Skip to main content

HP

651 CVEs vendor

Monthly

CVE-2015-5402 HIGH This Week

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Denial Of Service Systems Insight Manager
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-2140 MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-2139 MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5413 MEDIUM This Month

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Version Control Repository Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5412 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF Version Control Repository Manager
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-5411 MEDIUM This Month

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Version Control Repository Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-5410 MEDIUM This Month

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP RCE Version Control Repository Manager
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-5409 HIGH This Week

Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Buffer Overflow Version Control Repository Manager
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-5424 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5423 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5422 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5421 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5420 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5419 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5418 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5417 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5416 HIGH This Week

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
6.8%
CVE-2015-5408 MEDIUM This Month

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control. Rated medium severity (CVSS 6.0). No vendor patch available.

HP Information Disclosure Centralview Fraud Risk Management Centralview Roaming Fraud Control Centralview Credit Risk Control +3
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-5407 MEDIUM This Month

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control. Rated medium severity (CVSS 6.0). No vendor patch available.

HP Information Disclosure Centralview Revenue Leakage Control Centralview Fraud Risk Management Centralview Subscription Fraud Prevention +3
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-5406 CRITICAL Act Now

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Centralview Revenue Leakage Control Centralview Credit Risk Control Centralview Subscription Fraud Prevention +3
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-2137 CRITICAL PATCH Act Now

Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.3%.

HP RCE Operations Manager I
NVD
CVSS 2.0
10.0
EPSS
27.3%
CVE-2015-2132 MEDIUM PATCH This Month

Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.4).

HP Information Disclosure Operations Manager I
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-2134 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-2126 HIGH This Week

Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Hp Ux
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-2125 MEDIUM POC THREAT This Month

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

HP XXE Webinspect
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
31.0%
CVE-2015-2124 HIGH PATCH This Week

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

HP Authentication Bypass Smart Zero Core Thinpro Linux
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2123 CRITICAL Act Now

Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Nonstop Safeguard Security
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2015-2121 HIGH This Week

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Network Virtualization
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2015-2118 MEDIUM PATCH This Month

Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Access Control
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-2110 CRITICAL PATCH Act Now

Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.8%.

HP Buffer Overflow RCE Loadrunner
NVD
CVSS 2.0
10.0
EPSS
33.8%
CVE-2015-2122 HIGH This Week

The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Sdn Van Controller
NVD
CVSS 2.0
7.8
EPSS
1.4%
CVE-2015-2120 HIGH PATCH This Week

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Sitescope
NVD
CVSS 2.0
8.7
EPSS
1.4%
CVE-2015-2115 LOW PATCH Monitor

Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity.

HP Information Disclosure Capture And Route Software
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2015-2117 HIGH Act Now

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

HP RCE Authentication Bypass Tippingpoint Security Management System Tippingpoint Virtual Security Management System
NVD
CVSS 2.0
7.5
EPSS
10.2%
CVE-2015-2116 CRITICAL PATCH Act Now

Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2015-2114 MEDIUM This Month

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Support Solution Framework
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-2113 CRITICAL Act Now

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.2% and no vendor patch available.

HP RCE Easy Tools
NVD
CVSS 2.0
10.0
EPSS
28.2%
CVE-2015-2112 CRITICAL Act Now

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Easy Tools
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-2111 LOW PATCH Monitor

Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

HP Information Disclosure Microsoft Intelligent Provisioning
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2109 HIGH This Week

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Operations Orchestration
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-2108 LOW Monitor

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Operations Orchestration
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-2106 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 2 Firmware Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-7876 CRITICAL Act Now

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

Denial Of Service HP RCE Integrated Lights Out 2 Firmware Integrated Lights Out 4 Firmware +1
NVD
CVSS 2.0
10.0
EPSS
25.2%
CVE-2015-2107 MEDIUM This Month

HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

HP SAP Authentication Bypass Operations Manager I Management Pack
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2014-7885 CRITICAL Act Now

Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Enterprise Security Manager
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-7884 CRITICAL POC THREAT Emergency

Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

HP Information Disclosure Arcsight Logger
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
23.2%
Threat
4.0
CVE-2014-7898 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.4% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
23.4%
CVE-2014-7897 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7895 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7894 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7893 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7892 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7891 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7890 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7889 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7888 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7896 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Xp P9000 Device Manager Xp P9000 Replication Manager Xp P9000 Tiered Storage Manager +1
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7883 MEDIUM POC THREAT This Month

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.7%.

HP Information Disclosure Universal Configuration Management Database
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
57.7%
Threat
4.2
CVE-2014-7882 MEDIUM This Month

Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Sitescope
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-7881 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Insight Control Server Deployment
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7880 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Tcp Ip Services Openvms
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-7879 HIGH PATCH This Week

HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

HP RCE Authentication Bypass Hp Ux
NVD
CVSS 2.0
8.5
EPSS
0.4%
CVE-2014-2608 HIGH This Week

Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Microsoft Smart Update Manager
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-7878 CRITICAL Act Now

The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Helion Cloud Development Platform
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7875 CRITICAL Act Now

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Laserjet Cm3530 Multifunction Printer Firmware
NVD
CVSS 2.0
9.0
EPSS
2.2%
CVE-2014-7877 MEDIUM This Month

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service Hp Ux
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-7874 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage Hp Ux
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-2647 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS HP Operations Agent
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-4661 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Records Manager
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-2649 HIGH This Week

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Operations Manager Kernel
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2014-2648 CRITICAL Act Now

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.3% and no vendor patch available.

