HP Security Vulnerabilities
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root...
8CVSS
7.9AI Score
0.001EPSS
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands....
6.8CVSS
6.6AI Score
0.001EPSS
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary...
6.8CVSS
6.8AI Score
0.001EPSS
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local...
4.6CVSS
4.3AI Score
0.001EPSS
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS...
9.8CVSS
9.6AI Score
0.002EPSS
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects....
10CVSS
9.3AI Score
0.004EPSS
For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local...
5.2CVSS
6.9AI Score
0.001EPSS
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary...
7.2CVSS
7.3AI Score
0.001EPSS
HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary...
9.8CVSS
9.5AI Score
0.003EPSS
A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of...
7.5CVSS
7.4AI Score
0.001EPSS
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system...
6.7CVSS
7AI Score
0.0004EPSS
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
6.3CVSS
6.3AI Score
0.001EPSS
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
9.4CVSS
9.1AI Score
0.003EPSS
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
6.3CVSS
6.1AI Score
0.001EPSS
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr...
6.5CVSS
6.4AI Score
0.001EPSS
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
8.8CVSS
8.6AI Score
0.001EPSS
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
4.8CVSS
4.9AI Score
0.001EPSS
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
7.3CVSS
7.1AI Score
0.001EPSS
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...
7.2CVSS
6.9AI Score
0.001EPSS
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
9.4CVSS
9.1AI Score
0.002EPSS
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
5.4CVSS
5.4AI Score
0.001EPSS
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
9.4CVSS
9.2AI Score
0.001EPSS
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
9.4CVSS
9.3AI Score
0.003EPSS
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...
8.8CVSS
8.6AI Score
0.004EPSS
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure...
4.8CVSS
5.4AI Score
0.001EPSS
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...
3.7CVSS
3.8AI Score
0.002EPSS
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access.....
4.8CVSS
4.2AI Score
0.001EPSS
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
3.4CVSS
3.6AI Score
0.002EPSS
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access.....
3.1CVSS
3.5AI Score
0.001EPSS
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via....
5.3CVSS
4.6AI Score
0.001EPSS
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via....
5.3CVSS
4.6AI Score
0.001EPSS
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise...
5.1CVSS
4.8AI Score
0.002EPSS
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL...
5.9CVSS
5.7AI Score
0.001EPSS
Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers...
8.8CVSS
8.6AI Score
0.001EPSS
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the...
9.8CVSS
8.8AI Score
0.011EPSS
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than...
7.8CVSS
7.6AI Score
0.0004EPSS
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than...
7.8CVSS
7.6AI Score
0.0004EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration...
4.8CVSS
5.7AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request...
8.8CVSS
8.9AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration...
6.1CVSS
6.5AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer...
7.2CVSS
7.5AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer...
9.8CVSS
9.4AI Score
0.002EPSS
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and...
5.1CVSS
5.1AI Score
0.0004EPSS
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version...
7CVSS
7.1AI Score
0.002EPSS
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version...
8.3CVSS
7.8AI Score
0.002EPSS
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3...
8.8CVSS
9AI Score
0.006EPSS
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3...
8.8CVSS
9.2AI Score
0.001EPSS
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3...
8.8CVSS
9.2AI Score
0.001EPSS
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3...
8.8CVSS
9.2AI Score
0.001EPSS
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3...
8.8CVSS
9.2AI Score
0.001EPSS