Vendor CVEs
Microfocus
All CVEs
2,285 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4201 | 0.01 | — | 0.10 | Aug 17, 2006 | Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation. | |||
| CVE-2006-1023 | 0.01 | — | 0.07 | Mar 7, 2006 | Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. | |||
| CVE-2005-4823 | 0.01 | — | 0.12 | Dec 31, 2005 | Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2005-3670 | 0.01 | — | 0.09 | Nov 18, 2005 | Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a… | |||
| CVE-2005-1826 | 0.01 | — | 0.08 | May 3, 2005 | Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension. | |||
| CVE-2004-0993 | 0.01 | — | 0.10 | Jan 10, 2005 | Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. | |||
| CVE-2004-1332 | 0.01 | — | 0.10 | Dec 31, 2004 | Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. | |||
| CVE-2004-0112 | 0.01 | — | 0.10 | Nov 23, 2004 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake… | |||
| CVE-2004-0081 | 0.01 | — | 0.07 | Nov 23, 2004 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||
| CVE-2004-0809 | 0.01 | — | 0.15 | Sep 16, 2004 | The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | |||
| CVE-2004-0716 | 0.01 | — | 0.13 | Aug 6, 2004 | Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data. | |||
| CVE-2004-0368 | 0.01 | — | 0.11 | May 4, 2004 | Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet. | |||
| CVE-2004-1082 | 0.01 | — | 0.08 | Feb 3, 2004 | mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||
| CVE-2003-0028 | 0.01 | — | 0.15 | Mar 25, 2003 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in… | |||
| CVE-2002-0836 | 0.01 | — | 0.08 | Oct 28, 2002 | dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||
| CVE-2002-0835 | 0.01 | — | 0.07 | Oct 4, 2002 | Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. | |||
| CVE-2002-1604 | 0.01 | — | 0.15 | Sep 2, 2002 | Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver. | |||
| CVE-2002-0677 | 0.01 | — | 0.07 | Jul 23, 2002 | CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. | |||
| CVE-2002-0678 | 0.01 | — | 0.09 | Jul 23, 2002 | CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | |||
| CVE-2001-0817 | 0.01 | — | 0.10 | Dec 6, 2001 | Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. | |||
| CVE-1999-0057 | 0.01 | — | 0.08 | Nov 16, 1998 | Vacation program allows command execution by remote users through a sendmail command. | |||
| CVE-1999-0333 | 0.01 | — | 0.06 | Aug 1, 1998 | HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. | |||
| CVE-1999-0007 | 0.01 | — | 0.08 | Jun 26, 1998 | Information from SSL-encrypted sessions via PKCS #1. | |||
| CVE-1999-0104 | 0.01 | — | 0.09 | Dec 16, 1997 | A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. | |||
| CVE-2026-7539 | 0.00 | — | 0.00 | Jun 24, 2026 | A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability. | |||
| CVE-2026-11878 | 0.00 | — | 0.00 | Jun 24, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2. | |||
| CVE-2025-41368 | 0.00 | — | 0.01 | Mar 26, 2026 | Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured… | |||
| CVE-2026-2915 | 0.00 | — | 0.00 | Mar 3, 2026 | HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | |||
| CVE-2026-1997 | 0.00 | — | 0.00 | Feb 10, 2026 | Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an… | |||
| CVE-2026-1996 | 0.00 | — | 0.00 | Feb 10, 2026 | Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | |||
| CVE-2025-34395 | 0.00 | — | 0.01 | Dec 10, 2025 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to… | |||
| CVE-2025-34394 | 0.00 | — | 0.01 | Dec 10, 2025 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution. | |||
| CVE-2025-34393 | 0.00 | — | 0.01 | Dec 10, 2025 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary… | |||
| CVE-2025-34392 | 0.00 | — | 0.22 | Dec 10, 2025 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell… | |||
| CVE-2025-11531 | 0.00 | — | 0.00 | Dec 9, 2025 | HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0. | |||
| CVE-2025-40312 | 0.00 | — | 0.00 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does. | |||
| CVE-2025-13492 | 0.00 | — | 0.00 | Dec 3, 2025 | A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages. | |||
| CVE-2025-12785 | 0.00 | — | 0.00 | Nov 13, 2025 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | |||
| CVE-2025-12784 | 0.00 | — | 0.00 | Nov 13, 2025 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | |||
| CVE-2025-11761 | 0.00 | — | 0.00 | Nov 3, 2025 | A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability. | |||
| CVE-2025-43017 | 0.00 | — | 0.00 | Oct 28, 2025 | HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. | |||
| CVE-2025-10578 | 0.00 | — | 0.00 | Oct 1, 2025 | A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | |||
| CVE-2023-53485 | 0.00 | — | 0.00 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type… | |||
| CVE-2023-53457 | 0.00 | — | 0.00 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved… | |||
| CVE-2025-10568 | 0.00 | — | 0.00 | Sep 19, 2025 | HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability. | |||
| CVE-2025-43018 | 0.00 | — | 0.00 | Jul 30, 2025 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | |||
| CVE-2025-43023 | 0.00 | — | 0.00 | Jul 28, 2025 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). | |||
| CVE-2025-3508 | 0.00 | — | 0.01 | Jul 25, 2025 | Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | |||
| CVE-2025-43488 | 0.00 | — | 0.00 | Jul 22, 2025 | A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update. | |||
| CVE-2025-43487 | 0.00 | — | 0.00 | Jul 22, 2025 | A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update. |
- CVE-2006-4201Aug 17, 2006risk 0.01cvss —epss 0.10
Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation.
