Skip to main content

HP

651 CVEs vendor

Monthly

CVE-2026-13753 HIGH This Week

Information disclosure in HP Deskjet 2800 Series printers running firmware TBP1CN2612AR or earlier lets an unauthenticated attacker on the network read sensitive configuration - including plaintext Wi‑Fi Direct credentials, device identity, and administrative security state - by sending plain GET requests to administrative API endpoints. The same data is gated behind administrator login in the web UI, so these API endpoints bypass the product's own access-control model. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

HP Information Disclosure Hp 2800 Printer Series
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-14544 CRITICAL Act Now

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. The Red Hat CVSS of 9.8 reflects a network-reachable, unauthenticated attack path, though realistic exploitation depends on how the CUPS print pipeline is exposed.

Integer Overflow HP RCE Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-2891 HIGH PATCH This Week

Denial of service in HP Poly Voice IP endpoints (CCX, Trio C60, and Edge E series) allows an attacker operating or impersonating a SIP server to render affected devices inoperable by returning malformed data during SIP signaling. The flaw is an uncontrolled-resource-consumption / improper-input-handling issue (CWE-400) that crashes or hangs the phone, disrupting voice service. HP has published advisory hpsbpy04096 and is releasing firmware updates; no public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

HP Denial Of Service Ccx Trio C60 Edge E
NVD VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-8864 HIGH PATCH This Week

Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.

HP Privilege Escalation Hp Fan Control App
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-7539 HIGH PATCH This Week

Local privilege escalation and arbitrary code execution in the HP Accessory WMI Provider installer bundled with certain HP Docking Stations allows a low-privileged local user to gain elevated (likely SYSTEM) execution. The root cause is insecure temporary-file/directory permissions used during installation (CWE-379), which an attacker can abuse to introduce or replace executable content that a privileged installer process runs. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; HP has published advisory hpsbhf04129 and is releasing software updates.

HP Privilege Escalation RCE Hp Dock Accessory
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-5064 HIGH PATCH This Week

Local privilege escalation and denial of service in HP One Agent software on HP PC products allow authenticated low-privileged users to gain elevated rights or disrupt the agent. HP has acknowledged the issue and is releasing software updates as mitigation. No public exploit identified at time of analysis, and the flaw is not listed on CISA KEV.

Privilege Escalation HP Denial Of Service Hp One Agent Software
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-42626 Awaiting Data

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's session threads to remain locked in a waiting state. The firmware lacks connection timeouts and concurrent session limits, resulting in a persistent Denial of Service (DoS) that renders the printer unresponsive to all user commands and print jobs. Physical intervention (manual restart) is required to restore functionality, and the attack can be immediately re-initiated.

HP Denial Of Service N A
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-8632 HIGH PATCH This Week

Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118.

HP RCE Command Injection Linux Imaging And Printing
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-8631 CRITICAL PATCH Act Now

Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV.

HP Buffer Overflow RCE Heap Overflow Linux Imaging And Printing
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-3291 MEDIUM This Month

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

HP Samsung Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-6180 MEDIUM PATCH This Month

Race condition in PaperCut MF badge-swipe processing from HP multifunction devices allows unauthorized user login when custom badge-ID post-processing scripts transform truncated badge strings into valid credentials of different users. The vulnerability requires specific network conditions (dropped packets, out-of-order sequence counters, failed sequence reset notifications) and custom script configuration, affecting physical device authentication in networked printing environments. No public exploit identified at time of analysis.

Authentication Bypass HP
NVD VulDB
CVSS 4.0
4.1
EPSS
0.0%
CVE-2026-4682 HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow Stack Overflow Microsoft
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4667 HIGH PATCH This Week

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.

Privilege Escalation HP
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-1902 MEDIUM This Month

Stored XSS in the Hammas Calendar WordPress plugin through version 1.5.11 allows authenticated contributors and above to inject malicious scripts via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode due to inadequate input sanitization. When users access pages containing the injected payload, the scripts execute in their browsers, potentially leading to session hijacking, credential theft, or malware distribution. No patch is currently available.

WordPress XSS HP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-23131 MEDIUM PATCH This Month

The HP BIOS configuration driver in the Linux kernel fails to validate attribute names before kobject registration, causing kernel warnings and potential denial of service when HP BIOS returns empty name strings. A local user with standard privileges can trigger this vulnerability to crash or destabilize the system by supplying malformed BIOS attribute data. No patch is currently available for this medium-severity flaw affecting Linux systems with HP BIOS configuration support.

Linux HP Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-1997 MEDIUM This Month

HP OfficeJet Pro printers (D9l18a, D9l20a, D9l21a, D9l63a firmware) are vulnerable to information disclosure through CORS misconfiguration when administrators enable the feature on the Embedded Web Server. An unauthenticated remote attacker can exploit this to access sensitive device resources from untrusted web origins. CORS remains disabled by default as a mitigation, but organizations that have explicitly enabled it should apply patches when available.

CSRF HP J3p68a Firmware J6x78a Firmware T0g56a Firmware +38
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-71121 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations.

Linux Denial Of Service HP Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37165 HIGH This Week

router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor is affected by information exposure (CVSS 7.5).

HP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-71101 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.

Linux HP Buffer Overflow Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-12785 MEDIUM This Month

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP W1Y47A Firmware 7Kw48A Firmware 7Kw49A Firmware +59
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-12784 MEDIUM This Month

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP W1Y47A Firmware 7Kw48A Firmware 7Kw49A Firmware +59
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-11761 HIGH This Month

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Client Management Script Library
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34231 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-34230 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34229 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34222 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes -. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker HP PHP Virtual Appliance Application +1
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-9903 MEDIUM This Month

Out-of-bounds write vulnerabilities exist in the print processing functionality of multiple Canon printer drivers, including Generic Plus variants (PCL6, UFR II, LIPS4, LIPSLX, PS) and standalone drivers (UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, PCL6). An attacker can exploit these memory corruption flaws via a malicious print job to corrupt memory, potentially leading to code execution or denial of service. The EPSS score of 0.04% (13th percentile) suggests low exploitation probability in the wild, and no active KEV status has been reported, indicating this is not currently being exploited at scale.

Buffer Overflow HP Denial Of Service
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-7698 MEDIUM This Month

Out-of-bounds read vulnerabilities exist in the print processing functionality of multiple Canon printer driver families, including Generic Plus PCL6, UFR II, LIPS4, LIPSLX, PS, PCL6, CARPS2, and related variants. These vulnerabilities allow remote attackers to read sensitive memory contents (information disclosure) and potentially cause application crashes, requiring user interaction (opening a malicious print job) to trigger. With an EPSS score of 0.05% and no evidence of active exploitation in the wild, this represents a low real-world risk despite moderate CVSS scoring.

Buffer Overflow Information Disclosure HP
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-10568 MEDIUM This Month

HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP RCE Ngenuity
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-38540 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 &. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Information Disclosure Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43490 HIGH This Month

A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2024-5477 HIGH This Week

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

HP RCE Denial Of Service Privilege Escalation Information Disclosure
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2024-51770 HIGH PATCH This Week

CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.

Information Disclosure HP Autopass License Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-51769 HIGH PATCH This Week

CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure.

Information Disclosure HP Autopass License Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-51768 HIGH PATCH This Week

CVE-2024-51768 is a remote code execution vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17, stemming from unsafe deserialization in the embedded HSQLDB database library. An authenticated attacker with local network access can execute arbitrary code with the privileges of the APLS service, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.0 and represents a significant risk to organizations using affected APLS versions, particularly given the authentication requirement is modest (PR:L) and the attack complexity is low.

RCE HP Java Autopass License Server
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-51982 HIGH This Week

CVE-2024-51982 is a denial-of-service vulnerability affecting network-connected printers and multifunction devices that expose the Printer Job Language (PJL) interface on TCP port 9100. An unauthenticated remote attacker can send a malformed PJL command with an invalid FORMLINES variable to crash the device repeatedly, causing service disruption without authentication or user interaction. The CVSS 7.5 score reflects the high availability impact, and while specific KEV/POC data was not provided in the source material, the straightforward nature of the exploit (malformed input causing crash) suggests practical exploitability.

