Vendor CVEs
Microfocus
All CVEs
2,177 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6491 | Hig | 0.53 | 8.1 | 0.01 | Apr 24, 2018 | Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. | ||
| CVE-2018-6488 | Hig | 0.53 | 8.1 | 0.02 | Feb 22, 2018 | Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. | ||
| CVE-2017-13989 | Hig | 0.53 | 8.1 | 0.01 | Sep 30, 2017 | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | ||
| CVE-2015-0839 | Hig | 0.53 | 8.1 | 0.06 | Aug 2, 2017 | The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. | ||
| CVE-2016-4390 | Hig | 0.53 | 8.1 | 0.05 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. | ||
| CVE-2016-4389 | Hig | 0.53 | 8.1 | 0.05 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | ||
| CVE-2016-4388 | Hig | 0.53 | 8.1 | 0.05 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. | ||
| CVE-2016-4387 | Hig | 0.53 | 8.1 | 0.09 | Oct 5, 2016 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. | ||
| CVE-2016-4377 | Hig | 0.53 | 8.1 | 0.07 | Aug 22, 2016 | HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP… | ||
| CVE-2016-4362 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2016-4358 | Hig | 0.53 | 8.1 | 0.01 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029. | ||
| CVE-2016-4357 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028. | ||
| CVE-2016-2030 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022. | ||
| CVE-2016-2028 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357. | ||
| CVE-2016-2022 | Hig | 0.53 | 8.1 | 0.02 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030. | ||
| CVE-2016-2021 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2020 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2019 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2017 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2016 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | ||
| CVE-2016-2014 | Hig | 0.53 | 8.1 | 0.02 | May 7, 2016 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | ||
| CVE-2016-1993 | Hig | 0.53 | 8.1 | 0.02 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2024-4690 | Hig | 0.52 | 8.0 | 0.00 | Oct 16, 2024 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | ||
| CVE-2024-8733 | Hig | 0.52 | 8.0 | 0.00 | Oct 2, 2024 | A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. | ||
| CVE-2022-38754 | Hig | 0.52 | 8.0 | 0.01 | Dec 8, 2022 | A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The… | ||
| CVE-2021-22528 | Hig | 0.52 | 8.0 | 0.01 | Sep 13, 2021 | Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | ||
| CVE-2019-18909 | Hig | 0.52 | 8.0 | 0.02 | Nov 22, 2019 | The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. | ||
| CVE-2018-5925 | Hig | 0.52 | 7.8 | 0.11 | Aug 13, 2018 | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. | ||
| CVE-2016-3092 | Hig | 0.52 | 7.5 | 0.36 | Jul 4, 2016 | The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long… | ||
| CVE-2016-4371 | Hig | 0.52 | 8.0 | 0.01 | Jun 19, 2016 | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,… | ||
| CVE-2016-1991 | Hig | 0.52 | 8.0 | 0.02 | Mar 16, 2016 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | ||
| CVE-2026-8632 | Hig | 0.51 | 7.8 | 0.01 | May 20, 2026 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection. | ||
| CVE-2026-2123 | Hig | 0.51 | 7.8 | 0.00 | Mar 31, 2026 | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting… | ||
| CVE-2025-43019 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion. | ||
| CVE-2025-43026 | Hig | 0.51 | 7.8 | 0.00 | Jun 5, 2025 | A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | ||
| CVE-2025-1697 | Hig | 0.51 | 7.8 | 0.00 | Apr 18, 2025 | A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to… | ||
| CVE-2024-9419 | Hig | 0.51 | 7.8 | 0.01 | Oct 30, 2024 | Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could… | ||
| CVE-2022-27540 | Hig | 0.51 | 7.8 | 0.00 | Jun 28, 2024 | A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential… | ||
| CVE-2023-6138 | Hig | 0.51 | 7.9 | 0.00 | Feb 14, 2024 | A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability. | ||
| CVE-2023-5739 | Hig | 0.51 | 7.8 | 0.00 | Oct 31, 2023 | Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. | ||
| CVE-2023-5671 | Hig | 0.51 | 7.8 | 0.00 | Oct 25, 2023 | HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. | ||
| CVE-2023-26300 | Hig | 0.51 | 7.8 | 0.00 | Oct 18, 2023 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability. | ||
| CVE-2022-31646 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2023 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31645 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2023 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31644 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2023 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31639 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2023 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31638 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2023 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31637 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2023 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31636 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2023 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2022-31635 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2023 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||
| CVE-2023-26294 | Hig | 0.51 | 7.8 | 0.01 | Jun 12, 2023 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. |
- risk 0.53cvss 8.1epss 0.01
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
- risk 0.53cvss 8.1epss 0.02
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
- risk 0.53cvss 8.1epss 0.01
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
- risk 0.53cvss 8.1epss 0.06
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
- risk 0.53cvss 8.1epss 0.05
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.
- risk 0.53cvss 8.1epss 0.05
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.
- risk 0.53cvss 8.1epss 0.05
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.
- risk 0.53cvss 8.1epss 0.09
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.
- risk 0.53cvss 8.1epss 0.07
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP…
- risk 0.53cvss 8.1epss 0.02
HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.53cvss 8.1epss 0.01
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
- risk 0.53cvss 8.1epss 0.02
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
- risk 0.53cvss 8.1epss 0.02
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
- risk 0.53cvss 8.1epss 0.02
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
- risk 0.53cvss 8.1epss 0.02
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.03
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
- risk 0.53cvss 8.1epss 0.02
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
- risk 0.53cvss 8.1epss 0.02
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.52cvss 8.0epss 0.00
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
- risk 0.52cvss 8.0epss 0.00
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.
- risk 0.52cvss 8.0epss 0.01
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The…
- risk 0.52cvss 8.0epss 0.01
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
- risk 0.52cvss 8.0epss 0.02
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
- risk 0.52cvss 7.8epss 0.11
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
- risk 0.52cvss 7.5epss 0.36
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long…
- risk 0.52cvss 8.0epss 0.01
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…
- risk 0.52cvss 8.0epss 0.02
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
- risk 0.51cvss 7.8epss 0.01
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
- risk 0.51cvss 7.8epss 0.00
A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting…
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to…
- risk 0.51cvss 7.8epss 0.01
Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could…
- risk 0.51cvss 7.8epss 0.00
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential…
- risk 0.51cvss 7.9epss 0.00
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.
- risk 0.51cvss 7.8epss 0.00
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.
- risk 0.51cvss 7.8epss 0.00
HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.
- risk 0.51cvss 7.8epss 0.00
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.01
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Page 8 of 44