Filtered by vendor Hp
Subscribe
Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9579 | 1 Hp | 16 Poly Studio G62, Poly Studio G62 Firmware, Poly Studio G7500 and 13 more | 2024-11-08 | N/A | 7.5 HIGH |
| A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. | |||||
| CVE-2023-45626 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-10-29 | N/A | 7.2 HIGH |
| An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | |||||
| CVE-2024-42508 | 1 Hp | 1 Oneview | 2024-10-29 | N/A | 5.5 MEDIUM |
| This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. | |||||
| CVE-1999-0022 | 6 Bsdi, Freebsd, Hp and 3 more | 7 Bsd Os, Freebsd, Hp-ux and 4 more | 2024-10-29 | 7.2 HIGH | 7.8 HIGH |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. | |||||
| CVE-2024-41911 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. | |||||
| CVE-2023-6573 | 1 Hp | 1 Oneview | 2024-10-28 | N/A | 5.5 MEDIUM |
| HPE OneView may have a missing passphrase during restore. | |||||
| CVE-2023-30909 | 1 Hp | 1 Oneview | 2024-10-28 | N/A | 9.8 CRITICAL |
| A remote authentication bypass issue exists in some OneView APIs. | |||||
| CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2024-10-22 | 4.3 MEDIUM | 3.7 LOW |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
| CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more | 2024-10-21 | 2.6 LOW | 5.3 MEDIUM |
| png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||||
| CVE-2024-45071 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | N/A | 5.5 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2023-47746 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-10-21 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. | |||||
| CVE-2024-22442 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-10-10 | N/A | 9.8 CRITICAL |
| The vulnerability could be remotely exploited to bypass authentication. | |||||
| CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-09-27 | N/A | 7.5 HIGH |
| IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2024-6147 | 1 Hp | 1 Poly Plantronics Hub | 2024-09-25 | N/A | 7.8 HIGH |
| Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271. | |||||
| CVE-2023-5365 | 1 Hp | 1 Life | 2024-09-19 | N/A | 9.8 CRITICAL |
| HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | |||||
| CVE-2023-5671 | 1 Hp | 1 Print And Scan Doctor | 2024-09-12 | N/A | 7.8 HIGH |
| HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. | |||||
| CVE-1999-0038 | 7 Bsdi, Data General, Debian and 4 more | 8 Bsd Os, Dg Ux, Debian Linux and 5 more | 2024-09-12 | 7.2 HIGH | 8.4 HIGH |
| Buffer overflow in xlock program allows local users to execute commands as root. | |||||
| CVE-2023-5739 | 1 Hp | 4 Image Assistant, Pc Hardware Diagnostics, Thunderbolt Dock G2 and 1 more | 2024-09-12 | N/A | 7.8 HIGH |
| Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. | |||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | N/A | 9.8 CRITICAL |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | |||||