Skip to main content

HP

651 CVEs vendor

Monthly

CVE-2023-26300 HIGH PATCH This Week

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation HP Desktop Pro A 300 G3 Firmware Desktop Pro A G3 Firmware Desktop Pro A G3 Microtower Firmware +86
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5449 LOW PATCH Monitor

A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure HP E22 G4 Fhd Firmware E23 G4 Fhd Firmware E24I G4 Wuxga Firmware +26
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-5409 MEDIUM PATCH This Month

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure HP T430 Thin Client Firmware T638 Thin Client Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-4499 HIGH PATCH This Week

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Thinupdate
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5365 CRITICAL Act Now

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation HP Authentication Bypass Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5113 MEDIUM This Month

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XSS HP Futuresmart 5
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-26301 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Authentication Bypass Color Laserjet Pro 4201 4203 4Ra87F Firmware Color Laserjet Pro 4201 4203 4Ra88F Firmware +17
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-35178 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP W1A75A Firmware W1A76A Firmware W1A77A Firmware +35
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-35177 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption HP Buffer Overflow W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-35176 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service HP W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35175 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE HP W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-26299 HIGH PATCH This Week

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. Rated high severity (CVSS 7.0).

RCE HP 260 G4 Desktop Mini Firmware T430 Firmware T628 Firmware +56
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-30903 MEDIUM This Month

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Hp Ux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1329 CRITICAL Act Now

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Color Laserjet Enterprise Mfp M577 B5L46A Firmware Color Laserjet Enterprise Mfp M577 B5L47A Firmware Color Laserjet Enterprise Mfp M577 B5L48A Firmware Color Laserjet Enterprise Mfp M577 B5L54A Firmware +950
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1707 HIGH This Week

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 5
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-32674 CRITICAL Act Now

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Microsoft Pc Hardware Diagnostics
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32673 CRITICAL PATCH Act Now

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Microsoft Image Assistant Pc Hardware Diagnostics +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26298 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26297 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26296 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26295 CRITICAL Act Now

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-26294 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-28382 HIGH This Week

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Ess Rec
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-27973 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware +37
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27972 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware Laserjet Pro M304 M305 W1A47A Firmware +36
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27971 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware Laserjet Pro M304 M305 W1A47A Firmware Laserjet Pro M304 M305 W1A48A Firmware +35
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43780 HIGH This Week

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service M2U75A Firmware M2U76A Firmware M2U77A Firmware +38
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-38395 HIGH This Week

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Fusion Support Assistant
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2022-37932 CRITICAL POC Act Now

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Officeconnect 1820 J9979A Firmware Officeconnect 1820 J9982A Firmware Officeconnect 1820 J9980A Firmware +16
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-37929 MEDIUM This Month

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Sf100 Firmware Sf300 Firmware Hf60C Firmware +6
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37928 MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Sf100 Firmware Sf300 Firmware Hf60C Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-37927 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Oneview Global Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37018 HIGH PATCH This Week

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

RCE Privilege Escalation HP Z1 G3 Firmware Z2 Mini G3 Firmware +73
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-2794 HIGH This Week

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service Pagewide 352Dw J6U57A Firmware Pagewide 377Dw J9V80A Firmware Pagewide Managed P55250Dw J6U55A Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1038 HIGH PATCH This Week

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation HP Jumpstart
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-40966 HIGH PATCH This Week

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass HP Wcr 300 Firmware Whr Hp G300N Firmware Whr Hp Gn Firmware +72
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-39044 MEDIUM PATCH This Month

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Command Injection HP Wcr 300 Firmware Whr Hp G300N Firmware Whr Hp Gn Firmware +51
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-28722 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow P4C78A Firmware P4C85A Firmware T3P03A Firmware +96
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28721 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE M2U86A Firmware M2U86B Firmware M2U86C Firmware +297
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28640 HIGH This Week

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-28639 HIGH This Week

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-28638 HIGH This Week

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28637 HIGH This Week

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1602 MEDIUM This Month

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Thinpro
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28623 CRITICAL Act Now

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Red Hat Icewall Sso Certd
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-24293 CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-24292 CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-24291 HIGH This Week

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
7.5
EPSS
4.4%
CVE-2022-23934 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23933 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23932 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23931 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23930 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23929 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23928 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23927 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23926 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23925 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23924 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-23958 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23957 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23955 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23954 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23956 MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23953 MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-34424 HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP Apple Microsoft +30
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-34423 CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE HP Apple +31
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-39238 CRITICAL Act Now

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Futuresmart 3 Futuresmart 4 Futuresmart 5
NVD
CVSS 3.1
9.8
EPSS
12.1%
CVE-2021-39237 MEDIUM This Month

Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 3 Futuresmart 4 Futuresmart 5
NVD
CVSS 3.1
4.6
EPSS
2.4%
CVE-2021-3705 CRITICAL Act Now

