Filtered by vendor Hp
Subscribe
Total
2513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7144 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-7143 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-7142 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-7141 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-7140 | 3 Hp, Microsoft, Redhat | 4 Icewall Sso Dfw, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess
|
|||||
| CVE-2020-7135 | 1 Hp | 1 Service Pack For Proliant | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary co ...
Show More |
|||||
| CVE-2020-7134 | 1 Hp | 1 Hpe Iot \+ Gcp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
|
|||||
| CVE-2020-7133 | 1 Hp | 1 Hpe Iot \+ Gcp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
|
|||||
| CVE-2020-7132 | 1 Hp | 1 Onboard Administrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows).
|
|||||
| CVE-2020-7131 | 1 Hp | 3 Blade Maintenance Entity, Integrated Maintenance Entity, Maintenance Entity | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
|
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access ...
Show More |
|||||
| CVE-2020-7130 | 1 Hp | 1 Oneview Global Dashboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.
|
|||||
| CVE-2020-6931 | 1 Hp | 1 Print And Scan Doctor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
|
|||||
| CVE-2020-6922 | 1 Hp | 1 Support Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
|
|||||
| CVE-2020-6921 | 1 Hp | 1 Support Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
|
|||||
| CVE-2020-6920 | 1 Hp | 1 Support Assistant | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
|
|||||
| CVE-2020-6919 | 1 Hp | 1 Support Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
|
|||||
| CVE-2020-6918 | 1 Hp | 1 Support Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
|
|||||
| CVE-2020-6917 | 1 Hp | 1 Support Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
|
|||||
| CVE-2020-4949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
|
|||||
| CVE-2020-4937 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.
|
|||||
| CVE-2020-4762 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896.
|
|||||
| CVE-2020-4761 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.
|
|||||
| CVE-2020-4658 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.
|
|||||
| CVE-2020-4657 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.
|
|||||
| CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
|
|||||
| CVE-2020-4578 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.
|
|||||
| CVE-2020-4559 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Spectrum Protect and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.
|
|||||
| CVE-2020-4365 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.
|
|||||
| CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
|
|||||
| CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
|
|||||
| CVE-2020-4299 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.
|
|||||
| CVE-2020-4259 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.
|
|||||
| CVE-2020-28419 | 1 Hp | 1503 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy15a, Laserjet Managed Mfp E62665 3gy16a and 1500 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
During installation with certain driver software or application packages an arbitrary code execution could occur.
|
|||||
| CVE-2020-28416 | 1 Hp | 310 Officejet 250 Cz992a, Officejet 250 Cz992a Firmware, Officejet 250c L9d57a and 307 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
|
|||||
| CVE-2020-24652 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24651 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24650 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24649 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24648 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24647 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||