Hp Security Vulnerabilities
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.
6.8AI Score
0.003EPSS
Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.
7.8AI Score
0.859EPSS
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.8AI Score
0.002EPSS
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
5.8AI Score
0.001EPSS
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.
7.9AI Score
0.027EPSS
Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.7AI Score
0.002EPSS
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.
6.1AI Score
0.003EPSS
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with...
5.6AI Score
0.953EPSS
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
4.3AI Score
0.019EPSS
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
4.1AI Score
0.004EPSS
Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
4.3AI Score
0.016EPSS
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905.
4.5AI Score
0.015EPSS
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
7.1AI Score
0.001EPSS
Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666.
7.8AI Score
0.924EPSS
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.8AI Score
0.017EPSS
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
7.2AI Score
0.001EPSS
Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.
6.8AI Score
0.009EPSS
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
7.7AI Score
0.761EPSS
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008.
7.8AI Score
0.835EPSS
Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
5.3AI Score
0.001EPSS
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.
7.5AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.8AI Score
0.014EPSS
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.
5.7AI Score
0.0004EPSS
Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors.
7.8AI Score
0.034EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.
7.3AI Score
0.013EPSS
The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-1656.
7.5AI Score
0.412EPSS
The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004.
7.5AI Score
0.412EPSS
Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
6.5AI Score
0.0004EPSS
Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
6.9AI Score
0.007EPSS
Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.
6.9AI Score
0.216EPSS
Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.
6.6AI Score
0.0004EPSS
Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
6.6AI Score
0.003EPSS
Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932.
7.7AI Score
0.859EPSS
Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and StoreOnce 4xxx Backup System before 3.9.0 allows remote attackers to obtain sensitive information or ca...
6.7AI Score
0.004EPSS
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.
5.8AI Score
0.002EPSS
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
7.8AI Score
0.912EPSS
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.
5.9AI Score
0.001EPSS
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.
7.5AI Score
0.086EPSS
Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.
6.5AI Score
0.0004EPSS
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.
7.9AI Score
0.034EPSS
Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
6.4AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.7AI Score
0.017EPSS
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
7.6AI Score
0.971EPSS
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5.9AI Score
0.002EPSS
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
6.1AI Score
0.0004EPSS
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
7.2AI Score
0.005EPSS
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
7.5AI Score
0.001EPSS
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.
4.3AI Score
0.019EPSS
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.
4.5AI Score
0.022EPSS
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
5.5AI Score
0.02EPSS