CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39238 120 Overflow 2021-11-03 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.
2 CVE-2021-39237 2021-11-03 2021-11-04
2.1
None Local Low Not required Partial None None
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.
3 CVE-2021-29212 22 Dir. Trav. 2021-11-01 2021-11-05
10.0
None Remote Low Not required Complete Complete Complete
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.
4 CVE-2021-29203 287 DoS Exec Code +Priv Bypass 2021-05-06 2021-05-14
10.0
None Remote Low Not required Complete Complete Complete
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
5 CVE-2021-26586 2021-08-05 2021-08-13
5.0
None Remote Low Not required Partial None None
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).
6 CVE-2021-26584 79 XSS 2021-06-03 2021-06-11
4.3
None Remote Medium Not required None Partial None
A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).
7 CVE-2021-26583 Exec Code 2021-05-10 2021-05-21
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution.
8 CVE-2021-25140 22 DoS Exec Code Dir. Trav. 2021-02-09 2021-02-16
10.0
None Remote Low Not required Complete Complete Complete
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.
9 CVE-2021-25139 787 DoS Exec Code Overflow 2021-02-09 2021-02-16
10.0
None Remote Low Not required Complete Complete Complete
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.
10 CVE-2021-3662 79 XSS 2021-10-29 2021-11-04
3.5
None Remote Medium ??? None Partial None
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).
11 CVE-2021-3440 269 2021-11-01 2021-11-03
4.6
None Local Low Not required Partial Partial Partial
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
12 CVE-2021-3438 120 Overflow 2021-05-20 2021-06-08
4.6
None Local Low Not required Partial Partial Partial
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
13 CVE-2020-24652 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
14 CVE-2020-24651 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
15 CVE-2020-24650 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
16 CVE-2020-24649 20 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
17 CVE-2020-24648 502 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
18 CVE-2020-24647 20 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19 CVE-2020-24646 787 Exec Code Overflow 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
20 CVE-2020-24630 269 2020-10-19 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
21 CVE-2020-24629 287 Bypass 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
22 CVE-2020-12695 276 2020-06-08 2021-04-23
7.8
None Remote Medium Not required Partial None Complete
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
23 CVE-2020-11853 Exec Code 2020-10-22 2021-05-12
6.5
None Remote Low ??? Partial Partial Partial
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
24 CVE-2020-7209 Exec Code 2020-02-13 2020-06-10
7.5
None Remote Low Not required Partial Partial Partial
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
25 CVE-2020-7208 79 XSS 2020-02-13 2020-02-18
4.3
None Remote Medium Not required None Partial None
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
26 CVE-2020-7206 94 2020-07-17 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.
27 CVE-2020-7203 Exec Code 2020-12-18 2020-12-21
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.
28 CVE-2020-7200 Exec Code 2020-12-18 2021-03-25
7.5
None Remote Low Not required Partial Partial Partial
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
29 CVE-2020-7199 287 DoS Exec Code +Priv Bypass 2020-12-02 2020-12-04
10.0
None Remote Low Not required Complete Complete Complete
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
30 CVE-2020-7198 269 2020-11-06 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
31 CVE-2020-7197 287 Bypass 2020-10-26 2020-11-16
7.5
None Remote Low Not required Partial Partial Partial
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.
32 CVE-2020-7196 522 2020-10-26 2021-07-21
4.0
None Remote Low ??? Partial None None
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
33 CVE-2020-7195 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
34 CVE-2020-7194 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
35 CVE-2020-7193 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
36 CVE-2020-7192 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
37 CVE-2020-7191 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
38 CVE-2020-7190 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
39 CVE-2020-7189 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
40 CVE-2020-7188 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
41 CVE-2020-7187 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
42 CVE-2020-7186 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
43 CVE-2020-7185 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
44 CVE-2020-7184 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
45 CVE-2020-7183 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
46 CVE-2020-7182 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
47 CVE-2020-7181 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
48 CVE-2020-7180 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
49 CVE-2020-7179 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
50 CVE-2020-7178 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Total number of vulnerabilities : 1779   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.