← Back

Hp

hp

2,335 CVEs • 17,248 products

Products (17,248)

Click to collapse
Toggle
Intelligent Management Center
intelligent_management_center
310 CVEs
Hp Ux
hp-ux
288 CVEs
Openview Network Node Manager
openview_network_node_manager
80 CVEs
System Management Homepage
system_management_homepage
78 CVEs
Instantos
instantos
56 CVEs
Xp7 Command View
xp7_command_view
53 CVEs
Systems Insight Manager
systems_insight_manager
50 CVEs
Matrix Operating Environment
matrix_operating_environment
34 CVEs
Tru64
tru64
32 CVEs
Network Node Manager I
network_node_manager_i
29 CVEs
Loadrunner
loadrunner
28 CVEs
Elite X2 G4 Firmware
elite_x2_g4_firmware
28 CVEs
Elitebook 830 G6 Firmware
elitebook_830_g6_firmware
28 CVEs
Elitebook 836 G6 Firmware
elitebook_836_g6_firmware
28 CVEs
Elitebook 840 G6 Firmware
elitebook_840_g6_firmware
28 CVEs
Elitebook 850 G6 Firmware
elitebook_850_g6_firmware
28 CVEs
Elitebook X360 1030 G4 Firmware
elitebook_x360_1030_g4_firmware
28 CVEs
Elitebook X360 1040 G6 Firmware
elitebook_x360_1040_g6_firmware
28 CVEs
Elitebook X360 830 G6 Firmware
elitebook_x360_830_g6_firmware
28 CVEs
Probook 640 G5 Firmware
probook_640_g5_firmware
28 CVEs
Probook 650 G5 Firmware
probook_650_g5_firmware
28 CVEs
Zhan X 13 G2 Firmware
zhan_x_13_g2_firmware
28 CVEs
Elite Dragonfly Firmware
elite_dragonfly_firmware
27 CVEs
Elite X2 1013 G3 Firmware
elite_x2_1013_g3_firmware
27 CVEs
Elitebook 1050 G1 Firmware
elitebook_1050_g1_firmware
27 CVEs
Elitebook 830 G5 Firmware
elitebook_830_g5_firmware
27 CVEs
Elitebook 836 G5 Firmware
elitebook_836_g5_firmware
27 CVEs
Elitebook 840 G5 Firmware
elitebook_840_g5_firmware
27 CVEs
Elitebook 846 G5 Firmware
elitebook_846_g5_firmware
27 CVEs
Elitebook 850 G5 Firmware
elitebook_850_g5_firmware
27 CVEs
Elitebook X360 1030 G3 Firmware
elitebook_x360_1030_g3_firmware
27 CVEs
Elitebook X360 1040 G5 Firmware
elitebook_x360_1040_g5_firmware
27 CVEs
Elitebook X360 830 G5 Firmware
elitebook_x360_830_g5_firmware
27 CVEs
Probook 430 G6 Firmware
probook_430_g6_firmware
27 CVEs
Zbook 14u G5 Firmware
zbook_14u_g5_firmware
27 CVEs
Zbook 14u G6 Firmware
zbook_14u_g6_firmware
27 CVEs
Zbook 15 G5 Firmware
zbook_15_g5_firmware
27 CVEs
Zbook 15 G6 Firmware
zbook_15_g6_firmware
27 CVEs
Zbook 15u G5 Firmware
zbook_15u_g5_firmware
27 CVEs
Zbook 15u G6 Firmware
zbook_15u_g6_firmware
27 CVEs
Zbook 17 G5 Firmware
zbook_17_g5_firmware
27 CVEs
Zbook 17 G6 Firmware
zbook_17_g6_firmware
27 CVEs
Zbook Studio G5 Firmware
zbook_studio_g5_firmware
27 CVEs
Zbook Studio X360 G5 Firmware
zbook_studio_x360_g5_firmware
27 CVEs
Zhan 66 Pro 13 G2 Firmware
zhan_66_pro_13_g2_firmware
27 CVEs
Zhan 66 Pro 14 G2 Firmware
zhan_66_pro_14_g2_firmware
27 CVEs
Zhan 66 Pro 15 G2 Firmware
zhan_66_pro_15_g2_firmware
27 CVEs
Probook 440 G8 Firmware
probook_440_g8_firmware
27 CVEs
Service Manager
service_manager
26 CVEs
Mp9 G4 Retail System Firmware
mp9_g4_retail_system_firmware
26 CVEs
Elitebook 840r G4 Firmware
