 | — | 0.05 | Dec 31, 2004 | HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. | |||
| CVE-2003-1099 | 0.00 | — | 0.01 | Dec 31, 2003 | shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. | |||
| CVE-2003-1098 | 0.00 | — | 0.01 | Dec 31, 2003 | The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges. | |||
| CVE-2003-1360 | 0.00 | — | 0.01 | Dec 31, 2003 | Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. | |||
| CVE-2002-1618 | 0.00 | — | 0.01 | Oct 16, 2002 | JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems. | |||
| CVE-2002-0577 | 0.00 | — | 0.01 | Jun 18, 2002 | Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service. | |||
| CVE-2001-0668 | 0.00 | — | 0.06 | Sep 20, 2001 | Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. | |||
| CVE-2001-0379 | 0.00 | — | 0.01 | Jun 18, 2001 | Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. | |||
| CVE-1999-1133 | 0.00 | — | 0.00 | Sep 1, 1997 | HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users. | |||
| CVE-1999-1139 | 0.00 | — | 0.00 | Sep 1, 1997 | Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. | |||
| CVE-1999-1160 | 0.00 | — | 0.04 | Feb 2, 1997 | Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. | |||
| CVE-1999-1251 | 0.00 | — | 0.00 | Dec 24, 1996 | Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service. | |||
| CVE-1999-1161 | 0.00 | — | 0.01 | Nov 3, 1996 | Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. | |||
| CVE-1999-1205 | 0.00 | — | 0.00 | Jun 7, 1996 | nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. | |||
| CVE-1999-1248 | 0.00 | — | 0.00 | Nov 30, 1994 | Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges. |
- CVE-2018-7110Oct 17, 2018risk 0.00cvss —epss 0.01
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.
- CVE-2015-6030Nov 4, 2015risk 0.00cvss —epss 0.01
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
- CVE-2015-5444Oct 18, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-5443Oct 12, 2015risk 0.00cvss —epss 0.01
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2015-5440Sep 16, 2015risk 0.00cvss —epss 0.01
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-2136Sep 16, 2015risk 0.00cvss —epss 0.02
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
- CVE-2015-5426Sep 16, 2015risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
- CVE-2015-5432Aug 27, 2015risk 0.00cvss —epss 0.04
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
- CVE-2015-5431Aug 27, 2015risk 0.00cvss —epss 0.02
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- CVE-2015-5403Aug 27, 2015risk 0.00cvss —epss 0.02
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.
- CVE-2015-5402Aug 27, 2015risk 0.00cvss —epss 0.01
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.
- CVE-2015-2140Aug 27, 2015risk 0.00cvss —epss 0.02
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- CVE-2015-2139Aug 27, 2015risk 0.00cvss —epss 0.02
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.
- CVE-2015-5411Aug 26, 2015risk 0.00cvss —epss 0.02
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2014-2608Dec 10, 2014risk 0.00cvss —epss 0.00
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
- CVE-2009-2682Sep 24, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
- CVE-2007-0396Jan 19, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.
- CVE-2006-0436Jan 26, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
- CVE-2005-3565Nov 16, 2005risk 0.00cvss —epss 0.03
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
- CVE-2005-2993Sep 20, 2005risk 0.00cvss —epss 0.01
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
- CVE-2004-0952Dec 31, 2004risk 0.00cvss —epss 0.05
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
- CVE-2003-1099Dec 31, 2003risk 0.00cvss —epss 0.01
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
- CVE-2003-1098Dec 31, 2003risk 0.00cvss —epss 0.01
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
- CVE-2003-1360Dec 31, 2003risk 0.00cvss —epss 0.01
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
- CVE-2002-1618Oct 16, 2002risk 0.00cvss —epss 0.01
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
- CVE-2002-0577Jun 18, 2002risk 0.00cvss —epss 0.01
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
- CVE-2001-0668Sep 20, 2001risk 0.00cvss —epss 0.06
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.
- CVE-2001-0379Jun 18, 2001risk 0.00cvss —epss 0.01
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
- CVE-1999-1133Sep 1, 1997risk 0.00cvss —epss 0.00
HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.
- CVE-1999-1139Sep 1, 1997risk 0.00cvss —epss 0.00
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
- CVE-1999-1160Feb 2, 1997risk 0.00cvss —epss 0.04
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
- CVE-1999-1251Dec 24, 1996risk 0.00cvss —epss 0.00
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
- CVE-1999-1161Nov 3, 1996risk 0.00cvss —epss 0.01
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
- CVE-1999-1205Jun 7, 1996risk 0.00cvss —epss 0.00
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
- CVE-1999-1248Nov 30, 1994risk 0.00cvss —epss 0.00
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
Page 12 of 12