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Laserjet Pro J8H61A Firmware Laserjet Pro J8H60A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-3704 HIGH This Week

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Laserjet Pro J8H60A Firmware Laserjet Pro J8H61A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3440 HIGH This Week

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure HP Hp Smart
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3662 MEDIUM This Month

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Futuresmart 4 Futuresmart 5
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3441 MEDIUM POC This Month

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Officejet 7110 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.7%
CVE-2021-3438 HIGH This Week

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Privilege Escalation HP Color Laser 150 4Zb94A +381
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-3512 HIGH This Week

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Bhr 4Grv Firmware Dwr Hp G300Nh Firmware Hw 450Hp Zwe Firmware +21
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-3511 MEDIUM This Month

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Bhr 4Grv Firmware Dwr Hp G300Nh Firmware Hw 450Hp Zwe Firmware +21
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-20716 CRITICAL Act Now

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service HP Bhr 4Rv Firmware Fs G54 Firmware +33
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-26582 MEDIUM This Month

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Red Hat HP Icewall Sso Dgfw
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21614 Maven MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure HP Bumblebee Hp Alm
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-24623 MEDIUM This Month

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP SQLi Microsoft VMware Universal Api Framework
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-11158 HIGH This Week

u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Null Pointer Dereference Denial Of Service Ips Pdf
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-15596 MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell Information Disclosure Elite X2 1012 G1 Firmware +13
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-7206 CRITICAL PATCH Act Now

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

HP Command Injection PHP Nagios Plugins Hpilo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-2218 Maven LOW Monitor

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure Hp Application Lifecycle Management Quality Center
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-7136 CRITICAL POC THREAT Act Now

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Update Manager
NVD
CVSS 3.1
9.8
EPSS
79.5%
CVE-2019-18909 HIGH POC This Week

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

HP Command Injection Thinpro
NVD
CVSS 3.1
8.0
EPSS
2.2%
CVE-2019-16287 MEDIUM This Month

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Thinpro
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2019-6337 MEDIUM This Month

For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure D9l63a Firmware D9l64a Firmware T0g70a Firmware +38
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2019-16284 HIGH This Week

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE 260 G1 Dm Firmware 280 Pro G1 Firmware 285 G2 Firmware +99
NVD
CVSS 3.1
7.2
EPSS
2.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation HP Desktop Pro A 300 G3 Firmware +88
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure HP E22 G4 Fhd Firmware +28
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure HP T430 Thin Client Firmware +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Thinupdate
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation HP +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XSS HP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Authentication Bypass +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP W1A75A Firmware +37
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption HP Buffer Overflow +38
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service HP +38
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE HP +38
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. Rated high severity (CVSS 7.0).

RCE HP 260 G4 Desktop Mini Firmware +58
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Hp Ux
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Color Laserjet Enterprise Mfp M577 B5L46A Firmware Color Laserjet Enterprise Mfp M577 B5L47A Firmware +952
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Microsoft +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Microsoft +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Ess Rec
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE HP +39
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Buffer Overflow +38
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware +37
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service M2U75A Firmware +40
NVD
EPSS 3% CVSS 7.8
HIGH This Week

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Fusion +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Officeconnect 1820 J9979A Firmware +18
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Sf100 Firmware +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Sf100 Firmware +8
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Oneview Global Dashboard
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

RCE Privilege Escalation HP +75
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service Pagewide 352Dw J6U57A Firmware +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation HP Jumpstart
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass HP Wcr 300 Firmware +74
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Command Injection HP Wcr 300 Firmware +53
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow P4C78A Firmware +98
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE M2U86A Firmware +299
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Thinpro
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Red Hat +1
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP +69
NVD VulDB
EPSS 7% CVSS 9.8
CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP +69
NVD VulDB
EPSS 4% CVSS 7.5
HIGH This Week

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP +69
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP +32
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE +33
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Futuresmart 3 +2
NVD
EPSS 2% CVSS 4.6
MEDIUM This Month

Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 3 +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Laserjet Pro J8H61A Firmware +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Laserjet Pro J8H60A Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure HP +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Futuresmart 4 +1
NVD
EPSS 2% CVSS 4.8
MEDIUM POC This Month

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Officejet 7110 Firmware
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH This Week

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Privilege Escalation +383
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Bhr 4Grv Firmware +23
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Bhr 4Grv Firmware +23
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service HP +35
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Red Hat +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure HP +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP SQLi Microsoft +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell +15
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

HP Command Injection PHP +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure +1
NVD
EPSS 80% CVSS 9.8
CRITICAL POC THREAT Act Now

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Update Manager
NVD
EPSS 2% CVSS 8.0
HIGH POC This Week

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

HP Command Injection Thinpro
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Thinpro
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure D9l63a Firmware +40
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE 260 G1 Dm Firmware +101
NVD
Prev Page 2 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy