Lucene search

K

HP Security Vulnerabilities

cve
cve

CVE-2021-29723

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID:...

7.5CVSS

7.3AI Score

0.001EPSS

2021-08-30 05:15 PM
26
cve
cve

CVE-2016-3705

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document...

7.5CVSS

7.6AI Score

0.011EPSS

2016-05-17 02:08 PM
68
cve
cve

CVE-2021-29722

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

7.5CVSS

7.2AI Score

0.001EPSS

2021-08-30 05:15 PM
17
cve
cve

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:...

4.9CVSS

5.8AI Score

0.001EPSS

2021-08-30 05:15 PM
25
cve
cve

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as...

7.5CVSS

7AI Score

0.011EPSS

2018-07-30 02:29 PM
40
cve
cve

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion...

6.7AI Score

0.018EPSS

2015-12-15 09:59 PM
74
cve
cve

CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS

8AI Score

0.936EPSS

2016-07-19 02:00 AM
266
4
cve
cve

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified...

6.7AI Score

0.018EPSS

2015-12-15 09:59 PM
72
cve
cve

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl...

7.8CVSS

6.5AI Score

0.0004EPSS

2016-02-08 03:59 AM
295
In Wild
2
cve
cve

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start...

6.5AI Score

0.011EPSS

2015-12-15 09:59 PM
74
cve
cve

CVE-2021-3809

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential...

7.8CVSS

8.1AI Score

0.0004EPSS

2023-02-01 07:15 AM
18
cve
cve

CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential...

7.8CVSS

8.1AI Score

0.0004EPSS

2023-02-01 07:15 AM
18
cve
cve

CVE-2021-3808

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential...

7.8CVSS

8.1AI Score

0.0004EPSS

2023-02-01 07:15 AM
14
cve
cve

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified...

7AI Score

0.002EPSS

2015-12-15 09:59 PM
99
cve
cve

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an.....

8.1CVSS

6.8AI Score

0.948EPSS

2016-07-19 02:00 AM
202
4
cve
cve

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving...

7.5CVSS

8.1AI Score

0.002EPSS

2016-06-09 04:59 PM
123
2
cve
cve

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers.....

8.1CVSS

8.4AI Score

0.974EPSS

2016-02-18 09:59 PM
200
5
cve
cve

CVE-2022-23454

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-02-01 07:15 AM
62
cve
cve

CVE-2022-23453

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-02-01 07:15 AM
43
cve
cve

CVE-2022-3990

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-02-01 07:15 AM
18
cve
cve

CVE-2022-23455

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-02-01 07:15 AM
36
cve
cve

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown...

9.8CVSS

9.5AI Score

0.009EPSS

2016-06-09 04:59 PM
119
4
cve
cve

CVE-2022-46357

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information...

8.8CVSS

8.9AI Score

0.0004EPSS

2023-01-30 08:15 AM
15
cve
cve

CVE-2022-46358

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information...

8.8CVSS

8.9AI Score

0.0004EPSS

2023-01-30 08:15 AM
15
cve
cve

CVE-2022-46359

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information...

8.8CVSS

8.9AI Score

0.0004EPSS

2023-01-30 08:15 AM
21
cve
cve

CVE-2022-46356

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information...

8.8CVSS

8.9AI Score

0.0004EPSS

2023-01-30 08:15 AM
18
cve
cve

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then....

3.7CVSS

4.8AI Score

0.974EPSS

2015-05-21 12:59 AM
872
In Wild
2
cve
cve

CVE-2019-4377

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID:...

4.3CVSS

4.2AI Score

0.001EPSS

2019-06-25 04:15 PM
118
cve
cve

CVE-2022-37018

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential...

8.4CVSS

8.6AI Score

0.001EPSS

2022-12-12 01:15 PM
28
cve
cve

CVE-2022-1038

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-12-12 01:15 PM
27
cve
cve

CVE-2021-3661

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential...

8.4CVSS

8.5AI Score

0.001EPSS

2022-12-12 01:15 PM
32
cve
cve

CVE-2021-3919

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential...

9.8CVSS

9.5AI Score

0.002EPSS

2022-12-12 01:15 PM
29
cve
cve

CVE-2021-3437

Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential...

9.8CVSS

9.7AI Score

0.002EPSS

2022-12-12 01:15 PM
36
cve
cve

CVE-2022-38395

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance...

7.8CVSS

7.5AI Score

0.001EPSS

2022-12-12 01:15 PM
33
cve
cve

CVE-2022-43780

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service...

7.5CVSS

7.4AI Score

0.001EPSS

2022-12-12 01:15 PM
23
cve
cve

CVE-2021-3821

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected...

9.8CVSS

9.3AI Score

0.002EPSS

2022-12-12 01:15 PM
25
cve
cve

CVE-2022-2794

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service...

7.5CVSS

7.3AI Score

0.001EPSS

2022-12-12 01:15 PM
29
cve
cve

CVE-2013-0543

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions....

9AI Score

0.003EPSS

2013-04-24 10:28 AM
36
cve
cve

CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service...

8.1CVSS

7.3AI Score

0.003EPSS

2016-01-14 10:59 PM
1655
cve
cve

CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private...

6.5CVSS

6.4AI Score

0.002EPSS

2016-01-14 10:59 PM
2875
2
cve
cve

CVE-2016-0371

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is...

5.5CVSS

5.4AI Score

0.0004EPSS

2017-02-01 09:59 PM
20
cve
cve

CVE-2019-4236

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker...

4.4CVSS

4.5AI Score

0.0004EPSS

2019-07-22 02:15 PM
39
cve
cve

CVE-2022-38712

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID:...

5.9CVSS

5.5AI Score

0.001EPSS

2022-11-03 08:15 PM
50
4
cve
cve

CVE-2007-5536

Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified...

6AI Score

0.0004EPSS

2007-10-18 12:17 AM
23
5
cve
cve

CVE-2009-0208

Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown...

7.6AI Score

0.014EPSS

2022-10-03 04:24 PM
27
cve
cve

CVE-2009-0721

Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown...

7.9AI Score

0.089EPSS

2022-10-03 04:24 PM
20
cve
cve

CVE-2009-2298

Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap...

8.2AI Score

0.63EPSS

2022-10-03 04:24 PM
28
cve
cve

CVE-2009-2686

Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H06.08.00 through H06.18.01, and J06.04.00 through J06.07.01 allows local users to gain privileges, cause a denial of service, or obtain "access to data" via unknown...

6.6AI Score

0.0004EPSS

2022-10-03 04:24 PM
21
cve
cve

CVE-2009-2681

Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown...

6.5AI Score

0.0004EPSS

2022-10-03 04:24 PM
31
cve
cve

CVE-2009-4189

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this.....

7.5AI Score

0.887EPSS

2022-10-03 04:24 PM
46
Total number of security vulnerabilities2364