Hp: Security Vulnerabilities
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.
CVSS Score
5.0
EPSS Score
0.577
Published
2015-02-15
Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors.
CVSS Score
5.5
EPSS Score
0.004
Published
2015-02-02
Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2015-01-15
Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.013
Published
2014-12-17
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
CVSS Score
8.5
EPSS Score
0.004
Published
2014-12-10
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.
CVSS Score
10.0
EPSS Score
0.288
Published
2014-11-14
Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
CVSS Score
9.0
EPSS Score
0.023
Published
2014-11-04
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
CVSS Score
4.9
EPSS Score
0.001
Published
2014-10-30
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
6.8
EPSS Score
0.002
Published
2014-10-19
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.021
Published
2014-10-19