Hp: Security Vulnerabilities
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
CVSS Score
6.9
EPSS Score
0.001
Published
2011-01-28
Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.
CVSS Score
9.3
EPSS Score
0.132
Published
2011-01-25
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.009
Published
2011-01-24
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
CVSS Score
5.0
EPSS Score
0.725
Published
2011-01-20
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
CVSS Score
7.5
EPSS Score
0.102
Published
2011-01-20
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.
CVSS Score
10.0
EPSS Score
0.366
Published
2011-01-18
Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.
CVSS Score
10.0
EPSS Score
0.435
Published
2011-01-13
Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.
CVSS Score
10.0
EPSS Score
0.468
Published
2011-01-13
Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.
CVSS Score
10.0
EPSS Score
0.494
Published
2011-01-13
Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.
CVSS Score
10.0
EPSS Score
0.494
Published
2011-01-13