Hp Security Vulnerabilities
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
5.3CVSS
5AI Score
0.005EPSS
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
4.3CVSS
5.3AI Score
0.001EPSS
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
5.1CVSS
5.1AI Score
0.0004EPSS
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
8.8CVSS
8.6AI Score
0.004EPSS
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
9.4CVSS
9.3AI Score
0.003EPSS
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
9.4CVSS
9.1AI Score
0.002EPSS
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
5.4CVSS
5.4AI Score
0.001EPSS
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
9.4CVSS
9.2AI Score
0.001EPSS
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
6.3CVSS
6.3AI Score
0.001EPSS
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure the...
4.8CVSS
5.4AI Score
0.001EPSS
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
9.4CVSS
9.1AI Score
0.003EPSS
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
4.8CVSS
4.9AI Score
0.001EPSS
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
8.8CVSS
8.6AI Score
0.001EPSS
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
7.3CVSS
7.1AI Score
0.001EPSS
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
7.2CVSS
6.9AI Score
0.001EPSS
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
6.3CVSS
6.1AI Score
0.001EPSS
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version...
6.5CVSS
6.4AI Score
0.001EPSS
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attack...
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.
9.8CVSS
9.6AI Score
0.003EPSS
HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.
8.1CVSS
8AI Score
0.001EPSS
Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.
8.1CVSS
8AI Score
0.001EPSS
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
7.2CVSS
6.9AI Score
0.001EPSS
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
6.8CVSS
6.7AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.
6.1CVSS
6.5AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page
4.8CVSS
5.7AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.
8.8CVSS
8.9AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow.
7.2CVSS
7.5AI Score
0.001EPSS
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.
9.8CVSS
9.4AI Score
0.002EPSS
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
7.8CVSS
7.6AI Score
0.0004EPSS
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
7.8CVSS
7.6AI Score
0.0004EPSS
A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.
9.8CVSS
9.3AI Score
0.002EPSS
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.
3.3CVSS
4.2AI Score
0.0004EPSS
A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A;...
4.8CVSS
4.9AI Score
0.001EPSS
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.
6.7CVSS
7AI Score
0.0004EPSS
HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.
9.8CVSS
9.5AI Score
0.003EPSS
A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.
7.5CVSS
7.4AI Score
0.001EPSS
For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.
5.2CVSS
6.9AI Score
0.001EPSS
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3CVSS
6.3AI Score
0.005EPSS
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
5.3CVSS
5.2AI Score
0.015EPSS
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 w...
8.8CVSS
8.8AI Score
0.837EPSS
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5CVSS
7.6AI Score
0.005EPSS
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
6.7CVSS
6.3AI Score
0.0004EPSS
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.5AI Score
0.004EPSS
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
8.8CVSS
8.8AI Score
0.003EPSS
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.9AI Score
0.011EPSS
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.5AI Score
0.005EPSS
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.7AI Score
0.03EPSS
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.5AI Score
0.005EPSS
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.8AI Score
0.006EPSS
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9.8CVSS
9.8AI Score
0.006EPSS