Vulnerabilities > HP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-24 | CVE-2015-5416 | Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0 Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. | 7.5 |
| 2015-07-06 | CVE-2015-2126 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.11Iv2/11.11Iv3 Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. | 7.2 |
| 2015-06-05 | CVE-2015-2124 | Local Security vulnerability in HP Smart Zero Core and Thinpro Linux Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. | 7.2 |
| 2015-05-25 | CVE-2015-2121 | Information Exposure vulnerability in HP Network Virtualization 11.52/8.61 HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. | 7.8 |
| 2015-05-25 | CVE-2015-2122 | Resource Management Errors vulnerability in HP SDN VAN Controller The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port. | 7.8 |
| 2015-05-25 | CVE-2015-2120 | Remote Privilege Escalation vulnerability in HP Sitescope 11.13/11.24.391/11.30.521 Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. | 8.7 |
| 2015-04-27 | CVE-2015-2117 | Improper Authentication vulnerability in HP products HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class. | 7.5 |
| 2015-04-24 | CVE-2015-3145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | 7.5 |
| 2015-03-31 | CVE-2015-2109 | Authentication Bypass vulnerability in HP Operations Orchestration 10.0 Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. | 7.5 |
| 2014-12-10 | CVE-2014-7879 | Improper Authentication vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. | 8.5 |