Filtered by vendor Hp
Subscribe
Total
2513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6138 | 1 Hp | 6 Z440 Workstation, Z440 Workstation Firmware, Z640 Workstation and 3 more | 2025-12-22 | N/A | 7.9 HIGH |
|
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.
|
|||||
| CVE-2025-14432 | 1 Hp | 18 Poly Eagleeye Cube, Poly Eagleeye Iv, Poly Studio A2 and 15 more | 2025-12-18 | N/A | 4.9 MEDIUM |
|
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.
|
|||||
| CVE-2025-13492 | 1 Hp | 1 Image Assistant | 2025-12-05 | N/A | 7.0 HIGH |
|
A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability
could potentially allow a local attacker to escalate privileges via a race condition when installing packages.
|
|||||
| CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 14 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 11 more | 2025-12-04 | 5.0 MEDIUM | 7.5 HIGH |
|
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
|
|||||
| CVE-2015-3113 | 8 Adobe, Apple, Hp and 5 more | 18 Flash Player, Mac Os X, Insight Orchestration and 15 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
|
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
|
|||||
| CVE-2012-1823 | 8 Apple, Debian, Fedoraproject and 5 more | 17 Mac Os X, Debian Linux, Fedora and 14 more | 2025-11-04 | 7.5 HIGH | 9.8 CRITICAL |
|
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
|
|||||
| CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2025-11-03 | N/A | 7.5 HIGH |
|
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
|
|||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2025-11-03 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
|
|||||
| CVE-2013-4810 | 1 Hp | 2 Application Lifecycle Management, Procurve Manager | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
|
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
|
|||||
| CVE-2005-2773 | 1 Hp | 1 Openview Network Node Manager | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
|
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
|
|||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
|
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
|
|||||
| CVE-2015-8651 | 9 Adobe, Apple, Google and 6 more | 22 Air, Air Sdk, Air Sdk \& Compiler and 19 more | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
|
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2025-43489 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 5.2 MEDIUM |
|
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2025-43020 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 6.8 MEDIUM |
|
A potential command
injection vulnerability has been identified in the Poly Clariti Manager for
versions prior to 10.12.2. The vulnerability could allow a privileged user
to submit arbitrary input. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2025-43021 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 5.7 MEDIUM |
|
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2025-43022 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 7.2 HIGH |
|
A potential SQL injection vulnerability has been identified in the Poly
Clariti Manager for versions prior to 10.12.1. The vulnerability could allow
a privileged user to execute SQL commands. HP has addressed the issue in
the latest software update.
|
|||||
| CVE-2025-43483 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 5.7 MEDIUM |
|
A potential security vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has
addressed the issue in the latest software update.
|
|||||
| CVE-2025-43484 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 6.1 MEDIUM |
|
A potential reflected cross-site scripting vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
website does not validate or sanitize the user input before rendering it in the
response. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2025-43485 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 4.5 MEDIUM |
|
A potential security
vulnerability has been identified in the Poly Clariti Manager for versions
prior to 10.12.2. The vulnerability could potentially allow a privileged
user to retrieve credentials from the log files. HP has addressed the issue in
the latest software update.
|
|||||
| CVE-2025-43486 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 4.8 MEDIUM |
|
A potential stored cross-site scripting vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
website allows user input to be stored and rendered without proper
sanitization. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2025-43487 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 6.8 MEDIUM |
|
A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2025-43488 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 4.8 MEDIUM |
|
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.
|
|||||
| CVE-2024-41913 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 8.8 HIGH |
|
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
|
|||||
| CVE-2024-41911 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 5.4 MEDIUM |
|
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.
|
|||||
| CVE-2024-41912 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 9.8 CRITICAL |
|
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
|
|||||
| CVE-2024-41910 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 6.1 MEDIUM |
|
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.
|
|||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 8 Macos, Hp-ux, Aix and 5 more | 2025-08-18 | N/A | 5.9 MEDIUM |
|
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-33142 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-18 | N/A | 5.3 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
|
|||||
| CVE-2025-36038 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-18 | N/A | 9.0 CRITICAL |
|
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
|
|||||
| CVE-2025-33104 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-18 | N/A | 4.4 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-27907 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-18 | N/A | 4.1 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2023-45177 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-03 | N/A | 5.3 MEDIUM |
|
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.
|
|||||
| CVE-2024-31483 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 4.9 MEDIUM |
|
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
|
|||||
| CVE-2024-31482 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 5.3 MEDIUM |
|
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.
|
|||||
| CVE-2024-31481 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 5.3 MEDIUM |
|
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
|
|||||
| CVE-2024-31480 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 5.3 MEDIUM |
|
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
|
|||||
| CVE-2024-31479 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 5.3 MEDIUM |
|
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
|
|||||
| CVE-2024-31477 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 7.2 HIGH |
|
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2024-31476 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 7.2 HIGH |
|
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2024-31475 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 8.2 HIGH |
|
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.
|
|||||