Filtered by vendor Hp
Subscriptions
Filtered by product Hp-ux
Subscriptions
Total
469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29754 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. | ||||
| CVE-2021-29736 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. | ||||
| CVE-2021-29728 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-11-21 | 4.9 Medium |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. | ||||
| CVE-2021-29723 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-11-21 | 7.5 High |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | ||||
| CVE-2021-29722 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-11-21 | 7.5 High |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. | ||||
| CVE-2021-29703 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 7.5 High |
| Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659. | ||||
| CVE-2021-29678 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-11-21 | 8.7 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. | ||||
| CVE-2021-26582 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 6.1 Medium |
| A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). | ||||
| CVE-2021-20579 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. | ||||
| CVE-2021-20562 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232. | ||||
| CVE-2021-20560 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling Connect Direct User Interface and 3 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. | ||||
| CVE-2021-20515 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Informix Dynamic Server and 3 more | 2024-11-21 | 6.7 Medium |
| IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. | ||||
| CVE-2021-20480 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 6.5 Medium |
| IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. | ||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 7.5 High |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | ||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 7.5 High |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | ||||
| CVE-2020-4949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 8.2 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. | ||||
| CVE-2020-4937 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 7.5 High |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. | ||||
| CVE-2020-4762 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896. | ||||
| CVE-2020-4761 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 5.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895. | ||||
| CVE-2020-4658 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 6.1 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. | ||||