Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Total 2149 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39002 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 5.0 MEDIUM 7.5 HIGH
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2021-29678 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 5.5 MEDIUM 8.7 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.
CVE-2021-38926 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 2.1 LOW 5.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.
CVE-2021-38931 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 4.0 MEDIUM 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.
CVE-2019-18910 2 Hp, Linux 2 Thinpro, Linux Kernel 2022-01-01 4.6 MEDIUM 6.8 MEDIUM
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
CVE-2019-18909 2 Hp, Linux 2 Thinpro, Linux Kernel 2022-01-01 7.7 HIGH 8.0 HIGH
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
CVE-2019-18915 1 Hp 1 System Event Utility 2022-01-01 7.2 HIGH 7.8 HIGH
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
CVE-2020-7209 1 Hp 1 Linuxki 2022-01-01 7.5 HIGH 9.8 CRITICAL
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
CVE-2019-5736 13 Apache, Canonical, D2iq and 10 more 19 Mesos, Ubuntu Linux, Dc\/os and 16 more 2021-12-16 9.3 HIGH 8.6 HIGH
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
CVE-2021-39048 4 Hp, Ibm, Linux and 1 more 6 Hp-ux, Aix, Spectrum Protect Backup-archive Client and 3 more 2021-12-16 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.
CVE-2021-29214 1 Hp 1 Storeserv Management Console 2021-12-14 6.5 MEDIUM 7.2 HIGH
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.
CVE-2021-38951 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2021-12-14 5.0 MEDIUM 7.5 HIGH
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.
CVE-2021-20373 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2021-12-14 5.0 MEDIUM 7.5 HIGH
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
CVE-2021-29212 1 Hp 1 Ilo Amplifier Pack 2021-12-03 10.0 HIGH 9.8 CRITICAL
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.
CVE-2021-20562 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2021-11-28 3.5 LOW 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.
CVE-2020-28419 1 Hp 1503 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy15a, Laserjet Managed Mfp E62665 3gy16a and 1500 more 2021-11-24 6.8 MEDIUM 8.8 HIGH
During installation with certain driver software or application packages an arbitrary code execution could occur.
CVE-2018-1853 6 Apple, Hp, Ibm and 3 more 7 Macos, Hp-ux, Aix and 4 more 2021-11-20 4.3 MEDIUM 6.1 MEDIUM
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.
CVE-2016-2177 3 Hp, Openssl, Oracle 6 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 3 more 2021-11-17 7.5 HIGH 9.8 CRITICAL
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
CVE-2016-2182 3 Hp, Openssl, Oracle 6 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 3 more 2021-11-17 7.5 HIGH 9.8 CRITICAL
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-6306 4 Hp, Nodejs, Novell and 1 more 7 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 4 more 2021-11-17 4.3 MEDIUM 5.9 MEDIUM
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.