Filtered by vendor Hp
Subscriptions
Total
2469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2794 | 1 Hp | 26 Pagewide 352dw J6u57a, Pagewide 352dw J6u57a Firmware, Pagewide 377dw J9v80a and 23 more | 2025-04-29 | 7.5 High |
| Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. | ||||
| CVE-2021-3919 | 1 Hp | 106 Command Center, Envy 13t-bd100, Envy 13z-ay100 and 103 more | 2025-04-29 | 9.8 Critical |
| A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability. | ||||
| CVE-2022-37018 | 1 Hp | 150 Elite Slice, Elite Slice Firmware, Elite X2 1012 G1 and 147 more | 2025-04-29 | 8.4 High |
| A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. | ||||
| CVE-2022-1038 | 1 Hp | 481 15-f200 Notebook Pc Touch, 240 G5 Notebook Pc, 240 G6 Notebook Pc and 478 more | 2025-04-29 | 7.8 High |
| A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | ||||
| CVE-2021-3821 | 1 Hp | 1 Futuresmart 5 | 2025-04-29 | 9.8 Critical |
| A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | ||||
| CVE-2021-3661 | 1 Hp | 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more | 2025-04-29 | 8.4 High |
| A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | ||||
| CVE-2021-3437 | 1 Hp | 50 Envy Te01-0xxx, Envy Te01-1xxx, Envy Te01-2xxx and 47 more | 2025-04-29 | 9.8 Critical |
| Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities. | ||||
| CVE-2021-3942 | 1 Hp | 5400 Color Laserjet Cm4540 Mfp Cc419a, Color Laserjet Cm4540 Mfp Cc419a Firmware, Color Laserjet Cm4540 Mfp Cc420a and 5397 more | 2025-04-25 | 9.8 Critical |
| Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | ||||
| CVE-2022-37931 | 1 Hp | 1 Nonstop Netbatch-plus | 2025-04-25 | 7.3 High |
| A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. | ||||
| CVE-2013-4811 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | ||||
| CVE-2013-4812 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | ||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | ||||
| CVE-2013-4809 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | ||||
| CVE-2017-8994 | 1 Hp | 1 Operations Orchestration | 2025-04-20 | N/A |
| A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | ||||
| CVE-2017-8360 | 3 Conexant, Hp, Microsoft | 29 Mictray64, Elite X2 1012 G1, Elitebook 1030 G1 and 26 more | 2025-04-20 | N/A |
| Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. | ||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-04-20 | 9.8 Critical |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | ||||
| CVE-2017-5641 | 2 Apache, Hp | 2 Flex Blazeds, Xp Command View Advanced Edition | 2025-04-20 | 9.8 Critical |
| Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution. | ||||
| CVE-2017-5789 | 1 Hp | 2 Loadrunner, Performance Center | 2025-04-20 | N/A |
| HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | ||||
| CVE-2017-5791 | 1 Hp | 1 Intelligent Management Center Plat | 2025-04-20 | N/A |
| The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||||
| CVE-2017-3733 | 2 Hp, Openssl | 2 Operations Agent, Openssl | 2025-04-20 | N/A |
| During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | ||||