HP RCE Operations Manager
NVD
CVSS 2.0
10.0
EPSS
22.3%
CVE-2014-2646 HIGH This Week

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Network Automation
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-2638 HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-2637 HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-2636 HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-2635 HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-2644 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Systems Insight Manager
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-2645 MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2643 MEDIUM This Month

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-2642 MEDIUM This Month

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-2640 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-2639 MEDIUM PATCH This Month

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

HP RCE Code Injection Mpio Device Specific Module Manager
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-2624 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

HP RCE Network Node Manager I
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
77.4%
Threat
5.8
CVE-2013-6335 LOW Monitor

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and. Rated low severity (CVSS 3.3). No vendor patch available.

IBM HP Authentication Bypass Tivoli Storage Manager
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-2634 CRITICAL Act Now

Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Service Manager
NVD
CVSS 2.0
9.4
EPSS
5.4%
CVE-2014-2633 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF Service Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2632 CRITICAL Emergency

Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 37.0% and no vendor patch available.

HP RCE Service Manager
NVD
CVSS 2.0
10.0
EPSS
37.0%
CVE-2013-6222 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Service Manager
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-2629 MEDIUM This Month

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Nonstop Safeguard Security
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 0% CVSS 7.2
HIGH This Week

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Version Control Repository Manager
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF Version Control Repository Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Version Control Repository Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Buffer Overflow +1
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 16% CVSS 7.5
HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
EPSS 7% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Keyview
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control. Rated medium severity (CVSS 6.0). No vendor patch available.

HP Information Disclosure Centralview Fraud Risk Management +5
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control. Rated medium severity (CVSS 6.0). No vendor patch available.

HP Information Disclosure Centralview Revenue Leakage Control +5
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Centralview Revenue Leakage Control +5
NVD
EPSS 27% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.3%.

HP RCE Operations Manager I
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.4).

HP Information Disclosure Operations Manager I
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Hp Ux
NVD
EPSS 31% CVSS 4.0
MEDIUM POC THREAT This Month

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

HP XXE Webinspect
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

HP Authentication Bypass Smart Zero Core +1
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Nonstop Safeguard Security
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Network Virtualization
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Access Control
NVD
EPSS 34% CVSS 10.0
CRITICAL PATCH Act Now

Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.8%.

HP Buffer Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Sdn Van Controller
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Sitescope
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity.

HP Information Disclosure Capture And Route Software
NVD
EPSS 10% CVSS 7.5
HIGH Act Now

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

HP RCE Authentication Bypass +2
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service HP RCE +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Support Solution Framework
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.2% and no vendor patch available.

HP RCE Easy Tools
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Easy Tools
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

HP Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Operations Orchestration
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Operations Orchestration
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 2 Firmware +2
NVD
EPSS 25% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

Denial Of Service HP RCE +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

HP SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Enterprise Security Manager
NVD
EPSS 23% 4.0 CVSS 9.0
CRITICAL POC THREAT Emergency

Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

HP Information Disclosure Arcsight Logger
NVD Exploit-DB
EPSS 23% CVSS 10.0
CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.4% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 29% CVSS 10.0
CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 29% CVSS 10.0
CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 29% CVSS 10.0
CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 29% CVSS 10.0
CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Xp P9000 Device Manager +3
NVD
EPSS 58% 4.2 CVSS 5.0
MEDIUM POC THREAT This Month

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.7%.

HP Information Disclosure Universal Configuration Management Database
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM This Month

Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Sitescope
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Insight Control Server Deployment
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Tcp Ip Services Openvms
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

HP RCE Authentication Bypass +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Microsoft +1
NVD
EPSS 29% CVSS 10.0
CRITICAL Act Now

The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Helion Cloud Development Platform
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Laserjet Cm3530 Multifunction Printer Firmware
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service Hp Ux
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage +1
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS HP Operations Agent
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Records Manager
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Operations Manager +1
NVD
EPSS 22% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.3% and no vendor patch available.

HP RCE Operations Manager
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Network Automation
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Sprinter
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Systems Insight Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure System Management Homepage
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP System Management Homepage
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

HP RCE Code Injection +1
NVD
EPSS 77% 5.8 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

HP RCE Network Node Manager I
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW Monitor

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and. Rated low severity (CVSS 3.3). No vendor patch available.

IBM HP Authentication Bypass +1
NVD
EPSS 5% CVSS 9.4
CRITICAL Act Now

Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Service Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF Service Manager
NVD
EPSS 37% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 37.0% and no vendor patch available.

HP RCE Service Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Service Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Nonstop Safeguard Security
NVD
Prev Page 4 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy