Filtered by vendor Hp
Subscribe
Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3210 | 4 Fujitsu, Hp, Philips and 1 more | 6 Displayview Click, Displayview Click Suite, Display Assistant and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26. | |||||
| CVE-2017-2752 | 1 Hp | 1 Tommy Hilfiger Th24\/7 | 2024-11-21 | 2.1 LOW | 2.1 LOW |
| A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. | |||||
| CVE-2017-2751 | 1 Hp | 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. | |||||
| CVE-2017-2750 | 1 Hp | 346 A2w75a, A2w75a Firmware, A2w76a and 343 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions. | |||||
| CVE-2017-2748 | 1 Hp | 1 Isaac Mizrahi Smartwatch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. | |||||
| CVE-2017-2747 | 1 Hp | 44 110, 110 Firmware, 310 and 41 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. | |||||
| CVE-2017-2746 | 1 Hp | 1 Jetadvantage Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service. | |||||
| CVE-2017-2745 | 1 Hp | 1 Jetadvantage Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser. | |||||
| CVE-2017-2744 | 1 Hp | 1 Support Assistant | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. | |||||
| CVE-2017-2743 | 1 Hp | 175 2a68a, 2a68a Firmware, 2a69a and 172 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack. | |||||
| CVE-2017-2742 | 1 Hp | 1 Web Jetadmin | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service. | |||||
| CVE-2017-2741 | 1 Hp | 76 D3q15a, D3q15a Firmware, D3q15b and 73 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code. | |||||
| CVE-2017-2740 | 1 Hp | 1 Thinpro | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device. | |||||
| CVE-2017-17556 | 1 Hp | 1 Synaptics Touchpad Driver | 2024-11-21 | 3.6 LOW | 5.1 MEDIUM |
| A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | |||||
| CVE-2017-17482 | 1 Hp | 1 Openvms | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. | |||||
| CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | |||||
| CVE-2017-14360 | 1 Hp | 1 Content Manager | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | |||||
| CVE-2017-14359 | 1 Hp | 1 Performance Center | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-14358 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | |||||
| CVE-2017-14357 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) | |||||