CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 1 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39237 2021-11-03 2021-11-04
2.1
None Local Low Not required Partial None None
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.
2 CVE-2021-29214 94 2021-12-10 2021-12-14
6.5
None Remote Low ??? Partial Partial Partial
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.
3 CVE-2021-26586 2021-08-05 2021-08-13
5.0
None Remote Low Not required Partial None None
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).
4 CVE-2021-26584 79 XSS 2021-06-03 2021-06-11
4.3
None Remote Medium Not required None Partial None
A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).
5 CVE-2021-3662 79 XSS 2021-10-29 2021-11-04
3.5
None Remote Medium ??? None Partial None
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).
6 CVE-2021-3440 269 2021-11-01 2021-11-03
4.6
None Local Low Not required Partial Partial Partial
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
7 CVE-2021-3438 120 Overflow 2021-05-20 2021-06-08
4.6
None Local Low Not required Partial Partial Partial
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
8 CVE-2020-11853 Exec Code 2020-10-22 2021-05-12
6.5
None Remote Low ??? Partial Partial Partial
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
9 CVE-2020-7208 79 XSS 2020-02-13 2020-02-18
4.3
None Remote Medium Not required None Partial None
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
10 CVE-2020-7198 269 2020-11-06 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
11 CVE-2020-7196 522 2020-10-26 2021-07-21
4.0
None Remote Low ??? Partial None None
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
12 CVE-2020-7135 269 Exec Code 2020-04-27 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.
13 CVE-2020-7134 200 +Info 2020-04-24 2021-07-21
4.0
None Remote Low ??? Partial None None
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
14 CVE-2020-7132 79 XSS 2020-04-23 2020-04-30
3.5
None Remote Medium ??? None Partial None
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows).
15 CVE-2020-7130 200 +Info 2020-03-04 2020-03-05
5.0
None Remote Low Not required Partial None None
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.
16 CVE-2020-6931 269 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
17 CVE-2019-19539 522 2020-01-27 2020-02-07
2.1
None Local Low Not required Partial None None
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.
18 CVE-2019-18910 78 Exec Code 2019-11-22 2022-01-01
4.6
None Local Low Not required Partial Partial Partial
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
19 CVE-2019-18567 125 DoS 2020-02-03 2021-11-03
3.3
None Local Medium Not required Partial None Partial
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.
20 CVE-2019-16286 287 Exec Code Bypass 2019-11-22 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
21 CVE-2019-16285 200 +Info 2019-11-22 2020-08-24
2.1
None Local Low Not required Partial None None
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
22 CVE-2019-12000 20 Bypass 2020-07-17 2021-07-21
5.4
None Remote Medium ??? Partial Partial Partial
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide.
23 CVE-2019-11997 79 XSS 2020-01-16 2020-01-27
4.3
None Remote Medium Not required None Partial None
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.
24 CVE-2019-11995 2019-12-18 2020-08-24
5.0
None Remote Low Not required Partial None None
Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.
25 CVE-2019-11992 79 XSS 2019-12-18 2019-12-23
4.3
None Remote Medium Not required None Partial None
A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.
26 CVE-2019-11946 310 2019-06-05 2021-07-21
6.8
None Remote Low ??? Complete None None
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
27 CVE-2019-11656 79 XSS 2019-10-04 2019-10-08
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
28 CVE-2019-11655 434 2019-10-04 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
29 CVE-2019-6331 200 +Info 2020-01-09 2020-01-15
2.1
None Local Low Not required Partial None None
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.
30 CVE-2019-5408 2019-08-09 2020-08-24
6.4
None Remote Low Not required Partial Partial None
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.
31 CVE-2019-5407 2019-08-09 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
32 CVE-2019-5405 Bypass 2019-08-09 2020-08-24
5.0
None Remote Low Not required Partial None None
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
33 CVE-2019-5403 79 XSS 2019-08-09 2019-08-16
3.5
None Remote Medium ??? None Partial None
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
34 CVE-2019-5394 2019-06-05 2020-08-24
4.9
None Local High ??? Partial Partial Complete
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
35 CVE-2019-5393 Exec Code 2019-06-05 2020-08-24
6.8
None Remote Low ??? Complete None None
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
36 CVE-2019-5392 2019-06-05 2020-08-24
5.0
None Remote Low Not required Partial None None
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
37 CVE-2019-3683 732 2020-01-17 2020-10-22
6.5
None Remote Low ??? Partial Partial Partial
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
38 CVE-2019-3486 79 XSS 2019-07-25 2021-05-12
4.3
None Remote Medium Not required None Partial None
Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1
39 CVE-2019-3485 79 XSS 2019-07-24 2021-05-12
4.3
None Remote Medium Not required None Partial None
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
40 CVE-2019-3483 200 +Info 2019-03-25 2021-07-21
6.8
None Remote Low ??? Complete None None
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
41 CVE-2019-3482 22 Dir. Trav. 2019-03-25 2019-03-25
6.8
None Remote Low ??? Complete None None
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.
42 CVE-2019-3480 79 XSS 2019-03-25 2019-03-25
4.3
None Remote Medium Not required None Partial None
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.
43 CVE-2018-18593 22 Dir. Trav. 2018-12-31 2019-10-09
5.0
None Remote Low Not required Partial None None
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information
44 CVE-2018-15532 200 +Info 2019-03-21 2019-03-27
2.1
None Local Low Not required Partial None None
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.
45 CVE-2018-7125 Exec Code 2019-06-05 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
46 CVE-2018-7122 200 +Info 2019-06-05 2019-06-06
5.0
None Remote Low Not required Partial None None
A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
47 CVE-2018-7119 2019-05-10 2020-08-24
1.9
None Local Medium Not required Partial None None
A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials.
48 CVE-2018-7118 Bypass 2019-04-09 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.
49 CVE-2018-7116 119 DoS Overflow 2018-12-03 2020-08-24
5.0
None Remote Low Not required None None Partial
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
50 CVE-2018-7111 2018-10-17 2019-10-03
5.0
None Remote Low Not required None Partial None
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.
Total number of vulnerabilities : 787   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.