Vendor CVEs
Microfocus
All CVEs
2,294 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41913 | 0.00 | — | 0.01 | Aug 6, 2024 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. | |||
| CVE-2022-27540 | 0.00 | — | 0.00 | Jun 28, 2024 | A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential… | |||
| CVE-2022-37020 | 0.00 | — | 0.00 | Jun 10, 2024 | Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. | |||
| CVE-2024-2301 | 0.00 | — | 0.00 | May 23, 2024 | Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. | |||
| CVE-2023-52805 | 0.00 | — | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required. | |||
| CVE-2024-28893 | 0.00 | — | 0.00 | May 1, 2024 | Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). | |||
| CVE-2023-4063 | 0.00 | — | 0.01 | Mar 22, 2024 | Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. | |||
| CVE-2020-11862 | 0.00 | — | 0.01 | Mar 13, 2024 | Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2. | |||
| CVE-2023-52601 | 0.00 | — | 0.00 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to… | |||
| CVE-2023-52599 | 0.00 | — | 0.00 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm:… | |||
| CVE-2024-1869 | 0.00 | — | 0.02 | Mar 1, 2024 | Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. | |||
| CVE-2024-0407 | 0.00 | — | 0.00 | Feb 20, 2024 | Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's… | |||
| CVE-2024-1470 | 0.00 | — | 0.00 | Feb 20, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. | |||
| CVE-2024-25123 | 0.00 | — | 0.00 | Feb 15, 2024 | MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different… | |||
| CVE-2024-0622 | 0.00 | — | 0.00 | Feb 15, 2024 | Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. | |||
| CVE-2022-48219 | 0.00 | — | 0.00 | Feb 14, 2024 | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | |||
| CVE-2015-8317 | 0.00 | — | 0.06 | Dec 15, 2015 | The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | |||
| CVE-2015-8242 | 0.00 | — | 0.04 | Dec 15, 2015 | The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||
| CVE-2015-7500 | 0.00 | — | 0.06 | Dec 15, 2015 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | |||
| CVE-2015-7498 | 0.00 | — | 0.07 | Dec 15, 2015 | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | |||
| CVE-2015-7497 | 0.00 | — | 0.07 | Dec 15, 2015 | Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2015-5312 | 0.00 | — | 0.05 | Dec 15, 2015 | The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | |||
| CVE-2015-6857 | 0.00 | — | 0.04 | Nov 26, 2015 | Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. | |||
| CVE-2015-5451 | 0.00 | — | 0.01 | Nov 23, 2015 | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-5255 | 0.00 | — | 0.04 | Nov 18, 2015 | Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to… | |||
| CVE-2015-7942 | 0.00 | — | 0.05 | Nov 18, 2015 | The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a… | |||
| CVE-2015-5441 | 0.00 | — | 0.02 | Nov 12, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-6867 | 0.00 | — | 0.05 | Nov 4, 2015 | The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | |||
| CVE-2015-6030 | 0.00 | — | 0.01 | Nov 4, 2015 | HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. | |||
| CVE-2015-6029 | 0.00 | — | 0.04 | Nov 4, 2015 | HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||
| CVE-2015-2903 | 0.00 | — | 0.01 | Nov 4, 2015 | The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password. | |||
| CVE-2015-2902 | 0.00 | — | 0.02 | Nov 4, 2015 | HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate. | |||
| CVE-2015-5448 | 0.00 | — | 0.00 | Oct 26, 2015 | HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5444 | 0.00 | — | 0.02 | Oct 18, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5443 | 0.00 | — | 0.01 | Oct 12, 2015 | HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5435 | 0.00 | — | 0.02 | Sep 30, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | |||
| CVE-2015-5442 | 0.00 | — | 0.01 | Sep 29, 2015 | Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-5440 | 0.00 | — | 0.01 | Sep 16, 2015 | HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2136 | 0.00 | — | 0.02 | Sep 16, 2015 | HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | |||
| CVE-2015-5426 | 0.00 | — | 0.01 | Sep 16, 2015 | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | |||
| CVE-2015-5367 | 0.00 | — | 0.01 | Aug 27, 2015 | The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-5433 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5432 | 0.00 | — | 0.04 | Aug 27, 2015 | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-5431 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-5430 | 0.00 | — | 0.03 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5429 | 0.00 | — | 0.04 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428. | |||
| CVE-2015-5428 | 0.00 | — | 0.04 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429. | |||
| CVE-2015-5427 | 0.00 | — | 0.04 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429. | |||
| CVE-2015-5405 | 0.00 | — | 0.02 | Aug 27, 2015 | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||
| CVE-2015-5404 | 0.00 | — | 0.04 | Aug 27, 2015 | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. |
- CVE-2024-41913Aug 6, 2024risk 0.00cvss —epss 0.01
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
- CVE-2022-27540Jun 28, 2024risk 0.00cvss —epss 0.00
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential…
- CVE-2022-37020Jun 10, 2024risk 0.00cvss —epss 0.00
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
- CVE-2024-2301May 23, 2024risk 0.00cvss —epss 0.00
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.
- CVE-2023-52805May 21, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.
- CVE-2024-28893May 1, 2024risk 0.00cvss —epss 0.00
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).
- CVE-2023-4063Mar 22, 2024risk 0.00cvss —epss 0.01
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.
- CVE-2020-11862Mar 13, 2024risk 0.00cvss —epss 0.01
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
- CVE-2023-52601Mar 6, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to…
- CVE-2023-52599Mar 6, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm:…
- CVE-2024-1869Mar 1, 2024risk 0.00cvss —epss 0.02
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.
- CVE-2024-0407Feb 20, 2024risk 0.00cvss —epss 0.00
Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's…
- CVE-2024-1470Feb 20, 2024risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.
- CVE-2024-25123Feb 15, 2024risk 0.00cvss —epss 0.00
MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different…
- CVE-2024-0622Feb 15, 2024risk 0.00cvss —epss 0.00
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
- CVE-2022-48219Feb 14, 2024risk 0.00cvss —epss 0.00
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
- CVE-2015-8317Dec 15, 2015risk 0.00cvss —epss 0.06
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
- CVE-2015-8242Dec 15, 2015risk 0.00cvss —epss 0.04
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
- CVE-2015-7500Dec 15, 2015risk 0.00cvss —epss 0.06
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
- CVE-2015-7498Dec 15, 2015risk 0.00cvss —epss 0.07
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
- CVE-2015-7497Dec 15, 2015risk 0.00cvss —epss 0.07
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
- CVE-2015-5312Dec 15, 2015risk 0.00cvss —epss 0.05
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
- CVE-2015-6857Nov 26, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
- CVE-2015-5451Nov 23, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2015-5255Nov 18, 2015risk 0.00cvss —epss 0.04
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to…
- CVE-2015-7942Nov 18, 2015risk 0.00cvss —epss 0.05
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a…
- CVE-2015-5441Nov 12, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-6867Nov 4, 2015risk 0.00cvss —epss 0.05
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
- CVE-2015-6030Nov 4, 2015risk 0.00cvss —epss 0.01
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
- CVE-2015-6029Nov 4, 2015risk 0.00cvss —epss 0.04
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
- CVE-2015-2903Nov 4, 2015risk 0.00cvss —epss 0.01
The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.
- CVE-2015-2902Nov 4, 2015risk 0.00cvss —epss 0.02
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
- CVE-2015-5448Oct 26, 2015risk 0.00cvss —epss 0.00
HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-5444Oct 18, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-5443Oct 12, 2015risk 0.00cvss —epss 0.01
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2015-5435Sep 30, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.
- CVE-2015-5442Sep 29, 2015risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.
- CVE-2015-5440Sep 16, 2015risk 0.00cvss —epss 0.01
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-2136Sep 16, 2015risk 0.00cvss —epss 0.02
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
- CVE-2015-5426Sep 16, 2015risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
- CVE-2015-5367Aug 27, 2015risk 0.00cvss —epss 0.01
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.
- CVE-2015-5433Aug 27, 2015risk 0.00cvss —epss 0.02
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2015-5432Aug 27, 2015risk 0.00cvss —epss 0.04
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
- CVE-2015-5431Aug 27, 2015risk 0.00cvss —epss 0.02
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- CVE-2015-5430Aug 27, 2015risk 0.00cvss —epss 0.03
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-5429Aug 27, 2015risk 0.00cvss —epss 0.04
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.
- CVE-2015-5428Aug 27, 2015risk 0.00cvss —epss 0.04
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.
- CVE-2015-5427Aug 27, 2015risk 0.00cvss —epss 0.04
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.
- CVE-2015-5405Aug 27, 2015risk 0.00cvss —epss 0.02
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
- CVE-2015-5404Aug 27, 2015risk 0.00cvss —epss 0.04
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
Page 29 of 46