| New User, Welcome! Login |
Next Page >>
HP software
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01439758
Version: 1
HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-04-24
Last Updated: 2008-04-24
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01311918
Version: 2
HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-21
Last Updated: 2008-01-02
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01311918
Version: 1
HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-21
Last Updated: 2007-12-21
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01439758
Version: 2
HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-04-24
Last Updated: 2010-10-25
Overview:
/////////
The flaw is located in the software called HP Software Update shipped with the HP notebooks to support automatic software updates and critical vulnerability patching. One of the ActiveX controls deployed by default by the vendor contains an insecure method giving a potential attacker the remote system arbitrary file write access.
Impact:
///////
Last Updated: 2012-10-31
Potential Security Impact: Remote disclosure of information, remote code
execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SiteScope.
The vulnerabilities in SiteScope SOAP features could be remotely exploited to
allow disclosure of information or code execution.
Last Updated: 2013-02-13
Potential Security Impact: Remote disclosure of information, remote code
execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SiteScope.
The vulnerabilities in SiteScope SOAP features could be remotely exploited to
allow disclosure of information or code execution.
Release Date: 2010-07-12
Last Updated: 2010-07-12
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP Client Automation Enterprise Infrastructure (Radia). The default configuration allows remote disclosure of information.
References: CVE-2010-1972
Release Date: 2010-05-25
Last Updated: 2010-05-25
Potential Security Impact: Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).
References: CVE-2008-2939, CVE-2008-2364, CVE-2008-0005, CVE-2007-6422, CVE-2007-6421, CVE-2007-6420, CVE-2007-6388, CVE-2007-5000
Release Date: 2010-03-24
Last Updated: 2010-03-24
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP Project and Portfolio Management Center (PPMC) formerly known as Mercury IT Governance. The vulnerabilities could be exploited remotely to allow cross site scripting (XSS)
References: CVE-2010-0452
Release Date: 2010-10-13
Last Updated: 2010-10-13
Potential Security Impact: Privilege escalation
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP ProCurve Access Points, Access Controllers, and Mobility Controllers. The vulnerability could be remotely exploited resulting in a privilege escalation.
References: CVE-2010-3287, HP PR57775, PR57777, PR57778, PR57779, PR57780, PR57781, PR57978, PR58030
Release Date: 2010-10-26
Last Updated: 2010-10-26
Potential Security Impact: Remote unauthenticated access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access.
References: CVE-2010-4029
Release Date: 2010-10-26
Last Updated: 2010-10-26
Potential Security Impact: Remote unauthenticated access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access.
References: CVE-2010-4029
Release Date: 2010-10-26
Last Updated: 2010-10-26
Potential Security Impact: Remote denial of service
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP LoadRunner Web Tours 9.10. The vulnerability could be remotely exploited to cause a denial of service.
References: CVE-2010-4028
Release Date: 2010-09-02
Last Updated: 2010-09-02
Potential Security Impact: Local elevation of privileges and remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations Agent running on Windows. The vulnerabilities could be exploited locally resulting in an elevation of privileges and remotely allowing execution of arbitrary code.
References: CVE-2010-3004, CVE-2010-3005
Release Date: 2011-03-14
Last Updated: 2011-03-14
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security problem has been identified with HP Client Automation Enterprise software (HPCA) running on Windows. HPCA was formerly known as Radia Notify. This vulnerability could be exploited to allow execution of arbitrary code.
References: CVE-2011-0889, ZDI-CAN-914
Release Date: 2011-04-21
Last Updated: 2011-05-03
Potential Security Impact: Cross Site Scripting (XSS) and HTML injection
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection.
References: CVE-2011-1726 (XSS), CVE-2011-1727 (HTML injection)
------------------------------------------------------------------------------
Potential Security Impact: Remote arbitrary file deletion
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files.
References: CVE-2011-2608, SA45079, SA44321
Last Updated: 2012-09-06
Potential Security Impact: Cross site scripting (XSS), cross site request
forgery (CSRF), and web session hijacking
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Business
Availability Center (BAC). The vulnerabilities could be remotely exploited to
allow cross site scripting (XSS), cross site request forgery (CSRF), and web
Release Date: 2012-09-17
Last Updated: 2012-09-17
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations
Orchestration. The vulnerability could be remotely exploited to allow
execution or arbitrary code.
Last Updated: 2012-09-19
Potential Security Impact: Remote disclosure of information, remote code
execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SiteScope.
The vulnerabilities in SiteScope SOAP features could be remotely exploited to
allow disclosure of information or code execution.
Last Updated: 2012-09-20
Potential Security Impact: Remote disclosure of information, remote code
execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SiteScope.
The vulnerabilities in SiteScope SOAP features could be remotely exploited to
allow disclosure of information or code execution.
Release Date: 2013-03-06
Last Updated: 2013-03-06
Potential Security Impact: Remote denial of service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP ServiceCenter.
The vulnerability could be remotely exploited to allow a remote Denial of
Service (DoS).
Release Date: 2013-04-29
Last Updated: 2013-04-29
Potential Security Impact: Apache Tomcat security update
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Several potential security vulnerabilities have been identified with HP
Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat
environment has been updated to correct these issues.
Release Date: 2013-04-29
Last Updated: 2013-04-29
Potential Security Impact: Java Runtime Environment (JRE) security update
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Several potential security vulnerabilities have been identified with HP
Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime
Environment (JRE) has been updated to correct these issues.
Last Updated: 2013-04-29
Potential Security Impact: Remote disclosure of information, Cross Site
Scripting(XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Service
Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable
to remote disclosure of information and cross site scripting (XSS).
Release Date: 2009-04-20
Last Updated: 2009-04-20
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP StorageWorks Storage Mirroring. These vulnerabilities could be exploited remotely to execute arbitrary code, cause a Denial of Service (DoS), or gain unauthorized access.
References: CVE-2009-0716, CVE-2009-0717, CVE-2009-0718
Release Date: 2010-04-20
Last Updated: 2010-04-20
Potential Security Impact: Remote cross site scripting (XSS), Denial of Service (DoS), execution of arbitrary code, unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS), Denial of Service (DoS), execution of arbitrary code, and unauthorized access.
References: CVE-2008-1468, CVE-2008-4226, CVE-2008-5557, CVE-2008-5814, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2010-1034
Release Date: 2010-03-23
Last Updated: 2010-03-26
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS).
References: SSRT090073, CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
Release Date: 2009-12-09
Last Updated: 2009-12-10
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0898 (SSRT090101), CVE-2009-3845 (SSRT090037), CVE-2009-3846 (SSRT090122), CVE-2009-3847 (SSRT090128), CVE-2009-3848 (SSRT090129), CVE-2009-3849 (SSRT090130), CVE-2009-4176 (SSRT090131), CVE-2009-4177 (SSRT090132), CVE-2009-4178 (SSRT090133), CVE-2009-4179 (SSRT090134), CVE-2009-4180 (SSRT090135), CVE-2009-4181 (SSRT090164)
Next Page>>
|
|
|
