Filtered by vendor Hp
Subscribe
Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7810 | 3 Apache, Debian, Hp | 3 Tomcat, Debian Linux, Hp-ux | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. | |||||
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | |||||
| CVE-2014-7302 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. | |||||
| CVE-2014-7301 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. | |||||
| CVE-2014-5160 | 1 Hp | 1 Data Protector | 2024-11-21 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design. | |||||
| CVE-2014-4669 | 1 Hp | 1 Enterprise Maps | 2024-11-21 | 3.5 LOW | N/A |
| HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4661 | 1 Hp | 1 Records Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3956 | 4 Fedoraproject, Freebsd, Hp and 1 more | 4 Fedora, Freebsd, Hpux and 1 more | 2024-11-21 | 1.9 LOW | N/A |
| The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | |||||
| CVE-2014-2649 | 2 Hp, Linux | 2 Operations Manager, Kernel | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2014-2648 | 2 Hp, Opengroup | 2 Operations Manager, Unix | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2014-2647 | 1 Hp | 1 Operations Agent | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2646 | 1 Hp | 1 Network Automation | 2024-11-21 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2014-2645 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
| HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | |||||
| CVE-2014-2644 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2014-2643 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2014-2642 | 1 Hp | 1 System Management Homepage | 2024-11-21 | 4.3 MEDIUM | N/A |
| HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-2641 | 1 Hp | 1 System Management Homepage | 2024-11-21 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-2640 | 1 Hp | 1 System Management Homepage | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2639 | 1 Hp | 1 Mpio Device Specific Module Manager | 2024-11-21 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | |||||
| CVE-2014-2638 | 1 Hp | 1 Sprinter | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. | |||||