Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Total 2438 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-29256 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2024-11-21 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
CVE-2023-29066 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 3.2 LOW
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
CVE-2023-29065 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 4.1 MEDIUM
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
CVE-2023-29064 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 4.1 MEDIUM
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
CVE-2023-29063 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 2.4 LOW
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
CVE-2023-29062 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 3.8 LOW
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
CVE-2023-29061 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 5.2 MEDIUM
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
CVE-2023-29060 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-11-21 N/A 5.4 MEDIUM
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
CVE-2023-28950 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2024-11-21 N/A 5.1 MEDIUM
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
CVE-2023-28514 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2024-11-21 N/A 6.2 MEDIUM
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
CVE-2023-28513 5 Hp, Ibm, Linux and 2 more 9 Hp-ux, Aix, I and 6 more 2024-11-21 N/A 5.9 MEDIUM
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
CVE-2023-28092 1 Hp 4 Integrated Lights-out, Integrated Lights-out Firmware, Proliant Rl300 and 1 more 2024-11-21 N/A 6.1 MEDIUM
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
CVE-2023-28091 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
CVE-2023-28090 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
An HPE OneView appliance dump may expose SNMPv3 read credentials
CVE-2023-28089 1 Hp 1 Oneview 2024-11-21 N/A 7.1 HIGH
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
CVE-2023-28088 1 Hp 1 Oneview 2024-11-21 N/A 7.8 HIGH
An HPE OneView appliance dump may expose SAN switch administrative credentials
CVE-2023-28087 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28086 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
An HPE OneView appliance dump may expose proxy credential settings
CVE-2023-28084 2 Hp, Hpe 2 Oneview, Oneview Global Dashboard 2024-11-21 N/A 5.5 MEDIUM
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28083 2 Hp, Hpe 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more 2024-11-21 N/A 8.3 HIGH
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.