Hp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-3705 5Canonical DebianHp+2 more 6Debian Linux Icewall Federation AgentIcewall File Manager+3 more May 6, 2026 May 17, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service...Show more The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.Show less
CVE-2016-3627 7Canonical DebianHp+4 more 14Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+11 more May 6, 2026 May 17, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and applicatio...Show more The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.Show less
CVE-2016-2016 1Hp 3Base Vxfs 50 Base Vxfs 501Base Vxfs 51 May 6, 2026 May 14, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inherita...Show more Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.Show less
CVE-2016-2015 1Hp 1System Management Homepage May 6, 2026 May 14, 2016 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3710 7Canonical CitrixDebian+4 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 May 11, 2016 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the ban...Show more The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.Show less
CVE-2016-2014 1Hp 1Network Node Manager I May 6, 2026 May 7, 2016 N/A· v4 8.1 HIGH· v3 8.5 HIGH· v2 HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2016-2013 1Hp 1Network Node Manager I May 6, 2026 May 7, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-2012 1Hp 1Network Node Manager I May 6, 2026 May 7, 2016 N/A· v4 6.5 MEDIUM· v3 7.5 HIGH· v2 HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2016-2011 1Hp 1Network Node Manager I May 6, 2026 May 7, 2016 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a d...Show more Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.Show less
CVE-2016-2010 1Hp 1Network Node Manager I May 6, 2026 May 7, 2016 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a d...Show more Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.Show less
CVE-2016-2009 1Hp 1Network Node Manager I May 6, 2026 May 7, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (...Show more HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.Show less
CVE-2016-2107 8Canonical DebianGoogle+5 more 15Android Debian LinuxEnterprise Linux Desktop+12 more May 6, 2026 May 5, 2016 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a...Show more The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.Show less
CVE-2016-2008 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-2007 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
CVE-2016-2006 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
CVE-2016-2005 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
CVE-2016-2004 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists becaus...Show more HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.Show less
CVE-2016-2003 1Hp 2P9000 Command View Advanced Edition Software Xp7 Command View Advanced Edition Suite May 6, 2026 Apr 20, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, rela...Show more HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.Show less
CVE-2016-2001 1Hp 1Universal Cmbd Foundation May 6, 2026 Apr 12, 2016 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
CVE-2016-2000 1Hp 2Asset Manager Asset Manager Cloudsystem Chargeback May 6, 2026 Apr 5, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (A...Show more HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.Show less

Previous 1...505152...117 Next