| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. |
| The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters. |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors. |
| Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors. |
| The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530. |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document. |
| Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls. |
| Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. |
| Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. |
| Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors. |
| Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
| Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
| The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. |
| Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
