Filtered by vendor Hp
Subscribe
Total
2421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3919 | 1 Hp | 106 Command Center, Envy 13t-bd100, Envy 13z-ay100 and 103 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability. | |||||
| CVE-2022-37018 | 1 Hp | 150 Elite Slice, Elite Slice Firmware, Elite X2 1012 G1 and 147 more | 2025-04-29 | N/A | 8.4 HIGH |
| A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. | |||||
| CVE-2022-1038 | 1 Hp | 481 15-f200 Notebook Pc Touch, 240 G5 Notebook Pc, 240 G6 Notebook Pc and 478 more | 2025-04-29 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | |||||
| CVE-2021-3821 | 1 Hp | 1 Futuresmart 5 | 2025-04-29 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | |||||
| CVE-2021-3661 | 1 Hp | 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more | 2025-04-29 | N/A | 8.4 HIGH |
| A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | |||||
| CVE-2021-3437 | 1 Hp | 50 Envy Te01-0xxx, Envy Te01-1xxx, Envy Te01-2xxx and 47 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities. | |||||
| CVE-2021-3942 | 1 Hp | 5400 Color Laserjet Cm4540 Mfp Cc419a, Color Laserjet Cm4540 Mfp Cc419a Firmware, Color Laserjet Cm4540 Mfp Cc420a and 5397 more | 2025-04-25 | N/A | 9.8 CRITICAL |
| Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | |||||
| CVE-2013-4811 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 10.0 HIGH | N/A |
| UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | |||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 10.0 HIGH | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | |||||
| CVE-2013-4809 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | |||||
| CVE-2013-4812 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 10.0 HIGH | N/A |
| UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | |||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | |||||
| CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
| IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
| CVE-2016-8966 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2017-13984 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | |||||
| CVE-2017-14351 | 1 Hp | 1 Ucmdb Configuration Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | |||||
| CVE-2017-14359 | 1 Hp | 1 Performance Center | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
| CVE-2017-14360 | 1 Hp | 1 Content Manager | 2025-04-20 | 5.0 MEDIUM | 5.9 MEDIUM |
| A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | |||||
| CVE-2017-13989 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
| An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | |||||