Filtered by vendor Hp
Subscribe
Total
2513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24646 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24630 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24629 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-15596 | 1 Hp | 28 Elite X2 1012 G1, Elite X2 1012 G1 Firmware, Elite X2 1012 G2 and 25 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
|
|||||
| CVE-2020-12695 | 21 Asus, Broadcom, Canon and 18 more | 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
|
|||||
| CVE-2020-11853 | 2 Hp, Microfocus | 7 Universal Cmbd Foundation, Application Performance Management, Data Center Automation and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.1 ...
Show More |
|||||
| CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
|
|||||
| CVE-2019-6337 | 1 Hp | 82 2dr21d, 2dr21d Firmware, D3q15a and 79 more | 2024-11-21 | 3.3 LOW | 5.2 MEDIUM |
|
For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.
|
|||||
| CVE-2019-6335 | 1 Hp | 8 Samsung C480, Samsung C480 Firmware, Samsung Clp680 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.
|
|||||
| CVE-2019-6334 | 1 Hp | 730 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 727 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.
|
|||||
| CVE-2019-6333 | 1 Hp | 1 Touchpoint Analytics | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.
|
|||||
| CVE-2019-6332 | 1 Hp | 104 Deskjet 2600 4uj28b, Deskjet 2600 4uj28b Firmware, Deskjet 2600 V1n01a and 101 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJe ...
Show More |
|||||
| CVE-2019-6331 | 1 Hp | 1 Samsung Mobile Print | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.
|
|||||
| CVE-2019-6330 | 1 Hp | 1 Access Control | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.
|
|||||
| CVE-2019-6329 | 1 Hp | 1 Support Assistant | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
|
|||||
| CVE-2019-6328 | 1 Hp | 1 Support Assistant | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
|
|||||
| CVE-2019-6327 | 1 Hp | 20 Laserjet Pro M280-m281 T6b80a, Laserjet Pro M280-m281 T6b80a Firmware, Laserjet Pro M280-m281 T6b81a and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.
|
|||||
| CVE-2019-6326 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow.
|
|||||
| CVE-2019-6325 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.
|
|||||
| CVE-2019-6324 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page
|
|||||
| CVE-2019-6323 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.
|
|||||
| CVE-2019-6322 | 1 Hp | 8 Z4 G4 Core-x Workstation, Z4 G4 Core-x Workstation Firmware, Z4 G4 Workstation and 5 more | 2024-11-21 | 9.0 HIGH | 6.8 MEDIUM |
|
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
|
|||||
| CVE-2019-6321 | 1 Hp | 8 Z4 G4 Core-x Workstation, Z4 G4 Core-x Workstation Firmware, Z4 G4 Workstation and 5 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
|
|||||
| CVE-2019-6320 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.
|
|||||
| CVE-2019-6319 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.
|
|||||
| CVE-2019-6318 | 1 Hp | 286 Color Laserjet Cm4540 Mfp, Color Laserjet Cm4540 Mfp Firmware, Color Laserjet Enterprise Cp5525 and 283 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.
|
|||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
|
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related ...
Show More |
|||||
| CVE-2019-5408 | 1 Hp | 3 Xp7 Device Manager, Xp7 Replication Manager, Xp7 Tiered Storage Manager | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as d ...
Show More |
|||||
| CVE-2019-5407 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5406 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5405 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
|
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5404 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 8.7 HIGH | 8.8 HIGH |
|
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5403 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5402 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
|
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5401 | 1 Hp | 2 Hp2910al-48g, Hp2910al-48g Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.
|
|||||
| CVE-2019-5400 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||
| CVE-2019-5399 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.7 HIGH | 9.4 CRITICAL |
|
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||
| CVE-2019-5398 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||
| CVE-2019-5397 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.7 HIGH | 9.4 CRITICAL |
|
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||
| CVE-2019-5396 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.7 HIGH | 9.4 CRITICAL |
|
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||