Filtered by vendor Hp
Subscribe
Total
2415 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38741 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Txseries For Multiplatform and 2 more | 2023-08-23 | N/A | 7.5 HIGH |
| IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. | |||||
| CVE-2023-38402 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2023-08-23 | N/A | 7.1 HIGH |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process. | |||||
| CVE-2023-38401 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2023-08-23 | N/A | 7.8 HIGH |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. | |||||
| CVE-2022-4894 | 2 Hp, Samsung | 2046 1vr14a, 1vr14a Firmware, 209u7a and 2043 more | 2023-08-23 | N/A | 7.3 HIGH |
| Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. | |||||
| CVE-2022-23700 | 1 Hp | 1 Oneview | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-23699 | 1 Hp | 1 Oneview | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-22310 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. | |||||
| CVE-2022-22473 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2023-08-08 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. | |||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | |||||
| CVE-2022-37935 | 1 Hp | 1 Oneview For Vmware Vcenter | 2023-08-08 | N/A | 5.5 MEDIUM |
| HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | |||||
| CVE-2022-34165 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2023-08-08 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. | |||||
| CVE-2021-3942 | 1 Hp | 5400 Color Laserjet Cm4540 Mfp Cc419a, Color Laserjet Cm4540 Mfp Cc419a Firmware, Color Laserjet Cm4540 Mfp Cc420a and 5397 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | |||||
| CVE-2022-28617 | 1 Hp | 1 Oneview | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2023-27869 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-03 | N/A | 8.8 HIGH |
| IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517. | |||||
| CVE-2023-27868 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-03 | N/A | 8.8 HIGH |
| IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516. | |||||
| CVE-2023-27867 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-03 | N/A | 8.8 HIGH |
| IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514. | |||||
| CVE-2023-35980 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-08-02 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-35981 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-08-02 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-35982 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-08-02 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-30449 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439. | |||||