- CVE-2006-1023Mar 7, 2006risk 0.01cvss —epss 0.07
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
- CVE-2005-4823Dec 31, 2005risk 0.01cvss —epss 0.12
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2005-3670Nov 18, 2005risk 0.01cvss —epss 0.09
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a…
- CVE-2005-1826May 3, 2005risk 0.01cvss —epss 0.08
Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.
- CVE-2004-0993Jan 10, 2005risk 0.01cvss —epss 0.10
Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
- CVE-2004-1332Dec 31, 2004risk 0.01cvss —epss 0.10
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
- CVE-2004-0112Nov 23, 2004risk 0.01cvss —epss 0.10
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…
- CVE-2004-0081Nov 23, 2004risk 0.01cvss —epss 0.07
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
- CVE-2004-0809Sep 16, 2004risk 0.01cvss —epss 0.15
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
- CVE-2004-0716Aug 6, 2004risk 0.01cvss —epss 0.13
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
- CVE-2004-0368May 4, 2004risk 0.01cvss —epss 0.11
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
- CVE-2004-1082Feb 3, 2004risk 0.01cvss —epss 0.08
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
- CVE-2003-0028Mar 25, 2003risk 0.01cvss —epss 0.15
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…
- CVE-2002-0836Oct 28, 2002risk 0.01cvss —epss 0.08
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
- CVE-2002-0835Oct 4, 2002risk 0.01cvss —epss 0.07
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
- CVE-2002-1604Sep 2, 2002risk 0.01cvss —epss 0.15
Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
- CVE-2002-0677Jul 23, 2002risk 0.01cvss —epss 0.07
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
- CVE-2002-0678Jul 23, 2002risk 0.01cvss —epss 0.09
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
- CVE-2001-0817Dec 6, 2001risk 0.01cvss —epss 0.10
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
- CVE-1999-0057Nov 16, 1998risk 0.01cvss —epss 0.08
Vacation program allows command execution by remote users through a sendmail command.
- CVE-1999-0333Aug 1, 1998risk 0.01cvss —epss 0.06
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
- CVE-1999-0007Jun 26, 1998risk 0.01cvss —epss 0.08
Information from SSL-encrypted sessions via PKCS #1.
- CVE-1999-0104Dec 16, 1997risk 0.01cvss —epss 0.09
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
- CVE-2026-7539Jun 24, 2026risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability.
- CVE-2026-11878Jun 24, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2.
- CVE-2025-41368Mar 26, 2026risk 0.00cvss —epss 0.01
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured…
- CVE-2026-2915Mar 3, 2026risk 0.00cvss —epss 0.00
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.
- CVE-2026-1997Feb 10, 2026risk 0.00cvss —epss 0.00
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an…
- CVE-2026-1996Feb 10, 2026risk 0.00cvss —epss 0.00
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.
- CVE-2025-34395Dec 10, 2025risk 0.00cvss —epss 0.01
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to…
- CVE-2025-34394Dec 10, 2025risk 0.00cvss —epss 0.01
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.
- CVE-2025-34393Dec 10, 2025risk 0.00cvss —epss 0.01
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary…
- CVE-2025-34392Dec 10, 2025risk 0.00cvss —epss 0.22
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell…
- CVE-2025-11531Dec 9, 2025risk 0.00cvss —epss 0.00
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0.
- CVE-2025-40312Dec 8, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does.
- CVE-2025-13492Dec 3, 2025risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages.
- CVE-2025-12785Nov 13, 2025risk 0.00cvss —epss 0.00
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
- CVE-2025-12784Nov 13, 2025risk 0.00cvss —epss 0.00
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
- CVE-2025-11761Nov 3, 2025risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
- CVE-2025-43017Oct 28, 2025risk 0.00cvss —epss 0.00
HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.
- CVE-2025-10578Oct 1, 2025risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
- CVE-2023-53485Oct 1, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type…
- CVE-2023-53457Oct 1, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved…
- CVE-2025-10568Sep 19, 2025risk 0.00cvss —epss 0.00
HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability.
- CVE-2025-43018Jul 30, 2025risk 0.00cvss —epss 0.00
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.
- CVE-2025-43023Jul 28, 2025risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
- CVE-2025-3508Jul 25, 2025risk 0.00cvss —epss 0.01
Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.
- CVE-2025-43488Jul 22, 2025risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.
- CVE-2025-43487Jul 22, 2025risk 0.00cvss —epss 0.00
A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.
Page 27 of 46