ReportizFlow
Filtered by vendor Hp
Subscriptions
Total
2451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9419 | 1 Hp | 1 Smart Universal Printing Driver | 2024-11-01 | 7.8 High |
| Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. | ||||
| CVE-2024-41911 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-10-29 | 5.4 Medium |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. | ||||
| CVE-2024-45071 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2024-5749 | 1 Hp | 2 Designjet T730 Firmware, Designjet T830 Firmware | 2024-10-16 | 7.5 High |
| Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | ||||
| CVE-2024-27458 | 1 Hp | 40 Elite Dragonfly Firmware, Elite Dragonfly G2 Firmware, Elite Dragonfly Max Firmware and 37 more | 2024-10-07 | 8.8 High |
| A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | ||||
| CVE-2024-9423 | 1 Hp | 1 Laserjet Mfp M232-m237 Printer Series Firmware | 2024-10-04 | 5.3 Medium |
| Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs. | ||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-07 | 9.8 Critical |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | ||||
| CVE-2024-42395 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2024-08-12 | 9.8 Critical |
| There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-42394 | 3 Arubanetworks, Hp, Hpe | 4 Arubaos, Instantos, Aruba Networking Instantos and 1 more | 2024-08-12 | 9.8 Critical |
| There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-42393 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2024-08-12 | 9.8 Critical |
| There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||