Filtered by vendor Hp
Subscriptions
Total
2509 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1038 | 1 Hp | 481 15-f200 Notebook Pc Touch, 240 G5 Notebook Pc, 240 G6 Notebook Pc and 478 more | 2025-04-29 | 7.8 High |
| A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | ||||
| CVE-2021-3821 | 1 Hp | 1 Futuresmart 5 | 2025-04-29 | 9.8 Critical |
| A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | ||||
| CVE-2021-3661 | 1 Hp | 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more | 2025-04-29 | 8.4 High |
| A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | ||||
| CVE-2021-3437 | 1 Hp | 50 Envy Te01-0xxx, Envy Te01-1xxx, Envy Te01-2xxx and 47 more | 2025-04-29 | 9.8 Critical |
| Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities. | ||||
| CVE-2021-3942 | 1 Hp | 5400 Color Laserjet Cm4540 Mfp Cc419a, Color Laserjet Cm4540 Mfp Cc419a Firmware, Color Laserjet Cm4540 Mfp Cc420a and 5397 more | 2025-04-25 | 9.8 Critical |
| Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | ||||
| CVE-2022-37931 | 1 Hp | 1 Nonstop Netbatch-plus | 2025-04-25 | 7.3 High |
| A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. | ||||
| CVE-2013-4809 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | ||||
| CVE-2013-4811 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | ||||
| CVE-2013-4812 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. | ||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | ||||
| CVE-2017-5791 | 1 Hp | 1 Intelligent Management Center Plat | 2025-04-20 | N/A |
| The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||||
| CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2025-04-20 | N/A |
| The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | ||||
| CVE-2017-17556 | 1 Hp | 1 Synaptics Touchpad Driver | 2025-04-20 | N/A |
| A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | ||||
| CVE-2017-13988 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | ||||
| CVE-2017-13991 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | ||||
| CVE-2017-14350 | 1 Hp | 1 Application Performance Management | 2025-04-20 | N/A |
| A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | ||||
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2025-04-20 | 7.8 High |
| The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | ||||
| CVE-2016-8977 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | ||||
| CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | ||||
| CVE-2016-8966 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||