Vendor CVEs
Microfocus
All CVEs
2,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0702 | 0.03 | — | 0.01 | Oct 20, 2000 | The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. | |||
| CVE-2000-0636 | 0.03 | — | 0.04 | Jul 19, 2000 | HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command. | |||
| CVE-2000-0516 | 0.03 | — | 0.01 | Jun 6, 2000 | When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server. | |||
| CVE-2000-0468 | 0.03 | — | 0.01 | Jun 2, 2000 | man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. | |||
| CVE-1999-0693 | 0.03 | — | 0.01 | Mar 2, 2000 | Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. | |||
| CVE-2000-0077 | 0.03 | — | 0.01 | Jan 2, 2000 | The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. | |||
| CVE-1999-1433 | 0.03 | — | 0.01 | Jul 15, 1998 | HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. | |||
| CVE-1999-0014 | 0.03 | — | 0.01 | Jan 21, 1998 | Unauthorized privileged access or denial of service via dtappgather program in CDE. | |||
| CVE-1999-0306 | 0.03 | — | 0.02 | Nov 4, 1997 | buffer overflow in HP xlock program. | |||
| CVE-1999-0040 | 0.03 | — | 0.01 | May 1, 1997 | Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. | |||
| CVE-1999-1408 | 0.03 | — | 0.01 | Mar 5, 1997 | Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. | |||
| CVE-1999-0050 | 0.03 | — | 0.01 | Dec 1, 1996 | Buffer overflow in HP-UX newgrp program. | |||
| CVE-1999-0130 | 0.03 | — | 0.01 | Nov 16, 1996 | Local users can start Sendmail in daemon mode and gain root privileges. | |||
| CVE-2015-6946 | 0.02 | — | 0.20 | Sep 15, 2015 | Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit… | |||
| CVE-2014-2626 | 0.02 | — | 0.19 | Jul 26, 2014 | Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | |||
| CVE-2012-0127 | 0.02 | — | 0.23 | Mar 31, 2012 | Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2011-1867 | 0.02 | — | 0.26 | Jul 11, 2011 | Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to… | |||
| CVE-2011-1732 | 0.02 | — | 0.25 | May 7, 2011 | Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message. | |||
| CVE-2009-4000 | 0.02 | — | 0.20 | Jan 20, 2010 | Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. | |||
| CVE-2009-3845 | 0.02 | — | 0.22 | Dec 10, 2009 | The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts. | |||
| CVE-2004-0826 | 0.02 | — | 0.23 | Dec 31, 2004 | Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | |||
| CVE-2003-0196 | 0.02 | — | 0.23 | May 5, 2003 | Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | |||
| CVE-2002-0679 | 0.02 | — | 0.23 | Sep 5, 2002 | Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure. | |||
| CVE-2002-0076 | 0.02 | — | 0.27 | Mar 19, 2002 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape… | |||
| CVE-2015-8241 | 0.01 | — | 0.05 | Dec 15, 2015 | The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||
| CVE-2015-7499 | 0.01 | — | 0.06 | Dec 15, 2015 | Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | |||
| CVE-2015-3196 | 0.01 | — | 0.13 | Dec 6, 2015 | ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double… | |||
| CVE-2015-2135 | 0.01 | — | 0.09 | Aug 31, 2015 | Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2015-5368 | 0.01 | — | 0.07 | Aug 27, 2015 | The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified… | |||
| CVE-2015-3269 | 0.01 | — | 0.10 | Aug 25, 2015 | Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an… | |||
| CVE-2015-5424 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. | |||
| CVE-2015-5423 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. | |||
| CVE-2015-5422 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. | |||
| CVE-2015-5421 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. | |||
| CVE-2015-5420 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. | |||
| CVE-2015-5419 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. | |||
| CVE-2015-5418 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. | |||
| CVE-2015-5417 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. | |||
| CVE-2015-5416 | 0.01 | — | 0.11 | Aug 24, 2015 | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. | |||
| CVE-2015-2137 | 0.01 | — | 0.10 | Aug 22, 2015 | Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2015-3237 | 0.01 | — | 0.09 | Jun 22, 2015 | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. | |||
| CVE-2015-2110 | 0.01 | — | 0.11 | May 25, 2015 | Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2015-2117 | 0.01 | — | 0.09 | Apr 27, 2015 | HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading… | |||
| CVE-2015-3148 | 0.01 | — | 0.18 | Apr 24, 2015 | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | |||
| CVE-2015-3143 | 0.01 | — | 0.16 | Apr 24, 2015 | cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | |||
| CVE-2015-2113 | 0.01 | — | 0.08 | Apr 14, 2015 | Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary… | |||
| CVE-2014-7876 | 0.01 | — | 0.13 | Mar 31, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. | |||
| CVE-2014-7898 | 0.01 | — | 0.10 | Mar 9, 2015 | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-7897 | 0.01 | — | 0.10 | Mar 9, 2015 | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated… | |||
| CVE-2014-7895 | 0.01 | — | 0.10 | Mar 9, 2015 | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR,… |
- CVE-2000-0702Oct 20, 2000risk 0.03cvss —epss 0.01
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
- CVE-2000-0636Jul 19, 2000risk 0.03cvss —epss 0.04
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.
