HP

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol

CVE-2023-45620 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol

CVE-2023-45621 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol

CVE-2023-45622 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol

CVE-2023-45623 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol

CVE-2023-45624 7.5 - High - November 14, 2023

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

There is a buffer overflow vulnerability in the underlying AirWave client service

CVE-2023-45616 9.8 - Critical - November 14, 2023

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol)

CVE-2023-45617 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol)

CVE-2023-45618 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol)

CVE-2023-45619 8.2 - High - November 14, 2023

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

There are buffer overflow vulnerabilities in the underlying CLI service

CVE-2023-45614 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in the underlying CLI service

CVE-2023-45615 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Multiple authenticated command injection vulnerabilities exist in the command line interface

CVE-2023-45625 7.2 - High - November 14, 2023

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

An authenticated vulnerability has been identified

CVE-2023-45626 7.2 - High - November 14, 2023

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service

CVE-2023-45627 6.5 - Medium - November 14, 2023

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

CVE-2023-5739 7.8 - High - October 31, 2023

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege

CVE-2023-5671 7.8 - High - October 25, 2023

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.

CVE-2023-5365 9.8 - Critical - October 09, 2023

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.

A remote authentication bypass issue exists in some OneView APIs.

CVE-2023-30909 9.8 - Critical - September 14, 2023

A remote authentication bypass issue exists in some OneView APIs.

A remote authentication bypass issue exists in a OneView API.

CVE-2023-30908 9.8 - Critical - September 07, 2023

A remote authentication bypass issue exists in a OneView API.

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7

CVE-2015-2201 7.2 - High - September 05, 2023

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

Shell injection

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7

CVE-2015-2202 7.2 - High - September 05, 2023

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

Improper Input Validation

Aruba AirWave before 8.0.7

CVE-2015-1390 6.1 - Medium - September 05, 2023

Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.

XSS

Aruba AirWave before 8.0.7

CVE-2015-1391 8.8 - High - September 05, 2023

Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.

Session Riding

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-35980 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-35981 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-35982 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

CVE-2023-30903 5.5 - Medium - June 16, 2023

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

Certain versions of HP PC Hardware Diagnostics Windows

CVE-2023-32673 9.8 - Critical - June 12, 2023

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

CVE-2023-32674 9.8 - Critical - June 12, 2023

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Classic Buffer Overflow

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26295 9.8 - Critical - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26296 8.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26297 8.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26298 8.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially

CVE-2023-26294 7.8 - High - June 12, 2023

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Command Injection

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22784 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22785 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22786 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22779 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22780 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22781 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22782 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

There are buffer overflow vulnerabilities in multiple underlying services

CVE-2023-22783 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface

CVE-2023-22788 8.8 - High - May 08, 2023

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface

CVE-2023-22789 8.8 - High - May 08, 2023

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface

CVE-2023-22790 8.8 - High - May 08, 2023

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on

CVE-2023-22791 4.8 - Medium - May 08, 2023

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed

CVE-2023-22787 7.5 - High - May 08, 2023

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

CVE-2023-28084 5.5 - Medium - April 25, 2023

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose proxy credential settings

CVE-2023-28086 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose proxy credential settings

An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-28087 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose OneView user accounts

An HPE OneView appliance dump may expose SAN switch administrative credentials

CVE-2023-28088 7.8 - High - April 25, 2023

An HPE OneView appliance dump may expose SAN switch administrative credentials

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVE-2023-28089 7.1 - High - April 25, 2023

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose SNMPv3 read credentials

CVE-2023-28090 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose SNMPv3 read credentials

Insufficiently Protected Credentials

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVE-2023-28091 5.5 - Medium - April 14, 2023

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

HPE OneView for VMware vCenter

CVE-2022-37935 5.5 - Medium - March 01, 2023

HPE OneView for VMware vCenter, in certain circumstances, may disclose the HPE OneView Username and Password.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23453 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23454 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23455 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

HPSFViewer might allow Escalation of Privilege

CVE-2022-3990 7.8 - High - February 01, 2023

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46356 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46357 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46358 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46359 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool

CVE-2022-38395 7.8 - High - December 12, 2022

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

DLL preloading

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs)

CVE-2021-3821 9.8 - Critical - December 12, 2022

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

A vulnerability in NetBatch-Plus software allows unauthorized access to the application

CVE-2022-37931 7.8 - High - November 22, 2022

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.

authentification

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01

CVE-2022-28625 5.5 - Medium - August 31, 2022

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Insertion of Sensitive Information into Log File

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSPA

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23698 7.5 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23699 7.8 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23700 5.5 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23697 6.1 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23924 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23925 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23926 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23927 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23928 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23929 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23930 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23931 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23932 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23933 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23934 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12

CVE-2021-29220 7.2 - High - February 24, 2022

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.

Classic Buffer Overflow

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6922 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6921 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6920 5.5 - Medium - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6919 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6918 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6917 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.

CVE-2022-23456 5.5 - Medium - January 28, 2022

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC)

CVE-2021-29214 7.2 - High - December 10, 2021

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

CVE-2020-6931 7.8 - High - November 03, 2021

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

Certain HP Enterprise LaserJet

CVE-2021-39238 9.8 - Critical - November 03, 2021

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.

Classic Buffer Overflow

Certain HP LaserJet

CVE-2021-39237 4.6 - Medium - November 03, 2021

Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.

HP Print and Scan Doctor

CVE-2021-3440 7.8 - High - November 01, 2021

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80

CVE-2021-29212 9.8 - Critical - November 01, 2021

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Directory traversal