ReportizFlow
Filtered by vendor Hp
Subscriptions
Total
2444 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30903 | 1 Hp | 1 Hp-ux | 2024-12-17 | 5.5 Medium |
| HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. | ||||
| CVE-2023-35178 | 1 Hp | 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more | 2024-12-04 | 8.8 High |
| Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. | ||||
| CVE-2023-35177 | 1 Hp | 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more | 2024-12-04 | 8.8 High |
| Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. | ||||
| CVE-2023-35176 | 1 Hp | 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more | 2024-12-04 | 8.8 High |
| Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. | ||||
| CVE-2023-35175 | 1 Hp | 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more | 2024-12-04 | 9.8 Critical |
| Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. | ||||
| CVE-2023-26299 | 1 Hp | 118 200 G3, 200 G3 Firmware, 200 G4 22 All-in-one and 115 more | 2024-12-04 | 7.0 High |
| A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. | ||||
| CVE-2023-29065 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-12-02 | 4.1 Medium |
| The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. | ||||
| CVE-2024-11482 | 1 Hp | 1 Enterprise Security Manager | 2024-11-29 | 9.8 Critical |
| A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. | ||||
| CVE-2023-38401 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2024-11-22 | 7.8 High |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. | ||||
| CVE-2024-6147 | 1 Hp | 1 Poly Plantronics Hub | 2024-11-21 | 7.8 High |
| Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271. | ||||
| CVE-2024-22442 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.8 Critical |
| The vulnerability could be remotely exploited to bypass authentication. | ||||
| CVE-2023-6573 | 1 Hp | 1 Oneview | 2024-11-21 | 5.5 Medium |
| HPE OneView may have a missing passphrase during restore. | ||||
| CVE-2023-5739 | 1 Hp | 4 Image Assistant, Pc Hardware Diagnostics, Thunderbolt Dock G2 and 1 more | 2024-11-21 | 7.8 High |
| Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. | ||||
| CVE-2023-5671 | 1 Hp | 1 Print And Scan Doctor | 2024-11-21 | 7.8 High |
| HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. | ||||
| CVE-2023-5449 | 1 Hp | 58 E22 G4 Fhd, E22 G4 Fhd Firmware, E23 G4 Fhd and 55 more | 2024-11-21 | 3.3 Low |
| A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. | ||||
| CVE-2023-5409 | 1 Hp | 4 T430 Thin Client, T430 Thin Client Firmware, T638 Thin Client and 1 more | 2024-11-21 | 6.8 Medium |
| HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability. | ||||
| CVE-2023-5365 | 1 Hp | 1 Life | 2024-11-21 | 9.8 Critical |
| HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | ||||
| CVE-2023-5113 | 1 Hp | 1133 Color Laserjet Enterprise 5700 49k98a, Color Laserjet Enterprise 5700 6qn28a, Color Laserjet Enterprise 6700 49l00a and 1130 more | 2024-11-21 | 6.1 Medium |
| Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | ||||
| CVE-2023-50275 | 1 Hp | 1 Oneview | 2024-11-21 | 7.5 High |
| HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. | ||||
| CVE-2023-50274 | 1 Hp | 1 Oneview | 2024-11-21 | 7.8 High |
| HPE OneView may allow command injection with local privilege escalation. | ||||