Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Filtered by product Hp-ux
Total 407 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-4568 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Mq and 4 more 2021-07-21 4.3 MEDIUM 5.9 MEDIUM
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
CVE-2019-4656 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Mq and 5 more 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.
CVE-2021-29754 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2021-06-21 6.5 MEDIUM 8.8 HIGH
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.
CVE-2004-0940 6 Apache, Hp, Openpkg and 3 more 6 Http Server, Hp-ux, Openpkg and 3 more 2021-06-06 6.9 MEDIUM N/A
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2004-0809 8 Apache, Conectiva, Gentoo and 5 more 12 Http Server, Linux, Linux and 9 more 2021-06-06 5.0 MEDIUM N/A
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2021-20515 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Informix Dynamic Server and 3 more 2021-04-30 4.6 MEDIUM 6.7 MEDIUM
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
CVE-2021-26582 3 Hp, Microsoft, Redhat 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more 2021-04-22 4.3 MEDIUM 6.1 MEDIUM
A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).
CVE-2021-20480 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2021-04-13 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.
CVE-2015-3316 6 Broadcom, Ca, Hp and 3 more 11 Network And Systems Management, Client Automation, Network And Systems Management and 8 more 2021-04-09 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.
CVE-2015-3318 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2021-04-09 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.
CVE-2015-3317 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2021-04-09 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.
CVE-2021-20354 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2021-02-22 7.8 HIGH 7.5 HIGH
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
CVE-2020-4949 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2021-01-29 6.4 MEDIUM 8.2 HIGH
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
CVE-2020-4762 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2021-01-08 6.5 MEDIUM 8.8 HIGH
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896.
CVE-2020-4761 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2021-01-08 5.0 MEDIUM 5.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.
CVE-2019-4728 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2021-01-07 9.0 HIGH 8.8 HIGH
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.
CVE-2020-4657 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2020-12-17 4.3 MEDIUM 6.1 MEDIUM
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.
CVE-2020-4658 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2020-12-17 4.3 MEDIUM 6.1 MEDIUM
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.
CVE-2019-4738 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2020-12-11 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.
CVE-2020-4937 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2020-12-02 5.0 MEDIUM 7.5 HIGH
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.