| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. |
| Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. |
| Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. |
| HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429. |
| HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428. |
| HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. |
| HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
| HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. |
| HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors. |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. |
| HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. |
| Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. |
| The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. |
