HP
Products by HP Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 16 vulnerabilities in HP with an average score of 7.3 out of ten. Last year HP had 63 security vulnerabilities published. Right now, HP is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.91
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 16 | 7.29 |
2023 | 63 | 8.20 |
2022 | 31 | 7.70 |
2021 | 14 | 8.07 |
2020 | 88 | 8.99 |
2019 | 154 | 8.02 |
2018 | 76 | 6.63 |
It may take a day or so for new HP vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HP Security Vulnerabilities
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.
CVE-2024-7720
9.8 - Critical
- August 27, 2024
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices
CVE-2024-41912
9.8 - Critical
- August 07, 2024
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol
CVE-2024-42398
5.3 - Medium
- August 06, 2024
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol
CVE-2024-42399
5.3 - Medium
- August 06, 2024
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol
CVE-2024-42400
5.3 - Medium
- August 06, 2024
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed
CVE-2024-42396
5.3 - Medium
- August 06, 2024
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed
CVE-2024-42397
5.3 - Medium
- August 06, 2024
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack
CVE-2024-42393
9.8 - Critical
- August 06, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Memory Corruption
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack
CVE-2024-42394
9.8 - Critical
- August 06, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Memory Corruption
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack
CVE-2024-42395
9.8 - Critical
- August 06, 2024
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Memory Corruption
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices
CVE-2024-41910
6.1 - Medium
- August 06, 2024
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.
XSS
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices
CVE-2024-41911
5.4 - Medium
- August 06, 2024
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.
XSS
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices
CVE-2024-41913
8.8 - High
- August 06, 2024
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
Unrestricted File Upload
HPE OneView may have a missing passphrase during restore.
CVE-2023-6573
5.5 - Medium
- January 23, 2024
HPE OneView may have a missing passphrase during restore.
HPE OneView may allow command injection with local privilege escalation.
CVE-2023-50274
7.8 - High
- January 23, 2024
HPE OneView may allow command injection with local privilege escalation.
Command Injection
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
CVE-2023-50275
7.5 - High
- January 23, 2024
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
authentification
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol
CVE-2023-45620
7.5 - High
- November 14, 2023
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol
CVE-2023-45621
7.5 - High
- November 14, 2023
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol
CVE-2023-45622
7.5 - High
- November 14, 2023
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol
CVE-2023-45623
7.5 - High
- November 14, 2023
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol
CVE-2023-45624
7.5 - High
- November 14, 2023
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
There is a buffer overflow vulnerability in the underlying AirWave client service
CVE-2023-45616
9.8 - Critical
- November 14, 2023
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol)
CVE-2023-45617
8.2 - High
- November 14, 2023
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol)
CVE-2023-45618
8.2 - High
- November 14, 2023
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol)
CVE-2023-45619
8.2 - High
- November 14, 2023
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
There are buffer overflow vulnerabilities in the underlying CLI service
CVE-2023-45614
9.8 - Critical
- November 14, 2023
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in the underlying CLI service
CVE-2023-45615
9.8 - Critical
- November 14, 2023
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
Multiple authenticated command injection vulnerabilities exist in the command line interface
CVE-2023-45625
7.2 - High
- November 14, 2023
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Command Injection
An authenticated vulnerability has been identified
CVE-2023-45626
7.2 - High
- November 14, 2023
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service
CVE-2023-45627
6.5 - Medium
- November 14, 2023
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.
CVE-2023-5739
7.8 - High
- October 31, 2023
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.
HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege
CVE-2023-5671
7.8 - High
- October 25, 2023
HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.
CVE-2023-5365
9.8 - Critical
- October 09, 2023
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.
A remote authentication bypass issue exists in some
OneView APIs.
CVE-2023-30909
9.8 - Critical
- September 14, 2023
A remote authentication bypass issue exists in some OneView APIs.
A remote authentication bypass issue exists in a OneView API.
CVE-2023-30908
9.8 - Critical
- September 07, 2023
A remote authentication bypass issue exists in a OneView API.
