| New User, Welcome! Login |
Next Page >>
HP software
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01439758
Version: 1
HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-04-24
Last Updated: 2008-04-24
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01311918
Version: 2
HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-21
Last Updated: 2008-01-02
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01311918
Version: 1
HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-21
Last Updated: 2007-12-21
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01439758
Version: 2
HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-04-24
Last Updated: 2010-10-25
Overview:
/////////
The flaw is located in the software called HP Software Update shipped with the HP notebooks to support automatic software updates and critical vulnerability patching. One of the ActiveX controls deployed by default by the vendor contains an insecure method giving a potential attacker the remote system arbitrary file write access.
Impact:
///////
Release Date: 2010-03-24
Last Updated: 2010-03-24
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP Project and Portfolio Management Center (PPMC) formerly known as Mercury IT Governance. The vulnerabilities could be exploited remotely to allow cross site scripting (XSS)
References: CVE-2010-0452
Release Date: 2010-05-25
Last Updated: 2010-05-25
Potential Security Impact: Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).
References: CVE-2008-2939, CVE-2008-2364, CVE-2008-0005, CVE-2007-6422, CVE-2007-6421, CVE-2007-6420, CVE-2007-6388, CVE-2007-5000
Release Date: 2010-07-12
Last Updated: 2010-07-12
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP Client Automation Enterprise Infrastructure (Radia). The default configuration allows remote disclosure of information.
References: CVE-2010-1972
Release Date: 2010-10-13
Last Updated: 2010-10-13
Potential Security Impact: Privilege escalation
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP ProCurve Access Points, Access Controllers, and Mobility Controllers. The vulnerability could be remotely exploited resulting in a privilege escalation.
References: CVE-2010-3287, HP PR57775, PR57777, PR57778, PR57779, PR57780, PR57781, PR57978, PR58030
Release Date: 2010-10-26
Last Updated: 2010-10-26
Potential Security Impact: Remote unauthenticated access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access.
References: CVE-2010-4029
Release Date: 2010-10-26
Last Updated: 2010-10-26
Potential Security Impact: Remote unauthenticated access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access.
References: CVE-2010-4029
Release Date: 2010-10-26
Last Updated: 2010-10-26
Potential Security Impact: Remote denial of service
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP LoadRunner Web Tours 9.10. The vulnerability could be remotely exploited to cause a denial of service.
References: CVE-2010-4028
Release Date: 2010-09-02
Last Updated: 2010-09-02
Potential Security Impact: Local elevation of privileges and remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations Agent running on Windows. The vulnerabilities could be exploited locally resulting in an elevation of privileges and remotely allowing execution of arbitrary code.
References: CVE-2010-3004, CVE-2010-3005
Release Date: 2011-03-14
Last Updated: 2011-03-14
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security problem has been identified with HP Client Automation Enterprise software (HPCA) running on Windows. HPCA was formerly known as Radia Notify. This vulnerability could be exploited to allow execution of arbitrary code.
References: CVE-2011-0889, ZDI-CAN-914
Release Date: 2011-04-21
Last Updated: 2011-05-03
Potential Security Impact: Cross Site Scripting (XSS) and HTML injection
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection.
References: CVE-2011-1726 (XSS), CVE-2011-1727 (HTML injection)
------------------------------------------------------------------------------
Potential Security Impact: Remote arbitrary file deletion
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files.
References: CVE-2011-2608, SA45079, SA44321
Release Date: 2009-11-12
Last Updated: 2010-01-19
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Power Manager. The vulnerability could be exploited remotely to execute arbitrary code.
References: CVE-2009-2685
Release Date: 2009-11-17
Last Updated: 2010-01-26
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2009-3840
Release Date: 2010-06-08
Last Updated: 2010-06-08
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server.
References: CVE-2010-1960 (SSRT100027, ZDI-CAN-684)
Release Date: 2010-06-23
Last Updated: 2010-06-23
Potential Security Impact: Remote Denial of Service (DoS) and execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited
by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
Release Date: 2009-02-23
Last Updated: 2009-11-17
Potential Security Impact: Local escalation of privilege
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running VRTSvxfs and VRTSodm. The vulnerability could be exploited locally to cause an escalation of privilege. VRTSvxfs and VRTSodm are bundled with Storage Management Suite (SMS) and Storage Management for Oracle (SMO).
References: CVE-2009-0207
Release Date: 2010-03-29
Last Updated: 2010-03-26
Potential Security Impact: Local Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability have been identified with HP-UX with AudFilter rules enabled. The vulnerability could be exploited locally to create a Denial of Service (DoS).
References: CVE-2010-1030
Release Date: 2010-02-08
Last Updated: 2010-02-08
Potential Security Impact: Remote Increase in privilege, Denial of Service and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer
Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation,
Release Date: 2009-09-15
Last Updated: 2009-09-15
Potential Security Impact: Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified on the HP StorageWorks Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
References: CVE-2009-2680
Release Date: 2009-08-10
Last Updated: 2009-08-10
Potential Security Impact: Local Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability have been identified with HP-UX programs using the ttrace(2) system call. The vulnerability could be exploited locally to create a Denial of Service (DoS).
References: CVE-2009-1427
Release Date: 2010-04-19
Last Updated: 2010-04-16
Potential Security Impact: Local Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability have been identified with HP-UX. This vulnerability could be exploited locally to create a Denial of Service (DoS).
References: CVE-2010-1032
Release Date: 2009-08-10
Last Updated: 2009-08-10
Potential Security Impact: Local Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability have been identified with HP-UX programs using the ttrace(2) system call. The vulnerability could be exploited locally to create a Denial of Service (DoS).
References: CVE-2009-1427
Release Date: 2009-11-18
Last Updated: 2009-12-10
Potential Security Impact: Remote unauthorized access to data, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS).
References: CVE-2009-3842
Release Date: 2010-03-29
Last Updated: 2010-03-29
Potential Security Impact: Remote unauthorized access to data, cross site scripting (XSS), privilege escalation
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SOA Registry Foundation. The vulnerabilities could be exploited remotely to gain unauthorized access to data, for cross site scripting (XSS), or to escalate privileges.
References: CVE-2010-0448, CVE-2010-0449, CVE-2010-0450
Release Date: 2010-02-09
Last Updated: 2010-02-12
Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) .
References: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360
Next Page>>
|
|
|
