Filtered by vendor Hp
Subscribe
Total
2419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5221 | 1 Hp | 37 Color Laserjet 3000, Color Laserjet 3800, Color Laserjet 4700 and 34 more | 2013-12-31 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2013-6852 | 1 Hp | 1 2620-24-poe\+ Switch | 2013-11-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method. | |||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2013-09-26 | 10.0 HIGH | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | |||||
| CVE-2013-4812 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2013-09-26 | 10.0 HIGH | N/A |
| UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | |||||
| CVE-2013-4811 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2013-09-26 | 10.0 HIGH | N/A |
| UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | |||||
| CVE-2013-4809 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2013-09-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | |||||
| CVE-2010-4109 | 1 Hp | 1 Palm Webos | 2013-09-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | |||||
| CVE-1999-0353 | 1 Hp | 1 Hp-ux | 2013-09-03 | 9.3 HIGH | N/A |
| rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. | |||||
| CVE-2011-1848 | 1 Hp | 1 Intelligent Management Center | 2013-08-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet. | |||||
| CVE-2013-4805 | 1 Hp | 1 Integrated Lights-out Firmware | 2013-08-22 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2008-3544 | 1 Hp | 1 Openview Network Node Manager | 2013-08-19 | 9.0 HIGH | N/A |
| Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954. | |||||
| CVE-2011-0277 | 1 Hp | 1 Power Manager | 2013-08-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | |||||
| CVE-2010-3010 | 1 Hp | 2 3com Officeconnect Gigabit Vpn Firewall Software, 3crevf100-73 | 2013-07-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue. | |||||
| CVE-1999-0447 | 1 Hp | 1 Mpe Ix | 2013-07-23 | 4.6 MEDIUM | N/A |
| Local users can gain privileges using the debug utility in the MPE/iX operating system. | |||||
| CVE-1999-0309 | 1 Hp | 1 Hp-ux | 2013-07-21 | 7.2 HIGH | N/A |
| HP-UX vgdisplay program gives root access to local users. | |||||
| CVE-2011-1852 | 1 Hp | 1 Intelligent Management Center | 2013-07-17 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode. | |||||
| CVE-2010-4116 | 1 Hp | 1 Storageworks Storage Mirroring | 2013-07-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x before 5.2.2.1771.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2012-3270 | 1 Hp | 1 Performance Insight | 2013-06-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269. | |||||
| CVE-2013-3575 | 1 Hp | 1 Insight Diagnostics | 2013-06-14 | 5.0 MEDIUM | N/A |
| hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter. | |||||
| CVE-2013-3574 | 1 Hp | 1 Insight Diagnostics | 2013-06-14 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter. | |||||