651
CVEs
165
Critical
208
High
2
KEV
62
PoC
331
Unpatched C/H
12.7%
Patch Rate
8.7%
Avg EPSS
Severity Breakdown
CRITICAL
165
HIGH
208
MEDIUM
245
LOW
32
Monthly CVE Trend
Affected Products (30)
System Management Homepage
28
Intelligent Management Center
25
Storage Data Protector
24
Linux Kernel
19
Service Manager
16
Loadrunner
15
Systems Insight Manager
14
W1A80A Firmware
13
W1A77A Firmware
13
W1A78A Firmware
13
W1A76A Firmware
13
W1A81A Firmware
13
W1A79A Firmware
13
W1A82A Firmware
13
W1A75A Firmware
13
Intelligent Management Center For Automated Network Manager
12
Sitescope
12
Pc Bios
11
Laserjet Pro Mfp M428 M429 F W1A30A Firmware
10
Laserjet Pro M453 M454 W1Y46A Firmware
10
Laserjet Pro M453 M454 W1Y40A Firmware
10
Laserjet Pro Mfp M428 M429 F W1A35A Firmware
10
Laserjet Pro M453 M454 W1Y44A Firmware
10
Laserjet Pro M453 M454 W1Y45A Firmware
10
Laserjet Pro Mfp M428 M429 W1A28A Firmware
10
Laserjet Pro M304 M305 W1A48A Firmware
10
Laserjet Pro Mfp M428 M429 W1A33A Firmware
10
Laserjet Pro M304 M305 W1A66A Firmware
10
Laserjet Pro M453 M454 W1Y41A Firmware
10
Laserjet Pro M304 M305 W1A46A Firmware
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-3881 | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 94.3% | 213 |
KEV
PoC
No patch
|
| CVE-2013-4810 | HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 89.6% | 209 |
KEV
PoC
No patch
|
| CVE-2014-2623 | Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.8%. | CRITICAL | 10.0 | 89.8% | 175 |
PoC
No patch
|
| CVE-2013-6221 | Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.1%. | CRITICAL | 10.0 | 84.1% | 169 |
PoC
No patch
|
| CVE-2013-2367 | Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.8%. | CRITICAL | 10.0 | 83.8% | 169 |
PoC
No patch
|
| CVE-2013-4811 | UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%. | CRITICAL | 10.0 | 83.5% | 169 |
PoC
No patch
|
| CVE-2013-4798 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.2%. | CRITICAL | 10.0 | 83.2% | 168 |
PoC
No patch
|
| CVE-2012-2020 | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%. | CRITICAL | 10.0 | 82.3% | 167 |
PoC
No patch
|
| CVE-2013-2333 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.2%. | CRITICAL | 10.0 | 82.2% | 167 |
PoC
No patch
|
| CVE-2014-2624 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%. | CRITICAL | 10.0 | 77.4% | 162 |
PoC
No patch
|
| CVE-2013-6194 | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.3%. | CRITICAL | 10.0 | 77.3% | 162 |
PoC
No patch
|
| CVE-2013-2347 | The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%. | CRITICAL | 10.0 | 76.8% | 162 |
PoC
No patch
|
| CVE-2012-2019 | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%. | CRITICAL | 10.0 | 75.6% | 161 |
PoC
No patch
|
| CVE-2013-2343 | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%. | CRITICAL | 10.0 | 75.6% | 161 |
PoC
No patch
|
| CVE-2013-4837 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%. | CRITICAL | 10.0 | 75.6% | 161 |
PoC
No patch
|