elitebook_840r_g4_firmware
26 CVEs
Probook 430 G5 Firmware
probook_430_g5_firmware
26 CVEs
Probook 470 G5 Firmware
probook_470_g5_firmware
26 CVEs
Probook 640 G4 Firmware
probook_640_g4_firmware
26 CVEs
Probook 650 G4 Firmware
probook_650_g4_firmware
26 CVEs
Probook X360 440 G1 Firmware
probook_x360_440_g1_firmware
26 CVEs
Zhan 66 Pro G1 Firmware
zhan_66_pro_g1_firmware
26 CVEs
Elite Dragonfly G2 Firmware
elite_dragonfly_g2_firmware
25 CVEs
Elite Dragonfly Max Firmware
elite_dragonfly_max_firmware
25 CVEs
Elitebook X360 1030 G8 Firmware
elitebook_x360_1030_g8_firmware
25 CVEs
Probook 450 G5 Firmware
probook_450_g5_firmware
25 CVEs
Probook 640 G8 Firmware
probook_640_g8_firmware
25 CVEs
Storage Data Protector
storage_data_protector
24 CVEs
Elitebook 830 G7 Firmware
elitebook_830_g7_firmware
24 CVEs
Elitebook 830 G8 Firmware
elitebook_830_g8_firmware
24 CVEs
Elitebook 840 Aero G8 Firmware
elitebook_840_aero_g8_firmware
24 CVEs
Elitebook 840 G7 Firmware
elitebook_840_g7_firmware
24 CVEs
Elitebook 840 G8 Firmware
elitebook_840_g8_firmware
24 CVEs
Elitebook 850 G7 Firmware
elitebook_850_g7_firmware
24 CVEs
Elitebook 850 G8 Firmware
elitebook_850_g8_firmware
24 CVEs
Elitebook X360 1030 G7 Firmware
elitebook_x360_1030_g7_firmware
24 CVEs
Elitebook X360 1040 G7 Firmware
elitebook_x360_1040_g7_firmware
24 CVEs
Elitebook X360 830 G7 Firmware
elitebook_x360_830_g7_firmware
24 CVEs
Probook 430 G7 Firmware
probook_430_g7_firmware
24 CVEs
Probook 440 G7 Firmware
probook_440_g7_firmware
24 CVEs
Probook 450 G7 Firmware
probook_450_g7_firmware
24 CVEs
Probook 640 G7 Firmware
probook_640_g7_firmware
24 CVEs
Probook 650 G7 Firmware
probook_650_g7_firmware
24 CVEs
Zbook Create G7 Firmware
zbook_create_g7_firmware
24 CVEs
Zbook Firefly 14 G7 Firmware
zbook_firefly_14_g7_firmware
24 CVEs
Zbook Firefly 15 G7 Firmware
zbook_firefly_15_g7_firmware
24 CVEs
Zbook Fury 15 G7 Firmware
zbook_fury_15_g7_firmware
24 CVEs
Zbook Fury 17 G7 Firmware
zbook_fury_17_g7_firmware
24 CVEs
Zbook Power G7 Firmware
zbook_power_g7_firmware
24 CVEs
Zbook Studio G7 Firmware
zbook_studio_g7_firmware
24 CVEs
Zhan 66 Pro 14 G3 Firmware
zhan_66_pro_14_g3_firmware
24 CVEs
Zhan 66 Pro 15 G3 Firmware
zhan_66_pro_15_g3_firmware
24 CVEs
Sitescope
sitescope
23 CVEs
Elite X2 1012 G2 Firmware
elite_x2_1012_g2_firmware
23 CVEs
Elitebook 1040 G4 Firmware
elitebook_1040_g4_firmware
23 CVEs
Probook 440 G6 Firmware
probook_440_g6_firmware
23 CVEs
Probook 450 G6 Firmware
probook_450_g6_firmware
23 CVEs
Openvms
openvms
22 CVEs
Oneview
oneview
22 CVEs
Elite Slice Firmware
elite_slice_firmware
22 CVEs
Elitebook 840 G6 Healthcare Edition Firmware
elitebook_840_g6_healthcare_edition_firmware
22 CVEs
Probook 440 G5 Firmware
probook_440_g5_firmware
22 CVEs
Openview Storage Data Protector
openview_storage_data_protector
21 CVEs
Elitebook 735 G5 Firmware
elitebook_735_g5_firmware
21 CVEs
Elitebook 735 G6 Firmware
elitebook_735_g6_firmware
21 CVEs