- CVE-2000-0516Jun 6, 2000risk 0.03cvss —epss 0.01
When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.
- CVE-2000-0468Jun 2, 2000risk 0.03cvss —epss 0.01
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
- CVE-1999-0693Mar 2, 2000risk 0.03cvss —epss 0.01
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
- CVE-2000-0077Jan 2, 2000risk 0.03cvss —epss 0.01
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.
- CVE-1999-1433Jul 15, 1998risk 0.03cvss —epss 0.01
HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
- CVE-1999-0014Jan 21, 1998risk 0.03cvss —epss 0.01
Unauthorized privileged access or denial of service via dtappgather program in CDE.
- CVE-1999-0306Nov 4, 1997risk 0.03cvss —epss 0.02
buffer overflow in HP xlock program.
- CVE-1999-0040May 1, 1997risk 0.03cvss —epss 0.01
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
- CVE-1999-1408Mar 5, 1997risk 0.03cvss —epss 0.01
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
- CVE-1999-0050Dec 1, 1996risk 0.03cvss —epss 0.01
Buffer overflow in HP-UX newgrp program.
- CVE-1999-0130Nov 16, 1996risk 0.03cvss —epss 0.01
Local users can start Sendmail in daemon mode and gain root privileges.
- CVE-2015-6946Sep 15, 2015risk 0.02cvss —epss 0.20
Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit…
- CVE-2014-2626Jul 26, 2014risk 0.02cvss —epss 0.19
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
- CVE-2012-0127Mar 31, 2012risk 0.02cvss —epss 0.23
Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2011-1867Jul 11, 2011risk 0.02cvss —epss 0.26
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to…
- CVE-2011-1732May 7, 2011risk 0.02cvss —epss 0.25
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
- CVE-2009-4000Jan 20, 2010risk 0.02cvss —epss 0.20
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
- CVE-2009-3845Dec 10, 2009risk 0.02cvss —epss 0.22
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
- CVE-2004-0826Dec 31, 2004risk 0.02cvss —epss 0.23
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
- CVE-2003-0196May 5, 2003risk 0.02cvss —epss 0.23
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
- CVE-2002-0679Sep 5, 2002risk 0.02cvss —epss 0.23
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
- CVE-2002-0076Mar 19, 2002risk 0.02cvss —epss 0.27
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…
- CVE-2015-8241Dec 15, 2015risk 0.01cvss —epss 0.05
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
- CVE-2015-7499Dec 15, 2015risk 0.01cvss —epss 0.06
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
- CVE-2015-3196Dec 6, 2015risk 0.01cvss —epss 0.13
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double…
- CVE-2015-2135Aug 31, 2015risk 0.01cvss —epss 0.09
Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2015-5368Aug 27, 2015risk 0.01cvss —epss 0.07
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified…
- CVE-2015-3269Aug 25, 2015risk 0.01cvss —epss 0.10
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an…
- CVE-2015-5424Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.
- CVE-2015-5423Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.
- CVE-2015-5422Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.
- CVE-2015-5421Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.
- CVE-2015-5420Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.
- CVE-2015-5419Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.
- CVE-2015-5418Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.
- CVE-2015-5417Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.
- CVE-2015-5416Aug 24, 2015risk 0.01cvss —epss 0.11
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.
- CVE-2015-2137Aug 22, 2015risk 0.01cvss —epss 0.10
Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2015-3237Jun 22, 2015risk 0.01cvss —epss 0.09
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
- CVE-2015-2110May 25, 2015risk 0.01cvss —epss 0.11
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2015-2117Apr 27, 2015risk 0.01cvss —epss 0.09
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading…
- CVE-2015-3148Apr 24, 2015risk 0.01cvss —epss 0.18
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
- CVE-2015-3143Apr 24, 2015risk 0.01cvss —epss 0.16
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
- CVE-2015-2113Apr 14, 2015risk 0.01cvss —epss 0.08
Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary…
- CVE-2014-7876Mar 31, 2015risk 0.01cvss —epss 0.13
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.
- CVE-2014-7898Mar 9, 2015risk 0.01cvss —epss 0.10
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2014-7897Mar 9, 2015risk 0.01cvss —epss 0.10
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated…
- CVE-2014-7895Mar 9, 2015risk 0.01cvss —epss 0.10
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR,…
Page 23 of 46