MidnightBSD

Advisories for hp

CVE-1999-0003 HIGH

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.1
sun sunos 5.0
sgi irix 6.2
hp hp-ux 10.02
ibm aix 4.1.1
sgi irix 5.3
sgi irix 6.0
hp hp-ux 10.03
sun sunos 5.5.1
ibm aix 4.1.5
sgi irix 6.1
sun sunos 5.4
sun sunos 4.1.3
ibm aix 4.2.1
ibm aix 4.2
sun solaris 2.6
tritreal ted_cde 4.3
hp hp-ux 10.01
sun sunos -
ibm aix 4.1.4
sun sunos 5.5
sgi irix 6.4
ibm aix 4.1.2
sgi irix 5.2
ibm aix 4.1
sgi irix 6.3
ibm aix 4.1.3
ibm aix 4.3
sun sunos 5.3
hp hp-ux 11.00
sun sunos 5.2
CVE-1999-0004 MEDIUM

MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_washington pine 4.02
sco unixware 7.0
hp dtmail *
CVE-1999-0007 MEDIUM

Information from SSL-encrypted sessions via PKCS #1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
netscape enterprise_server 3.0.1b
ssleay ssleay 0.8.1
netscape messaging_server 3.54
ssleay ssleay 0.9
microsoft exchange_server 5.5
netscape directory_server 3.1
netscape fasttrack_server 3.01b
ssleay ssleay 0.6.6
c2net stonghold_web_server 2.2
microsoft internet_information_server 3.0
c2net stonghold_web_server 2.3
netscape collabra_server 3.5.2
netscape enterprise_server 3.5.1
microsoft internet_information_server 4.0
hp open_market_secure_webserver 2.1
netscape enterprise_server 2.0
netscape proxy_server 3.5.1
netscape certificate_server 1.0
netscape directory_server 1.3
microsoft site_server 3.0
c2net stonghold_web_server 2.0.1
netscape directory_server 3.12
CVE-1999-0008 HIGH

Buffer overflow in NIS+, in Sun's rpc.nisd program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.5.1
sun sunos 5.5
sun sunos 5.3
sun sunos 5.4
hp hp-ux 10.34
hp hp-ux 11.00
sun solaris 2.6
CVE-1999-0014 HIGH

Unauthorized privileged access or denial of service via dtappgather program in CDE.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cde cde 1.01
cde cde 1.01_x86
hp vvos 10.24
hp hp-ux 10.10
cde cde 1.02
ibm aix 4.1
cde cde 1.2
ibm aix 4.3
hp hp-ux 11.00
cde cde 1.2_x86
ibm aix 4.2
hp hp-ux 10.20
cde cde 1.02_x86
CVE-1999-0015 MEDIUM

Teardrop IP denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 9.05
hp hp-ux 10.24
hp hp-ux 10.16
hp hp-ux 9.00
hp hp-ux 10.30
hp hp-ux 10
netbsd netbsd 1.2
hp hp-ux 9.04
hp hp-ux 9.07
hp hp-ux 9.01
netbsd netbsd 1.0
netbsd netbsd 1.2.1
microsoft windows_nt 4.0
sun sunos 4.1.3u1
sun sunos 4.1.4
microsoft windows_95 0.0a
microsoft windows_nt 3.5.1
netbsd netbsd 1.1
hp hp-ux 9.03
hp hp-ux 11.00
hp hp-ux 10.20
CVE-1999-0016 MEDIUM

Land IP denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 9.05
hp hp-ux 10.24
hp hp-ux 10.16
hp hp-ux 9.00
hp hp-ux 10.30
cisco ios 7000
hp hp-ux 9.04
hp hp-ux 9.07
hp hp-ux 9.01
netbsd netbsd 1.0
microsoft winsock 2.0
hp hp-ux 10.10
microsoft windows_95 *
microsoft windows_nt 4.0
gnu inet 5.01
sun sunos 4.1.3u1
sun sunos 4.1.4
netbsd netbsd 1.1
hp hp-ux 9.03
hp hp-ux 11.00
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-0022 HIGH

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-125,

Products Affected

Vendor Product Version
sun sunos 5.1
sun sunos 5.0
sgi irix 6.2
sgi irix 5.0
ibm aix 4.1.1
sgi irix 5.1
sgi irix 5.3
sgi irix 6.0
sgi irix 5.1.1
freebsd freebsd 2.0.5
bsdi bsd_os 1.1
ibm aix 3.2
ibm aix 4.1.5
sgi irix 5.0.1
sun sunos 4.1.1
sgi irix 6.1
sun solaris 4.1.3
sun sunos 4.1.3u1
sun sunos 5.4
ibm aix 3.2.5
ibm aix 4.2
sun sunos 4.1.2
freebsd freebsd 2.1.0
ibm aix 4.1.4
sgi irix 6.4
ibm aix 4.1.2
sgi irix 6.0.1
sgi irix 5.2
ibm aix 4.1
ibm aix 3.1
freebsd freebsd 2.0
sgi irix 6.3
ibm aix 4.1.3
sun sunos 5.3
sun sunos 5.2
ibm aix 3.2.4
hp hp-ux 10.00
CVE-1999-0038 HIGH

Buffer overflow in xlock program allows local users to execute commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-120,

Products Affected

Vendor Product Version
hp hp-ux 10.16
hp hp-ux 10.30
sun solaris 2.4
sgi irix 5.0
sgi irix 5.1
sgi irix 5.3
hp hp-ux 10.08
sgi irix 6.0
data_general dg_ux 6.0
sgi irix 5.1.1
ibm aix 3.2
data_general dg_ux 7.0
sun sunos 5.5.1
hp hp-ux 10.10
data_general dg_ux 2.0
sgi irix 5.0.1
sgi irix 6.1
data_general dg_ux 4.0
sun sunos 5.4
data_general dg_ux 1.0
data_general dg_ux 3.0
ibm aix 4.2
hp hp-ux 10.20
hp hp-ux 10.01
hp hp-ux 10.24
debian debian_linux 1.3
data_general dg_ux 5.0
sun sunos 5.5
bsdi bsd_os 2.1
sgi irix 6.4
hp hp-ux 10.34
sgi irix 6.0.1
sun solaris 2.5
sgi irix 5.2
ibm aix 4.1
debian debian_linux 0.93
debian debian_linux 1.2
sgi irix 6.3
sun sunos 5.3
sun solaris 2.5.1
debian debian_linux 1.1
hp hp-ux 10.00
CVE-1999-0040 HIGH

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.2
nec up-ux_v 4.2mp
hp hp-ux 10.16
hp hp-ux 9.00
hp hp-ux 10.30
sun solaris 2.4
sgi irix 5.0
sgi irix 5.3
hp hp-ux 10.08
sgi irix 6.0
bsdi bsd_os 2.0.1
ibm aix 3.2
sun sunos 5.5.1
hp hp-ux 10.10
sgi irix 6.1
freebsd freebsd 1.1.5.1
sun sunos 4.1.3u1
sun sunos 4.1.4
sun sunos 5.4
sun sunos 4.1.3
ibm aix 4.2
hp hp-ux 10.20
hp hp-ux 10.01
nec ews-ux_v 4.2mp
hp hp-ux 10.24
hp hp-ux 10.09
sun sunos 5.5
bsdi bsd_os 2.1
sgi irix 6.4
hp hp-ux 10.34
hp hp-ux 9.01
bsdi bsd_os 2.0
sun solaris 2.5
ibm aix 4.1
sgi irix 4.0
freebsd freebsd 2.0
sgi irix 6.3
nec ews-ux_v 4.2
hp hp-ux 9.10
sun sunos 5.3
sun solaris 2.5.1
nec asl_ux_4800 64
hp hp-ux 10.00
CVE-1999-0046 HIGH

