Hp Openview Network Node Manager vulnerabilities

CVE-2009-3840 [MEDIUM] CVE-2009-3840: The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.

CVE-2009-3977 [MEDIUM] CWE-119 CVE-2009-3977: Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: thi

CVE-2009-2298 [HIGH] CVE-2009-2298: Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allo Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420.

CVE-2009-1420 [CRITICAL] CVE-2009-1420: Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, whe Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

CVE-2009-0720 [CRITICAL] CWE-94 CVE-2009-0720: Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows r Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

CVE-2008-2438 [CRITICAL] CWE-189 CVE-2008-2438: Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.

CVE-2008-4559 [CRITICAL] CWE-20 CVE-2008-4559: HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute ar HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.

CVE-2008-4562 [CRITICAL] CWE-119 CVE-2008-4562: Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.

CVE-2008-4560 [HIGH] CWE-200 CVE-2008-4560: HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sen HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue

CVE-2008-0067 [CRITICAL] CWE-119 CVE-2008-0067: Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7 Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe,

CVE-2008-3544 [CRITICAL] CWE-119 CVE-2008-3544: Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.5 Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954.

CVE-2008-3545 [HIGH] CVE-2008-3545: Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7. Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-18

CVE-2008-3537 [HIGH] CVE-2008-3537: Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536.

CVE-2008-3536 [HIGH] CVE-2008-3536: Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537.

CVE-2008-1842 [CRITICAL] CWE-189 CVE-2008-1842: Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 a Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffe

CVE-2008-1852 [HIGH] CWE-399 CVE-2008-1852: ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allo ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.

CVE-2008-1853 [MEDIUM] CWE-399 CVE-2008-1853: The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other vers The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).

CVE-2008-1851 [MEDIUM] CWE-399 CVE-2008-1851: ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allo ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments.

CVE-2008-0068 [MEDIUM] CWE-22 CVE-2008-0068: Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01 Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

CVE-2008-1697 [CRITICAL] CWE-119 CVE-2008-1697: Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51 Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.