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7
CVE-2015-2201
7.2 - High
- September 05, 2023
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
Shell injection
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7
CVE-2015-2202
7.2 - High
- September 05, 2023
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
Improper Input Validation
Aruba AirWave before 8.0.7
CVE-2015-1390
6.1 - Medium
- September 05, 2023
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
XSS
Aruba AirWave before 8.0.7
CVE-2015-1391
8.8 - High
- September 05, 2023
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
Session Riding
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-35980
9.8 - Critical
- July 25, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-35981
9.8 - Critical
- July 25, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-35982
9.8 - Critical
- July 25, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
CVE-2023-30903
5.5 - Medium
- June 16, 2023
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
Certain versions of HP PC Hardware Diagnostics Windows
CVE-2023-32673
9.8 - Critical
- June 12, 2023
Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
CVE-2023-32674
9.8 - Critical
- June 12, 2023
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
Classic Buffer Overflow
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially
CVE-2023-26295
9.8 - Critical
- June 12, 2023
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Command Injection
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially
CVE-2023-26296
8.8 - High
- June 12, 2023
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Command Injection
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially
CVE-2023-26297
8.8 - High
- June 12, 2023
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Command Injection
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially
CVE-2023-26298
8.8 - High
- June 12, 2023
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Command Injection
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially
CVE-2023-26294
7.8 - High
- June 12, 2023
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Command Injection
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface
CVE-2023-22789
8.8 - High
- May 08, 2023
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Command Injection
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed
CVE-2023-22787
7.5 - High
- May 08, 2023
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on
CVE-2023-22791
4.8 - Medium
- May 08, 2023
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface
CVE-2023-22790
8.8 - High
- May 08, 2023
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Command Injection
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface
CVE-2023-22788
8.8 - High
- May 08, 2023
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Command Injection
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22783
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22782
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22780
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22779
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22781
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22786
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22785
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
There are buffer overflow vulnerabilities in multiple underlying services
CVE-2023-22784
9.8 - Critical
- May 08, 2023
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Classic Buffer Overflow
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28084
5.5 - Medium
- April 25, 2023
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose proxy credential settings
CVE-2023-28086
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose proxy credential settings
An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28087
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose OneView user accounts
An HPE OneView appliance dump may expose SAN switch administrative credentials
CVE-2023-28088
7.8 - High
- April 25, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
CVE-2023-28089
7.1 - High
- April 25, 2023
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose SNMPv3 read credentials
CVE-2023-28090
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose SNMPv3 read credentials
Insufficiently Protected Credentials
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
CVE-2023-28091
5.5 - Medium
- April 14, 2023
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
HPE OneView for VMware vCenter
CVE-2022-37935
5.5 - Medium
- March 01, 2023
HPE OneView for VMware vCenter, in certain circumstances, may disclose the HPE OneView Username and Password.
Potential security vulnerabilities have been identified in HP Support Assistant
CVE-2022-23453
7.8 - High
- February 01, 2023
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
Potential security vulnerabilities have been identified in HP Support Assistant
CVE-2022-23454
7.8 - High
- February 01, 2023
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
Potential security vulnerabilities have been identified in HP Support Assistant
CVE-2022-23455
7.8 - High
- February 01, 2023
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
HPSFViewer might allow Escalation of Privilege
CVE-2022-3990
7.8 - High
- February 01, 2023
HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.
Potential vulnerabilities have been identified in HP Security Manager which may
CVE-2022-46356
8.8 - High
- January 30, 2023
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
Potential vulnerabilities have been identified in HP Security Manager which may
CVE-2022-46357
8.8 - High
- January 30, 2023
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
Potential vulnerabilities have been identified in HP Security Manager which may
CVE-2022-46358
8.8 - High
- January 30, 2023
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
Potential vulnerabilities have been identified in HP Security Manager which may
CVE-2022-46359
8.8 - High
- January 30, 2023
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool
CVE-2022-38395
7.8 - High
- December 12, 2022
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
DLL preloading
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs)
CVE-2021-3821
9.8 - Critical
- December 12, 2022
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.
A vulnerability in NetBatch-Plus software allows unauthorized access to the application
CVE-2022-37931
7.8 - High
- November 22, 2022
A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.
authentification
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01
CVE-2022-28625
5.5 - Medium
- August 31, 2022
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Insertion of Sensitive Information into Log File
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28616
9.8 - Critical
- May 17, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSPA
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-23706
6.1 - Medium
- May 17, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28617
9.8 - Critical
- May 17, 2022
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
In cifs-utils through 6.14
CVE-2022-27239
7.8 - High
- April 27, 2022
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Memory Corruption
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23697
6.1 - Medium
- April 04, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23700
5.5 - Medium
- April 04, 2022
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23699
7.8 - High
- April 04, 2022
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23698
7.5 - High
- April 04, 2022
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23930
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23929
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23928
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23927
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23926
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23925
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23924
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23933
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may
CVE-2022-23931
8.2 - High
- March 11, 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.