| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors. |
| Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. |
| Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter. |
| The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. |
| Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server. |
| HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. |
| Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. |
| Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors. |
| Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmware 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. |
| Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. |
| Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. |
| Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors. |
| Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. |
| Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe. |
