The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of HPE Application Performance Management

glibc: buffer overflow of gethostbyname, GHOST
An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector...
198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CTX200437, CVE-2015-0235, DSA-2019-197, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332
Linux kernel: privilege escalation via IRET gsbase
A local attacker can call an IRET on the Linux kernel, in order to escalate his privileges...
c04594684, CERTFR-2014-AVI-532, CERTFR-2015-AVI-021, CERTFR-2015-AVI-054, CVE-2014-9322, HPSBGN03282, KM01411792, MDVSA-2015:027, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, openSUSE-SU-2014:1678-1, openSUSE-SU-2015:0566-1, RHSA-2014:1997-01, RHSA-2014:1998-01, RHSA-2014:2008-01, RHSA-2014:2009-01, RHSA-2014:2010-01, RHSA-2014:2028-01, RHSA-2014:2029-01, RHSA-2014:2030-01, RHSA-2014:2031-01, RHSA-2015:0009-01, SOL16122, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0068-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0736-1, SUSE-SU-2015:0812-1, USN-2464-1, USN-2491-1, VIGILANCE-VUL-15815
Linux kernel: multiple vulnerabilities of SCTP
An attacker can use several vulnerabilities of SCTP of the Linux kernel...
c04594684, CERTFR-2014-AVI-455, CERTFR-2014-AVI-459, CERTFR-2014-AVI-495, CERTFR-2014-AVI-528, CERTFR-2014-AVI-532, CERTFR-2015-AVI-051, CERTFR-2015-AVI-165, CERTFR-2018-AVI-361, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, DSA-3060-1, FEDORA-2014-13558, FEDORA-2014-13773, FEDORA-2014-14068, HPSBGN03282, KM01411792, MDVSA-2014:230, MDVSA-2015:027, openSUSE-SU-2014:1677-1, openSUSE-SU-2014:1678-1, openSUSE-SU-2015:0566-1, RHSA-2014:1971-01, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, RHSA-2015:0043-01, RHSA-2015:0062-01, RHSA-2015:0115-01, SOL15910, SOL16025, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0068-1, SUSE-SU-2015:0178-1, SUSE-SU-2015:0481-1, SUSE-SU-2015:0529-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0652-1, SUSE-SU-2015:0736-1, SUSE-SU-2015:0812-1, SUSE-SU-2018:2062-1, USN-2417-1, USN-2418-1, USN-2441-1, USN-2442-1, USN-2445-1, USN-2446-1, USN-2447-1, USN-2447-2, USN-2448-1, USN-2448-2, VIGILANCE-VUL-15554
SSL 3.0: decrypting session, POODLE
An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information...
10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, CERTFR-2016-AVI-303, cisco-sa-20141015-poodle, cpujul2017, CTX216642, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, openSUSE-SU-2017:0980-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193
Linux kernel: infinite loop of __udf_read_inode
An attacker can mount an UDF file system, to generate a large recursion in __udf_read_inode(), in order to trigger a denial of service of the Linux kernel...
c04594684, CERTFR-2014-AVI-413, CERTFR-2014-AVI-532, CVE-2014-6410, FEDORA-2014-11008, HPSBGN03282, KM01411792, MDVSA-2014:201, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, RHSA-2014:1318-01, RHSA-2014:1971-01, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, SUSE-SU-2014:1316-1, SUSE-SU-2014:1319-1, USN-2374-1, USN-2375-1, USN-2376-1, USN-2377-1, USN-2378-1, USN-2379-1, VIGILANCE-VUL-15353
Linux kernel: unreachable memory reading via SO_KEEPALIVE
An attacker can force a read at an invalid address via SO_KEEPALIVE on the Linux kernel, in order to trigger a denial of service...
c04594684, CERTFR-2014-AVI-532, CERTFR-2015-AVI-165, CVE-2012-6657, HPSBGN03282, KM01411792, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, SOL16011, SUSE-SU-2015:0652-1, SUSE-SU-2015:0812-1, VIGILANCE-VUL-15352
Linux kernel: denial of service via ISOFS
A local attacker can mount a malicious ISOFS image on the Linux kernel, in order to trigger a denial of service...
c04594684, CERTFR-2014-AVI-396, CERTFR-2014-AVI-532, CERTFR-2015-AVI-136, CERTFR-2015-AVI-164, CVE-2014-5471, CVE-2014-5472, FEDORA-2014-11008, FEDORA-2014-9959, HPSBGN03282, KM01411792, MDVSA-2014:201, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, openSUSE-SU-2015:0566-1, RHSA-2014:1318-01, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, RHSA-2015:0102-01, RHSA-2015:0695-01, RHSA-2015:0782-01, RHSA-2015:0803-01, SUSE-SU-2014:1316-1, SUSE-SU-2014:1319-1, SUSE-SU-2015:0481-1, SUSE-SU-2015:0812-1, USN-2354-1, USN-2355-1, USN-2356-1, USN-2357-1, USN-2358-1, USN-2359-1, VIGILANCE-VUL-15230
HP Business Service Management: code execution via WAR
A remote attacker can deploy a WAR application in HP Business Service Management, in order to execute code with system privileges...
BID-53556, c03377648, CVE-2012-2561, HPSBMU02792, SSRT100820, VIGILANCE-VUL-11634, VU#859230
HP BAC, BSM: Cross Site Scripting
An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management...
BID-45944, c02678501, CERTA-2011-AVI-035, CVE-2011-0274, HPSBMA02622, SSRT100342, VIGILANCE-VUL-10289
JBoss Enterprise Application Platform: three vulnerabilities
An attacker can use three vulnerabilities of JBoss Enterprise Application Platform, in order to access to the console or to obtain sensitive information...
BID-39710, c03057508, c03127140, c03824583, CA20130213-01, CERTA-2013-AVI-440, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, HPSBMU02714, HPSBMU02736, HPSBMU02894, RHSA-2010:0376-01, RHSA-2010:0377-01, RHSA-2010:0378-01, RHSA-2010:0379-01, SSRT100244, SSRT100699, VIGILANCE-VUL-9613
Our database contains other pages. You can request a free trial to read them.

Display information about HPE Application Performance Management: