HP HP

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any HP product.

Products by HP Sorted by Most Security Vulnerabilities since 2018

Hp Ux47 vulnerabilities

HP Instantos38 vulnerabilities

HP Oneview22 vulnerabilities

HP Support Assistant14 vulnerabilities

HP Icewall Federation Agent10 vulnerabilities

HP Arubaos8 vulnerabilities

HP Icewall File Manager7 vulnerabilities

Hp Device Manager5 vulnerabilities

HP Security Manager5 vulnerabilities

HP Airwave4 vulnerabilities

HP Pc Hardware Diagnostics3 vulnerabilities

HP Systems Insight Manager3 vulnerabilities

HP Server Migration Pack2 vulnerabilities

HP Image Assistant2 vulnerabilities

HP Print And Scan Doctor2 vulnerabilities

By the Year

In 2025 there have been 0 vulnerabilities in HP. Last year, in 2024 HP had 19 security vulnerabilities published. Right now, HP is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 19 7.35
2023 64 8.19
2022 31 7.70
2021 14 8.07
2020 88 8.99
2019 154 8.02
2018 76 6.63

It may take a day or so for new HP vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HP Security Vulnerabilities

This vulnerability could be exploited

CVE-2024-42508 5.5 - Medium - October 18, 2024

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.

CVE-2024-7720 9.8 - Critical - August 27, 2024

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices

CVE-2024-41912 9.8 - Critical - August 07, 2024

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol

CVE-2024-42400 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol

CVE-2024-42399 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol

CVE-2024-42398 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack

CVE-2024-42395 9.8 - Critical - August 06, 2024

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack

CVE-2024-42394 9.8 - Critical - August 06, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack

CVE-2024-42393 9.8 - Critical - August 06, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed

CVE-2024-42397 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed

CVE-2024-42396 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices

CVE-2024-41913 8.8 - High - August 06, 2024

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.

Unrestricted File Upload

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices

CVE-2024-41911 5.4 - Medium - August 06, 2024

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.

XSS

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices

CVE-2024-41910 6.1 - Medium - August 06, 2024

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.

XSS

The vulnerability could be remotely exploited to bypass authentication.

CVE-2024-22442 9.8 - Critical - July 16, 2024

The vulnerability could be remotely exploited to bypass authentication.

Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability

CVE-2024-6147 7.8 - High - June 20, 2024

Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.

insecure temporary file

HPE OneView may have a missing passphrase during restore.

CVE-2023-6573 5.5 - Medium - January 23, 2024

HPE OneView may have a missing passphrase during restore.

HPE OneView may allow command injection with local privilege escalation.

CVE-2023-50274 7.8 - High - January 23, 2024

HPE OneView may allow command injection with local privilege escalation.

Command Injection

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.

CVE-2023-50275 7.5 - High - January 23, 2024

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.

authentification

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol

CVE-2023-45620 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol

CVE-2023-45621 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol

CVE-2023-45622 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol

CVE-2023-45623 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol

CVE-2023-45624 7.5 - High - November 14, 2023

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

There is a buffer overflow vulnerability in the underlying AirWave client service

CVE-2023-45616 9.8 - Critical - November 14, 2023

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol)

CVE-2023-45617 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol)

CVE-2023-45618 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol)

CVE-2023-45619 8.2 - High - November 14, 2023

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

There are buffer overflow vulnerabilities in the underlying CLI service

CVE-2023-45614 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in the underlying CLI service

CVE-2023-45615 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Multiple authenticated command injection vulnerabilities exist in the command line interface

CVE-2023-45625 7.2 - High - November 14, 2023

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

An authenticated vulnerability has been identified

CVE-2023-45626 7.2 - High - November 14, 2023

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service

CVE-2023-45627 6.5 - Medium - November 14, 2023

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

CVE-2023-5739 7.8 - High - October 31, 2023

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege

CVE-2023-5671 7.8 - High - October 25, 2023

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.

CVE-2023-5365 9.8 - Critical - October 09, 2023

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.

A remote authentication bypass issue exists in some OneView APIs.

CVE-2023-30909 9.8 - Critical - September 14, 2023

A remote authentication bypass issue exists in some OneView APIs.

A remote authentication bypass issue exists in a OneView API.

CVE-2023-30908 9.8 - Critical - September 07, 2023

A remote authentication bypass issue exists in a OneView API.

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7

CVE-2015-2201 7.2 - High - September 05, 2023

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

Shell injection

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7

CVE-2015-2202 7.2 - High - September 05, 2023

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

Improper Input Validation

Aruba AirWave before 8.0.7

CVE-2015-1390 6.1 - Medium - September 05, 2023

Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.

XSS

Aruba AirWave before 8.0.7

CVE-2015-1391 8.8 - High - September 05, 2023

Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.

Session Riding

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-35980 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-35981 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-35982 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

CVE-2023-30903 5.5 - Medium - June 16, 2023

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

Certain versions of HP PC Hardware Diagnostics Windows

CVE-2023-32673 9.8 - Critical - June 12, 2023

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

CVE-2023-32674 9.8 - Critical - June 12, 2023

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Classic Buffer Overflow

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26295 9.8 - Critical - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26296 8.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26297 8.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26298 8.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26294 7.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

A potential security vulnerability has been identified with a version of the HP Softpaq installer

CVE-2019-16283 7.8 - High - June 09, 2023

A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22784 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22785 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22786 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22779 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22780 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22781 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22782 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22783 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface

CVE-2023-22788 8.8 - High - May 08, 2023

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface

CVE-2023-22789 8.8 - High - May 08, 2023

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface

CVE-2023-22790 8.8 - High - May 08, 2023

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on

CVE-2023-22791 4.8 - Medium - May 08, 2023

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed

CVE-2023-22787 7.5 - High - May 08, 2023

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

CVE-2023-28084 5.5 - Medium - April 25, 2023

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose proxy credential settings

CVE-2023-28086 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose proxy credential settings

An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-28087 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose OneView user accounts

An HPE OneView appliance dump may expose SAN switch administrative credentials

CVE-2023-28088 7.8 - High - April 25, 2023

An HPE OneView appliance dump may expose SAN switch administrative credentials

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVE-2023-28089 7.1 - High - April 25, 2023

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose SNMPv3 read credentials

CVE-2023-28090 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose SNMPv3 read credentials

Insufficiently Protected Credentials

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVE-2023-28091 5.5 - Medium - April 14, 2023

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

HPE OneView for VMware vCenter

CVE-2022-37935 5.5 - Medium - March 01, 2023

HPE OneView for VMware vCenter, in certain circumstances, may disclose the HPE OneView Username and Password.

HPSFViewer might allow Escalation of Privilege

CVE-2022-3990 7.8 - High - February 01, 2023

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23455 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23453 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23454 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46359 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46358 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46357 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46356 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs)

CVE-2021-3821 9.8 - Critical - December 12, 2022

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool

CVE-2022-38395 7.8 - High - December 12, 2022

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

DLL preloading

A vulnerability in NetBatch-Plus software allows unauthorized access to the application

CVE-2022-37931 7.8 - High - November 22, 2022

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.

authentification

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01

CVE-2022-28625 5.5 - Medium - August 31, 2022

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Insertion of Sensitive Information into Log File

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

SSRF

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23697 6.1 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23700 5.5 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23699 7.8 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23698 7.5 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23924 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23926 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23929 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23931 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23930 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.