Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Filtered by product Hp-ux
Total 478 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-36038 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 9.0 CRITICAL
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
CVE-2025-33142 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 5.3 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
CVE-2025-33104 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 4.4 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-27907 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 4.1 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2024-45073 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Websphere Application Server and 4 more 2026-06-17 N/A 4.8 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45072 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 5.5 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2024-45071 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 5.5 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-38320 6 Apple, Hp, Ibm and 3 more 8 Macos, Hp-ux, Aix and 5 more 2026-06-17 N/A 5.9 MEDIUM
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-27254 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2026-06-17 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.
CVE-2023-50271 1 Hp 2 Hp-ux, System Management Homepage 2026-06-17 N/A 7.2 HIGH
A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.
CVE-2023-47747 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2026-06-17 N/A 5.3 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.
CVE-2023-47746 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2026-06-17 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.
CVE-2023-47158 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2026-06-17 N/A 5.3 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.
CVE-2023-45177 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-06-17 N/A 5.3 MEDIUM
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.
CVE-2023-42029 4 Hp, Ibm, Linux and 1 more 6 Hp-ux, Aix, Cics Tx and 3 more 2026-06-17 N/A 4.8 MEDIUM
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.
CVE-2023-42027 4 Hp, Ibm, Linux and 1 more 6 Hp-ux, Aix, Cics Tx and 3 more 2026-06-17 N/A 4.3 MEDIUM
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.
CVE-2023-38741 4 Hp, Ibm, Linux and 1 more 5 Hp-ux, Aix, Txseries For Multiplatform and 2 more 2026-06-17 N/A 7.5 HIGH
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.
CVE-2023-38729 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2026-06-17 N/A 6.8 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.
CVE-2023-33850 4 Hp, Ibm, Linux and 1 more 6 Hp-ux, Aix, Cics Tx and 3 more 2026-06-17 N/A 7.5 HIGH
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-33849 3 Hp, Ibm, Linux 5 Hp-ux, Aix, Cics Tx and 2 more 2026-06-17 N/A 3.7 LOW
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.