Denial Of Service HP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-51978 CRITICAL POC THREAT Emergency

Certain devices expose serial numbers via HTTP/HTTPS/IPP and SNMP that can be used to generate the default administrator password. An unauthenticated attacker who discovers the serial number can calculate the admin password and gain full administrative control of the device without brute force.

Information Disclosure HP Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
48.3%
Threat
4.9
CVE-2025-43026 HIGH This Week

Local privilege escalation vulnerability in HP Support Assistant versions before 9.44.18.0 that allows a local attacker with limited user privileges to write arbitrary files and escalate to higher privilege levels without user interaction. The vulnerability carries a CVSS score of 7.8 (high severity) and exploits improper file permission handling in the support application; while KEV status and active exploitation data are not provided in the source material, the low attack complexity and local attack vector suggest this is a realistic threat for systems running vulnerable versions.

Privilege Escalation HP Support Assistant
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-37091 HIGH PATCH This Week

Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.

RCE Command Injection HP Storeonce System
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-37903 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Amd +5
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37781 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1697 MEDIUM This Month

A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Touchpoint Analytics Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-22002 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfs: Call `invalidate_cache` only if implemented Many filesystems such as NFS and Ceph do not implement the `invalidate_cache`. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21992 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux HP Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1268 CRITICAL Act Now

An out-of-bounds write vulnerability exists in the EMF Recode processing functionality of multiple Canon printer drivers, allowing remote attackers to execute arbitrary code or crash the system without authentication. The vulnerability affects a wide range of Canon's Generic Plus and standard printer drivers (PCL6, UFR II, LIPS4, LIPSLX, PS, FAX, CARPS2, and PDF drivers) and has a critical CVSS score of 9.4. With an EPSS score of 0.44% (63rd percentile), the vulnerability shows moderate real-world exploitation likelihood, though no active exploitation or public proof-of-concept has been reported.

Buffer Overflow HP
NVD VulDB
CVSS 3.1
9.4
EPSS
0.4%
CVE-2025-2367 MEDIUM This Month

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2268 MEDIUM This Month

The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service 6Gx09A Firmware 6Gx09E Firmware 9Yf91E Firmware +51
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2022-49649 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue xenvif_rx_next_skb() is expecting the rx queue not being. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49268 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns -ENOMEM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP Intel Denial Of Service +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26508 HIGH This Week

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE HP Futuresmart 3 +97
NVD
CVSS 4.0
8.3
EPSS
6.1%
CVE-2025-26507 MEDIUM This Month

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow HP Futuresmart 3 +2
NVD
CVSS 4.0
6.3
EPSS
6.1%
CVE-2025-26506 CRITICAL Act Now

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow HP 499Q9E Firmware +94
NVD
CVSS 4.0
9.2
EPSS
6.1%
CVE-2025-1004 MEDIUM This Month

Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service G3Q78A Firmware G3Q79A Firmware Q3Q75A Firmware +7
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1003 HIGH This Week

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation HP
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-56623 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Use After Free Memory Corruption HP Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53676 CRITICAL POC THREAT Act Now

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal HP Information Disclosure Insight Remote Support
NVD GitHub
CVSS 3.1
9.8
EPSS
51.3%
CVE-2024-2208 HIGH This Week

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-2207 MEDIUM This Month

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated medium severity (CVSS 6.0). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-50234 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. Rated high severity (CVSS 7.0).

