Vulnerabilities > HP

DATE CVE VULNERABILITY TITLE RISK
2016-01-08 CVE-2015-6862 Improper Access Control vulnerability in HP Ucmdb Browser 4.0.1
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
local
low complexity
hp CWE-284
8.4
2016-01-05 CVE-2015-6860 Permissions, Privileges, and Access Controls vulnerability in HP products
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
local
low complexity
hp CWE-264
8.4
2016-01-05 CVE-2015-6859 Permissions, Privileges, and Access Controls vulnerability in HP Network Switch Software 15.18.0
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
local
low complexity
hp CWE-264
7.8
2016-01-05 CVE-2015-6858 Information Exposure vulnerability in HP Insight Management 7.4
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
network
high complexity
hp CWE-200
3.7
2016-01-05 CVE-2015-5447 Cross-site Scripting vulnerability in HP Storeonce Backup System Software 3.13.0
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
hp CWE-79
5.4
2016-01-05 CVE-2015-5446 Unspecified vulnerability in HP Storeonce Backup System Software 3.13.0
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
high complexity
hp
7.5
2016-01-05 CVE-2015-5445 Cross-Site Request Forgery (CSRF) vulnerability in HP Storeonce Backup System Software 3.13.0
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
hp CWE-352
8.8
2016-01-05 CVE-2015-5434 Permissions, Privileges, and Access Controls vulnerability in HP products
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
network
low complexity
hp CWE-264
6.5
2015-12-28 CVE-2015-8651 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe redhat suse opensuse hp CWE-190
8.8
2015-06-23 CVE-2015-3113 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
network
low complexity
adobe opensuse suse hp redhat CWE-787
critical
9.8