CVEs (2,335)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-8527
1Hp
1Airwave
Nov 21, 2024
Aug 6, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, a...Show more
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.Show less
CVE-2016-8526
1Hp
1Airwave
Nov 21, 2024
Aug 6, 2018
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user...Show more
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.Show less
CVE-2016-4406
1Hp
2Integrated Lights Out 3 Firmware
Integrated Lights Out 4 Firmware
Nov 21, 2024
Aug 6, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.
CVE-2016-4405
1Hp
1Business Service Management
Nov 21, 2024
Aug 6, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26
CVE-2016-4404
1Hp
1Keyview
Nov 21, 2024
Aug 6, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.
CVE-2016-4403
1Hp
1Keyview
Nov 21, 2024
Aug 6, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.
CVE-2016-4402
1Hp
1Keyview
Nov 21, 2024
Aug 6, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.
CVE-2016-4400
1Hp
1Network Node Manager I
Nov 21, 2024
Aug 6, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).
CVE-2016-4399
1Hp
1Network Node Manager I
Nov 21, 2024
Aug 6, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).
CVE-2016-4398
1Hp
1Network Node Manager I
Nov 21, 2024
Aug 6, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.
CVE-2016-4397
1Hp
1Network Node Manager I
Nov 21, 2024
Aug 6, 2018
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.
CVE-2016-4392
1Hp
1Business Service Management
Nov 21, 2024
Aug 6, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.
CVE-2016-4391
1Hp
1Arcsight Winc Connector
Nov 21, 2024
Aug 6, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.
CVE-2016-9597
5Canonical
DebianHp+2 more
6Debian Linux
Icewall Federation AgentIcewall File Manager+3 more
Nov 21, 2024
Jul 30, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Ov...Show more
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.Show less
CVE-2017-12151
4Debian
HpRedhat+1 more
8Cifs Server
Debian LinuxEnterprise Linux+5 more
Nov 21, 2024
Jul 27, 2018
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DF...Show more
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.Show less
CVE-2017-3210
4Fujitsu
HpPhilips+1 more
6Display Assistant
Displayview ClickDisplayview Click Suite+3 more
Nov 21, 2024
Jul 24, 2018
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays S...Show more
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.Show less
CVE-2018-2973
4Hp
NetappOracle+1 more
20Active Iq Unified Manager
Cloud BackupE Series Santricity Os Controller+17 more
Nov 21, 2024
Jul 18, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exp...Show more
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).Show less
CVE-2018-2952
6Canonical
DebianHp+3 more
26Active Iq Unified Manager
Cloud BackupDebian Linux+23 more
Nov 21, 2024
Jul 18, 2018
N/A· v4
3.7 LOW· v3
4.3 MEDIUM· v2
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171;...Show more
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2018-2940
4Hp
NetappOracle+1 more
20Active Iq Unified Manager
Cloud BackupE Series Santricity Os Controller+17 more
Nov 21, 2024
Jul 18, 2018
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily expl...Show more
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).Show less
CVE-2018-12463
1Hp
1Fortify Software Security Center
Nov 21, 2024
Jul 12, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) att...Show more
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.Show less