Vulnerabilities > HP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-3481 | XXE vulnerability in HP Arcsight Logger Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | 7.1 |
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2019-01-16 | CVE-2018-5740 | Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. | 7.5 |
| 2018-12-31 | CVE-2018-18593 | Path Traversal vulnerability in HP Ucmdb Configuration Manager Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. | 7.5 |
| 2018-12-03 | CVE-2018-7116 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Intelligent Management Center HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. | 7.5 |
| 2018-10-17 | CVE-2018-3169 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). | 8.3 |
| 2018-10-17 | CVE-2018-3149 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 8.3 |
| 2018-10-03 | CVE-2018-5921 | Cross-Site Request Forgery (CSRF) vulnerability in HP products A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. | 8.8 |
| 2018-09-27 | CVE-2018-7105 | Unspecified vulnerability in HP products A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. | 7.2 |
| 2018-09-27 | CVE-2018-7102 | Path Traversal vulnerability in HP Intelligent Management Center A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification. | 7.5 |