| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet. |
| Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors. |
| Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. |
| Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors. |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. |
| Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. |
| The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." |
| The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh. |
| IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. |
| wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564. |
| Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie. |
| The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters. |
| The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors. |
| Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS). |
| Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. |
| HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