HP Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-9419 CRITICAL Act Now

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP RCE Memory Corruption Smart Universal Printing Driver
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49939 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-5749 HIGH This Week

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP F9A29A Firmware F9A29B Firmware F9A29C Firmware +12
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-27458 HIGH This Week

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-8733 HIGH This Week

A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-9423 MEDIUM This Month

Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service 9Yf88A Firmware 9Yf89A Firmware 9Yf90A Firmware +99
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-46768 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hwmon: (hp-wmi-sensors) Check if WMI event data exists The BIOS can choose to return no event data in response to a WMI event, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference HP Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42500 CRITICAL Act Now

HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-45000 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference HP Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7720 CRITICAL Act Now

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection HP RCE Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-43844 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb->end. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7339 MEDIUM POC THREAT This Month

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP Information Disclosure Sh 4050A5 5L Mm Firmware Avision Av108T Firmware Td 2104ts Cl Firmware +1
NVD VulDB
CVSS 4.0
6.9
EPSS
32.0%
CVE-2024-42148 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Broadcom Buffer Overflow HP Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-29080 MEDIUM This Month

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. Rated medium severity (CVSS 6.5). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24970 MEDIUM This Month

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. Rated medium severity (CVSS 6.5). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-4143 CRITICAL Act Now

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP RCE
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2300 MEDIUM This Month

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure HP Google
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-2301 HIGH This Week

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP XSS Cz181A Firmware Cz182A Firmware Cz187A Firmware +11
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-1695 MEDIUM This Month

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. Rated medium severity (CVSS 5.7). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-28893 HIGH This Week

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection HP RCE Softpaqs
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-22438 LOW Monitor

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP CSRF
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-26728 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix null-pointer dereference on edid reading Use i2c adapter when there isn't aux_mode in dc_link to fix a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux HP Denial Of Service Amd Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2209 MEDIUM This Month

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection HP RCE Microsoft 26K70B Firmware +27
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-1869 HIGH This Week

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure Cq893C Firmware Cq891C Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-1174 HIGH This Week

Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow HP
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-0407 MEDIUM This Month

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Futuresmart 4 Futuresmart 3 Futuresmart 5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-0794 CRITICAL Act Now

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-50271 HIGH This Week

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4694 HIGH This Week

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Officejet Pro 8730 D9L19A Firmware Officejet Pro 8730 M9L74A Firmware Officejet Pro 8730 M9L75A Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5739 HIGH PATCH This Week

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation HP Microsoft Image Assistant Pc Hardware Diagnostics +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5671 HIGH This Week

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Microsoft Print And Scan Doctor
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in HP Deskjet 2800 Series printers running firmware TBP1CN2612AR or earlier lets an unauthenticated attacker on the network read sensitive configuration - including plaintext Wi‑Fi Direct credentials, device identity, and administrative security state - by sending plain GET requests to administrative API endpoints. The same data is gated behind administrator login in the web UI, so these API endpoints bypass the product's own access-control model. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

HP Information Disclosure Hp 2800 Printer Series
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. The Red Hat CVSS of 9.8 reflects a network-reachable, unauthenticated attack path, though realistic exploitation depends on how the CUPS print pipeline is exposed.

Integer Overflow HP RCE +5
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in HP Poly Voice IP endpoints (CCX, Trio C60, and Edge E series) allows an attacker operating or impersonating a SIP server to render affected devices inoperable by returning malformed data during SIP signaling. The flaw is an uncontrolled-resource-consumption / improper-input-handling issue (CWE-400) that crashes or hangs the phone, disrupting voice service. HP has published advisory hpsbpy04096 and is releasing firmware updates; no public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

HP Denial Of Service Ccx +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.

HP Privilege Escalation Hp Fan Control App
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation and arbitrary code execution in the HP Accessory WMI Provider installer bundled with certain HP Docking Stations allows a low-privileged local user to gain elevated (likely SYSTEM) execution. The root cause is insecure temporary-file/directory permissions used during installation (CWE-379), which an attacker can abuse to introduce or replace executable content that a privileged installer process runs. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; HP has published advisory hpsbhf04129 and is releasing software updates.

HP Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation and denial of service in HP One Agent software on HP PC products allow authenticated low-privileged users to gain elevated rights or disrupt the agent. HP has acknowledged the issue and is releasing software updates as mitigation. No public exploit identified at time of analysis, and the flaw is not listed on CISA KEV.

Privilege Escalation HP Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.9
Awaiting Data

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's session threads to remain locked in a waiting state. The firmware lacks connection timeouts and concurrent session limits, resulting in a persistent Denial of Service (DoS) that renders the printer unresponsive to all user commands and print jobs. Physical intervention (manual restart) is required to restore functionality, and the attack can be immediately re-initiated.

