CVE-2017-3733 – Encrypt-Then-Mac renegotiation crash
https://notcve.org/view.php?id=CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. Durante un protocolo de enlace de renegociación, si la extensión Encrypt-Then-Mac es negociada cuando no estaba en el protocolo de enlace original (o viceversa), se podría provocar el cierre inesperado de OpenSSL (dependiente de una suite de cifrado) en versiones 1.1.0 anteriores a la 1.1.0e. Tanto los clientes como los servidores se ven afectados. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/96269 http://www.securitytracker.com/id/1037846 https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us https://www.openssl.org/news/secadv/20170216.txt https://www.oracle.com/technetwork/security-advisory& • CWE-20: Improper Input Validation •
CVE-2014-2647 – HP Operations Agent - Cross-Site Scripting iFrame Injection
https://notcve.org/view.php?id=CVE-2014-2647
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en HP Operations Agent en HP Operations Manager (anteriormente OpenView Communications Broker) anterior a 11.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://www.exploit-db.com/exploits/35076 http://www.exploit-db.com/exploits/35076 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-2630 – xglance-bin 11.00 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-2630
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP Operations Agent 11.00, cuando Glance está utilizado, permite a usuarios locales ganar privilegios a través de vectores desconocidos. It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected. • https://www.exploit-db.com/exploits/48000 http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.html http://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Feb/1 http://secunia.com/advisories/60041 http://www.securitytracker.com/id/1030702 https://exchange.xforce.ibmcloud.com/vulnerabilities/95181 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394554 ht •
CVE-2012-2019 – HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2019
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. Vulnerabilidad no especificada en HP Agente de Operaciones antes de 3.11.12 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1325. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. • https://www.exploit-db.com/exploits/22306 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769 •
CVE-2012-2020 – HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2020
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. Vulnerabilidad no especificada en HP Operations Agent antes de v3.11.12 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocido como ZDI-CAN-1326. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. • https://www.exploit-db.com/exploits/22305 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769 •