HP ypbind allows attackers with root privileges to modify NIS data.
Information from SSL-encrypted sessions via PKCS #1.
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors.
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.
Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.
HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.
Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors.
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.
Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.
Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors.
A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information.
HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.
HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP.
HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors.
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.