HP Denial Of Service N A
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118.

HP RCE Command Injection +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV.

HP Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

HP Samsung Google +1
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Race condition in PaperCut MF badge-swipe processing from HP multifunction devices allows unauthorized user login when custom badge-ID post-processing scripts transform truncated badge strings into valid credentials of different users. The vulnerability requires specific network conditions (dropped packets, out-of-order sequence counters, failed sequence reset notifications) and custom script configuration, affecting physical device authentication in networked printing environments. No public exploit identified at time of analysis.

Authentication Bypass HP
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.

Privilege Escalation HP
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Stored XSS in the Hammas Calendar WordPress plugin through version 1.5.11 allows authenticated contributors and above to inject malicious scripts via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode due to inadequate input sanitization. When users access pages containing the injected payload, the scripts execute in their browsers, potentially leading to session hijacking, credential theft, or malware distribution. No patch is currently available.

WordPress XSS HP
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The HP BIOS configuration driver in the Linux kernel fails to validate attribute names before kobject registration, causing kernel warnings and potential denial of service when HP BIOS returns empty name strings. A local user with standard privileges can trigger this vulnerability to crash or destabilize the system by supplying malformed BIOS attribute data. No patch is currently available for this medium-severity flaw affecting Linux systems with HP BIOS configuration support.

Linux HP Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

HP OfficeJet Pro printers (D9l18a, D9l20a, D9l21a, D9l63a firmware) are vulnerable to information disclosure through CORS misconfiguration when administrators enable the feature on the Embedded Web Server. An unauthenticated remote attacker can exploit this to access sensitive device resources from untrusted web origins. CORS remains disabled by default as a mitigation, but organizations that have explicitly enabled it should apply patches when available.

CSRF HP J3p68a Firmware +40
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations.

Linux Denial Of Service HP +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor is affected by information exposure (CVSS 7.5).

HP Information Disclosure
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.

Linux HP Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP W1Y47A Firmware +61
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP W1Y47A Firmware +61
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Client Management Script Library
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP +3
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP +3
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP +3
NVD
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes -. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker HP +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Out-of-bounds write vulnerabilities exist in the print processing functionality of multiple Canon printer drivers, including Generic Plus variants (PCL6, UFR II, LIPS4, LIPSLX, PS) and standalone drivers (UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, PCL6). An attacker can exploit these memory corruption flaws via a malicious print job to corrupt memory, potentially leading to code execution or denial of service. The EPSS score of 0.04% (13th percentile) suggests low exploitation probability in the wild, and no active KEV status has been reported, indicating this is not currently being exploited at scale.

Buffer Overflow HP Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Out-of-bounds read vulnerabilities exist in the print processing functionality of multiple Canon printer driver families, including Generic Plus PCL6, UFR II, LIPS4, LIPSLX, PS, PCL6, CARPS2, and related variants. These vulnerabilities allow remote attackers to read sensitive memory contents (information disclosure) and potentially cause application crashes, requiring user interaction (opening a malicious print job) to trigger. With an EPSS score of 0.05% and no evidence of active exploitation in the wild, this represents a low real-world risk despite moderate CVSS scoring.

Buffer Overflow Information Disclosure HP
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM This Month

HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 &. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Information Disclosure Linux +4
NVD
EPSS 0% CVSS 8.4
HIGH This Month

A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

HP RCE Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.

Information Disclosure HP Autopass License Server
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure.

Information Disclosure HP Autopass License Server
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

CVE-2024-51768 is a remote code execution vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17, stemming from unsafe deserialization in the embedded HSQLDB database library. An authenticated attacker with local network access can execute arbitrary code with the privileges of the APLS service, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.0 and represents a significant risk to organizations using affected APLS versions, particularly given the authentication requirement is modest (PR:L) and the attack complexity is low.

