Hp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14349 1Hp 1Sitescope May 13, 2026 Sep 30, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
CVE-2017-13991 1Hp 2Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express May 13, 2026 Sep 30, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
CVE-2017-13990 1Hp 2Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express May 13, 2026 Sep 30, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
CVE-2017-13989 1Hp 2Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express May 13, 2026 Sep 30, 2017 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
CVE-2017-13988 1Hp 2Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express May 13, 2026 Sep 30, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enab...Show more An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.Show less
CVE-2017-13987 1Hp 2Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express May 13, 2026 Sep 30, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
CVE-2017-13986 1Hp 2Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express May 13, 2026 Sep 30, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to th...Show more A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.Show less
CVE-2017-13985 1Hp 1Bsm Platform Application Performance Management System Health May 13, 2026 Sep 30, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.
CVE-2017-13984 1Hp 1Bsm Platform Application Performance Management System Health May 13, 2026 Sep 30, 2017 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
CVE-2017-13983 1Hp 1Bsm Platform Application Performance Management System Health May 13, 2026 Sep 30, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
CVE-2017-13982 1Hp 1Bsm Platform Application Performance Management System Health May 13, 2026 Sep 30, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
CVE-2015-0839 1Hp 1Linux Imaging And Printing May 13, 2026 Aug 2, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin dow...Show more The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.Show less
CVE-2016-4383 1Hp 1Helion Openstack Glance May 13, 2026 Jun 27, 2017 N/A· v4 8.4 HIGH· v3 8.5 HIGH· v2 The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notificati...Show more The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.Show less
CVE-2015-5436 1Hp 1Integrated Lights Out Firmware May 13, 2026 May 11, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial...Show more A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.Show less
CVE-2017-3733 2Hp Openssl 2Openssl Operations Agent May 13, 2026 May 4, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersui...Show more During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.Show less
CVE-2017-5638 7Apache ArubanetworksHp+4 more 9Clearpass Policy Manager Oncommand BalanceServer Automation+6 more Apr 21, 2026 Mar 11, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to ex...Show more The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.Show less
CVE-2016-8106 3Hp IntelLenovo 28Converged Hx5500 Appliance Converged Hx5510 ApplianceConverged Hx7500 Appliance+25 more May 6, 2026 Jan 9, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain netw...Show more A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.Show less
CVE-2016-2246 1Hp 1Thinpro May 6, 2026 Dec 29, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
CVE-2016-4396 1Hp 1System Management Homepage May 6, 2026 Oct 28, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
CVE-2016-4395 1Hp 1System Management Homepage May 6, 2026 Oct 28, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

Previous 1...464748...117 Next