CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2621 +Info 2014-07-16 2014-07-16
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090.
2 CVE-2014-2620 +Info 2014-07-16 2014-07-16
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089.
3 CVE-2014-2619 +Info 2014-07-16 2014-07-16
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088.
4 CVE-2014-2618 +Info 2014-07-16 2014-07-16
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080.
5 CVE-2014-2616 Exec Code +Info 2014-07-07 2014-07-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.
6 CVE-2014-2615 Exec Code +Info 2014-07-07 2014-07-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.
7 CVE-2014-2614 287 Bypass 2014-07-07 2014-07-07
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.
8 CVE-2014-2610 22 Exec Code Dir. Trav. 2014-06-19 2014-06-26
7.1
None Remote High Single system Complete Complete Complete
Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.
9 CVE-2014-2601 DoS 2014-04-24 2014-04-25
7.8
None Remote Low Not required None None Complete
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
10 CVE-2013-6211 DoS +Info 2014-03-28 2014-03-31
7.8
None Remote Medium Not required Partial None Complete
Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and StoreOnce 4xxx Backup System before 3.9.0 allows remote attackers to obtain sensitive information or cause a denial of service via unknown vectors.
11 CVE-2013-6210 Exec Code 2014-03-16 2014-03-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932.
12 CVE-2013-6208 +Priv 2014-03-16 2014-03-17
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.
13 CVE-2013-6204 Exec Code +Info 2014-02-26 2014-02-26
7.5
None Remote Low Not required Partial Partial Partial
The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004.
14 CVE-2013-6203 Exec Code +Info 2014-02-26 2014-02-26
7.5
None Remote Low Not required Partial Partial Partial
The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-1656.
15 CVE-2013-6201 Exec Code 2014-03-06 2014-03-07
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors.
16 CVE-2013-4854 DoS 2013-07-29 2014-01-17
7.8
None Remote Low Not required None None Complete
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
17 CVE-2013-4844 Exec Code 2013-11-28 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.
18 CVE-2013-4839 DoS +Info 2013-11-04 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.
19 CVE-2013-4836 Exec Code 2013-11-04 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.
20 CVE-2013-4835 1 Exec Code Bypass 2013-11-04 2014-01-17
7.5
None Remote Low Not required Partial Partial Partial
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
21 CVE-2013-4834 Exec Code 2013-11-04 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.
22 CVE-2013-4830 94 Exec Code 2013-10-16 2013-10-16
7.5
None Remote Low Not required Partial Partial Partial
HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.
23 CVE-2013-4827 89 Exec Code Sql 2013-10-13 2014-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.
24 CVE-2013-4825 264 Bypass 2013-10-13 2014-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.
25 CVE-2013-4824 287 Bypass 2013-10-13 2014-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
26 CVE-2013-4809 89 Exec Code Sql 2013-09-16 2013-09-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.
27 CVE-2013-4807 2013-08-05 2013-08-22
7.8
None Remote Low Not required None Complete None
Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors.
28 CVE-2013-4806 DoS +Info 2013-08-12 2014-01-03
7.0
None Remote Medium Single system Partial None Complete
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
29 CVE-2013-4801 Exec Code 2013-07-29 2013-08-22
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
30 CVE-2013-4799 Exec Code 2013-07-29 2013-08-22
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
31 CVE-2013-4797 Exec Code 2013-07-29 2013-08-22
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
32 CVE-2013-3574 20 2013-06-14 2013-06-14
7.8
None Remote Low Not required None Complete None
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
33 CVE-2013-2370 Exec Code 2013-07-29 2013-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
34 CVE-2013-2369 Exec Code 2013-07-29 2013-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.
35 CVE-2013-2365 +Info 2013-07-22 2013-07-26
7.9
None Local Network Medium Not required Complete Complete Complete
HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors.
36 CVE-2013-2353 DoS 2013-08-28 2013-08-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors.
37 CVE-2013-2351 DoS +Info 2013-07-13 2013-07-15
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
38 CVE-2013-2342 255 2013-06-30 2013-07-01
7.7
None Local Network Low Single system Complete Complete Complete
The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete data via an SSH session.
39 CVE-2013-2341 Exec Code +Info 2013-07-06 2013-07-08
7.1
None Remote High Single system Complete Complete Complete
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.
40 CVE-2012-5220 +Priv 2013-04-26 2013-05-01
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors.
41 CVE-2012-5218 264 Bypass 2013-04-24 2013-04-24
7.2
None Local Low Not required Complete Complete Complete
HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors.
42 CVE-2012-5214 DoS +Info 2013-03-09 2013-03-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
43 CVE-2012-5213 +Info 2013-03-09 2013-03-16
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1662.
44 CVE-2012-5211 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643.
45 CVE-2012-5210 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1646.
46 CVE-2012-5208 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1615.
47 CVE-2012-5206 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1660.
48 CVE-2012-5205 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1650.
49 CVE-2012-5204 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1614.
50 CVE-2012-5203 DoS +Info 2013-03-09 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1613.
Total number of vulnerabilities : 290   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.