RCE HP Java +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

CVE-2024-51982 is a denial-of-service vulnerability affecting network-connected printers and multifunction devices that expose the Printer Job Language (PJL) interface on TCP port 9100. An unauthenticated remote attacker can send a malformed PJL command with an invalid FORMLINES variable to crash the device repeatedly, causing service disruption without authentication or user interaction. The CVSS 7.5 score reflects the high availability impact, and while specific KEV/POC data was not provided in the source material, the straightforward nature of the exploit (malformed input causing crash) suggests practical exploitability.

Denial Of Service HP
NVD GitHub
EPSS 48% 4.9 CVSS 9.8
CRITICAL POC THREAT Emergency

Certain devices expose serial numbers via HTTP/HTTPS/IPP and SNMP that can be used to generate the default administrator password. An unauthenticated attacker who discovers the serial number can calculate the admin password and gain full administrative control of the device without brute force.

Information Disclosure HP Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation vulnerability in HP Support Assistant versions before 9.44.18.0 that allows a local attacker with limited user privileges to write arbitrary files and escalate to higher privilege levels without user interaction. The vulnerability carries a CVSS score of 7.8 (high severity) and exploits improper file permission handling in the support application; while KEV status and active exploitation data are not provided in the source material, the low attack complexity and local attack vector suggest this is a realistic threat for systems running vulnerable versions.

Privilege Escalation HP Support Assistant
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.

RCE Command Injection HP +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP +5
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Touchpoint Analytics Service
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfs: Call `invalidate_cache` only if implemented Many filesystems such as NFS and Ceph do not implement the `invalidate_cache`. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux HP +3
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

An out-of-bounds write vulnerability exists in the EMF Recode processing functionality of multiple Canon printer drivers, allowing remote attackers to execute arbitrary code or crash the system without authentication. The vulnerability affects a wide range of Canon's Generic Plus and standard printer drivers (PCL6, UFR II, LIPS4, LIPSLX, PS, FAX, CARPS2, and PDF drivers) and has a critical CVSS score of 9.4. With an EPSS score of 0.44% (63rd percentile), the vulnerability shows moderate real-world exploitation likelihood, though no active exploitation or public proof-of-concept has been reported.

Buffer Overflow HP
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service 6Gx09A Firmware +53
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue xenvif_rx_next_skb() is expecting the rx queue not being. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns -ENOMEM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP +5
NVD
EPSS 6% CVSS 8.3
HIGH This Week

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE +99
NVD
EPSS 6% CVSS 6.3
MEDIUM This Month

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow +4
NVD
EPSS 6% CVSS 9.2
CRITICAL Act Now

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow +96
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service G3Q78A Firmware +9
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation HP
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Use After Free Memory Corruption HP +3
NVD
EPSS 51% CVSS 9.8
CRITICAL POC THREAT Act Now

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal HP +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated medium severity (CVSS 6.0). No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. Rated high severity (CVSS 7.0).

HP Information Disclosure Linux +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Information Disclosure Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP F9A29A Firmware +14
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service 9Yf88A Firmware +101
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hwmon: (hp-wmi-sensors) Check if WMI event data exists The BIOS can choose to return no event data in response to a WMI event, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference HP Denial Of Service +2
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference HP Denial Of Service +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection HP RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb->end. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Information Disclosure Linux +1
NVD
EPSS 32% CVSS 6.9
MEDIUM POC THREAT This Month

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP Information Disclosure Sh 4050A5 5L Mm Firmware +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Broadcom Buffer Overflow HP +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. Rated medium severity (CVSS 6.5). No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. Rated medium severity (CVSS 6.5). No vendor patch available.

Privilege Escalation HP
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP RCE
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure HP +1
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP XSS Cz181A Firmware +13
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. Rated medium severity (CVSS 5.7). No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection HP RCE +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP CSRF
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix null-pointer dereference on edid reading Use i2c adapter when there isn't aux_mode in dc_link to fix a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux HP Denial Of Service +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection HP RCE +29
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow HP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Futuresmart 4 +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Officejet Pro 8730 D9L19A Firmware +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation HP Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Microsoft +1
NVD
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy