Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
8.8CVSS
8.9AI Score
0.0004EPSS
UNSUPPORTED WHEN ASSIGNED Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...
9CVSS
8.2AI Score
0.001EPSS
Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.
7.3CVSS
7.2AI Score
0.0004EPSS
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.
6.1CVSS
6.1AI Score
0.0005EPSS
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.
9.8CVSS
9.7AI Score
0.004EPSS
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.
4.6CVSS
4.6AI Score
0.001EPSS
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.
7.5CVSS
7.2AI Score
0.001EPSS
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8CVSS
4.9AI Score
0.001EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities r...
9.8CVSS
9.7AI Score
0.004EPSS
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
7.5CVSS
7.4AI Score
0.001EPSS
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
8.8CVSS
9AI Score
0.001EPSS
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
8.8CVSS
9AI Score
0.001EPSS
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
8.8CVSS
9AI Score
0.001EPSS
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which...
5.4CVSS
5.1AI Score
0.0004EPSS
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
7.8CVSS
7.8AI Score
0.0004EPSS
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
9.8CVSS
9.6AI Score
0.001EPSS
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
8.8CVSS
8.9AI Score
0.001EPSS
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
8.8CVSS
8.9AI Score
0.001EPSS
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
8.8CVSS
8.9AI Score
0.001EPSS
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.
7CVSS
7.2AI Score
0.0004EPSS
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.
7.8CVSS
7.8AI Score
0.0004EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.
9.8CVSS
9.4AI Score
0.001EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.
9.8CVSS
9.4AI Score
0.002EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.
9.8CVSS
9.7AI Score
0.006EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.
9.8CVSS
9.6AI Score
0.004EPSS
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
8.3CVSS
5.4AI Score
0.0005EPSS
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
5.5CVSS
5.7AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
7.1CVSS
7AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
5.5CVSS
5.3AI Score
0.0004EPSS
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
6.8CVSS
6.4AI Score
0.001EPSS
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
5.5CVSS
5.3AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.003EPSS
9.8CVSS
9.5AI Score
0.001EPSS
Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.
9.8CVSS
9.3AI Score
0.002EPSS
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
9.8CVSS
9.4AI Score
0.002EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
9.8CVSS
9.8AI Score
0.004EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.
8.8CVSS
8.6AI Score
0.006EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.
8.8CVSS
8.8AI Score
0.004EPSS
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.
8.8CVSS
8.7AI Score
0.004EPSS