Unknown · CVSS Not scored
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Published Feb 6, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
Published Feb 19, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.
Published Feb 26, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
Published Feb 2, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.
Published Feb 6, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Medium · CVSS 5.4
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.
Published Feb 5, 2019 · Updated Sep 17, 2024
Unknown · CVSS Not scored
An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
Published Feb 19, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
Published Feb 16, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.
Published Feb 6, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
Published Feb 7, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461.
Published Feb 21, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.
Published Feb 1, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.
Published Feb 13, 2018 · Updated Sep 17, 2024