8 matches found
CVE-2019-18909
HP ThinPro VPN command-injection (CVE-2019-18909) arises from unsafe handling of user input, enabling potential command execution with root privileges. Affected HP ThinPro Linux versions include 6.2, 6.2.1, 7.0, and 7.1 (Citrix-related component in 6.x/7.x). The issue is documented across multipl...
CVE-2019-18910
CVE-2019-18910 involves the Citrix Receiver wrapper function that does not safely handle user input, enabling command injection to execute with local privileges. Affected products include HP ThinPro Linux (versions 6.2, 6.2.1, 7.0, 7.1) where the vulnerability can occur through the Citrix Receive...
CVE-2019-16287
CVE-2019-16287 affects HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, where an application filter bypass can allow an attacker to create a local file and enter Administrative Mode, enabling elevated commands. The issue is addressed by HP with multiple patches: HP Firefox 60.9.0esr for ThinPro 6.2–7.1 ...
CVE-2022-1602
CVE-2022-1602 concerns HP ThinPro 7.2 SP8. The vulnerability originates in SP8 and is not remedied by upgrading to SP9; HP released SP10 to remediate the issue introduced in SP8. Affected software: HP ThinPro 7.2 with SP8 (and through SP9 as per PT/Red Hat/Radiation entries). Impact details in th...
CVE-2017-2740
CVE-2017-2740 affects the HP ThinPro operating system command line shell across multiple releases (4.4, 5.0, 5.1, 5.2, 5.2.1, 6.1). The vulnerability could enable local unauthorized elevation of privilege on HP thin client devices. HP and related records describe a privilege escalation via the Th...
CVE-2016-2246
CVE-2016-2246 concerns HP ThinPro 4.4–6.1, where the keyboard layout control panel and the Virtual Keyboard application are mishandled, enabling local users to bypass access restrictions and elevate privileges. Root cause and impact are described as local unauthorized access with privilege elevat...
CVE-2025-43017
HP ThinPro 8.1 has a vulnerability in its system management application where user identity verification can fail. Multiple sources (HP advisories and various CVE trackers) indicate the issue affects HP ThinPro 8.1 prior to SP8 and that HP released HP ThinPro 8.1 SP8 to mitigate potential vulnera...
CVE-2025-43024
CVE-2025-43024 relates to HP ThinPro 8.1 SP8 and involves a GUI dialog that allows unauthorized viewing of files on the file system. The root cause is an insufficient access check in the dialog that displays file-system contents, enabling information disclosure. Public details across connected so...