Buffer overflow of rlogin program using TERM environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp hp-ux 10.16
oracle solaris 7.0
sun solaris 2.4
ibm aix 4.1.1
next nextstep -
bsdi bsd_os 2.0.1
freebsd freebsd 2.0.5
digital ultrix 4.2
next nextstep 3.3
next nextstep 4.0
freebsd freebsd 1.1.5.1
sun sunos 4.1.3u1
data_general dg_ux 4.0
sun sunos 5.4
netbsd netbsd 1.1
data_general dg_ux 1.0
hp hp-ux 10.20
digital unix 3.2g
hp hp-ux 10.01
next nextstep 3.1
ibm aix 4.1.4
freebsd freebsd 2.1.5
bsdi bsd_os 2.1
digital unix 4.0a
debian debian_linux 0.93
freebsd freebsd 2.0
ibm aix 4.1.3
sun solaris 2.5.1
next nextstep 2.0
oracle solaris 8
digital ultrix 4.3
hp hp-ux 10.30
next nextstep 1.0a
digital ultrix 4.1
hp hp-ux 10.08
bsdi bsd_os 1.1
ibm aix 3.2
digital ultrix 4.3a
sun sunos 5.5.1
next nextstep 3.0
ibm aix 4.1.5
hp hp-ux 10.10
data_general dg_ux 2.0
digital unix 4.0b
sun sunos 4.1.4
data_general dg_ux 3.0
next nextstep 3.2
hp hp-ux 10.24
digital ultrix 2.2
freebsd freebsd 2.1.0
next nextstep 2.1
hp hp-ux 10.09
next nextstep 1.0
sun sunos 5.5
oracle solaris 2.6
hp hp-ux 10.34
ibm aix 4.1.2
digital ultrix 4.4
netbsd netbsd 1.0
bsdi bsd_os 2.0
sun solaris 2.5
digital ultrix 4.5
oracle solaris -
digital ultrix 4.0
digital ultrix -
ibm aix 4.1
sun sunos 5.3
digital ultrix 3.0
digital unix 4.0
hp hp-ux 10.00
CVE-1999-0050 HIGH

Buffer overflow in HP-UX newgrp program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 9.05
hp hp-ux 9.00
hp hp-ux 9.09
hp hp-ux 9.04
hp hp-ux 9.07
hp hp-ux 9.01
hp hp-ux 10.10
hp hp-ux 9.06
hp hp-ux 9.10
hp hp-ux 9.08
hp hp-ux 9.03
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-0057 HIGH

Vacation program allows command execution by remote users through a sendmail command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
freebsd freebsd 6.2
hp hp-ux 10.24
sun sunos *
ibm aix *
hp hp-ux 10.09
hp vvos *
eric_allman vacation *
sun solaris *
hp hp-ux 10.00
CVE-1999-0078 LOW

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
next nextstep *
ncr mp-ras 3.0
sco unixware 2.1
bsdi bsd_os *
sgi irix 5.3
sun sunos 5.5
ncr mp-ras 2.03
ibm aix 3.2
ncr mp-ras 3.01
nec up-ux_v *
freebsd freebsd 6.2
ibm aix 4.1
sun sunos 4.1
sco openserver 5
hp hp-ux *
sun sunos 5.4
ibm aix 4.2
CVE-1999-0097 HIGH

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.16
hp hp-ux 9.00
sun solaris 2.4
ibm aix 4.1.1
hp hp-ux 9.09
hp hp-ux 9.04
ibm aix 3.2
sun sunos 5.5.1
ibm aix 4.1.5
hp hp-ux 10.10
sun sunos 4.1.3u1
sun sunos 4.1.4
sun sunos 4.1.3c
sun sunos 5.4
ibm aix 3.2.5
hp hp-ux 9.03
ibm aix 4.2.1
ibm aix 4.2
hp hp-ux 10.20
sun solaris 2.6
hp hp-ux 9.05
hp hp-ux 10.24
sun sunos -
ibm aix 4.1.4
sun sunos 5.5
hp hp-ux 9.07
ibm aix 4.1.2
hp hp-ux 9.01
sun solaris 2.5
ibm aix 4.1
hp hp-ux 9.06
ibm aix 4.1.3
hp hp-ux 9.10
sun sunos 5.3
sun solaris 2.5.1
hp hp-ux 9.08
hp hp-ux 11.00
ibm aix 3.2.4
hp hp-ux 10.00
CVE-1999-0104 MEDIUM

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_95 0a
microsoft windows_nt 4.0
hp hp-ux *
sun sunos 4.1.3u1
sun sunos 4.1.4
caldera openlinux 2.0
CVE-1999-0127 HIGH

swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-1999-0129 MEDIUM

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.8.2
hp hp-ux 10.16
sun solaris 2.4
eric_allman sendmail 8.8.3
ibm aix 3.2
eric_allman sendmail 8.8.1
sco openserver 5.0.2
sun sunos 5.5.1
hp hp-ux 10.10
sco openserver 5.0
freebsd freebsd 2.1.6
eric_allman sendmail 8.8
sun sunos 4.1.3u1
sun sunos 4.1.4
sun sunos 5.4
sco internet_faststart 1.0
ibm aix 4.2
hp hp-ux 10.20
sco internet_faststart 1.1
hp hp-ux 10.01
freebsd freebsd 2.1.5
sun sunos 5.5
bsdi bsd_os 2.1
sun solaris 2.5
ibm aix 4.1
freebsd freebsd 2.1.6.1
sun sunos 5.3
sun solaris 2.5.1
hp hp-ux 10.00
CVE-1999-0130 HIGH

Local users can start Sendmail in daemon mode and gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 4.0
eric_allman sendmail 8.8.2
hp hp-ux 10.01
caldera network_desktop 1.0
eric_allman sendmail 8.7
freebsd freebsd 2.1.5
bsdi bsd_os 2.1
eric_allman sendmail 8.8.1
hp hp-ux 10.10
freebsd freebsd 2.1.6
eric_allman sendmail 8.8
ibm aix 4.2
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-0131 HIGH

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.6
eric_allman sendmail 8.7.5
hp hp-ux 10.01
eric_allman sendmail 8.7.3
freebsd freebsd 2.1.5
eric_allman sendmail 8.7.1
bsdi bsd_os 2.1
digital osf_1 1.3.2
ibm aix 3.2
redhat linux 3.0.3
eric_allman sendmail 8.7.2
sco openserver 5.0.2
hp hp-ux 10.10
ibm aix 4.1
sco openserver 5.0
eric_allman sendmail 8.7.4
sco internet_faststart 1.0
ibm aix 4.2
hp hp-ux 10.20
CVE-1999-0132 LOW

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
sun sunos 5.1
sun sunos 5.0
sun sunos 4.1.2
sun solaris 2.4
hp hp-ux 10
sun sunos 4.1.1
sun sunos 4.1.3u1
sun sunos 4.1.3c
sun sunos 5.3
sun sunos 5.4
sun sunos 4.1.3
sun sunos 5.2
CVE-1999-0138 HIGH

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nec asl_ux_4800 *
hp hp-ux 9
nec ews-ux_v 4.2mp
hp hp-ux 8
linux linux_kernel 2.0
nec up-ux_v 4.2mp
freebsd freebsd 2.1.0
hp hp-ux 10
linux linux_kernel 1.2.0
freebsd freebsd 2.0.5
apple a_ux 3.1.1
ibm aix 4
digital osf_1 1.3
freebsd freebsd 2.0
nec ews-ux_v 4.2
ibm aix 3.2.5
CVE-1999-0216 MEDIUM

Denial of service of inetd on Linux through SYN and RST packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
hp hp-ux 10
gnu inet 5.01
CVE-1999-0246 HIGH

HP Remote Watch allows a remote user to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-1999-0306 HIGH

buffer overflow in HP xlock program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp vvos 10.24
CVE-1999-0307 HIGH

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9.00
hp hp-ux 10.00
CVE-1999-0308 MEDIUM

HP-UX gwind program allows users to modify arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 8
CVE-1999-0309 HIGH

HP-UX vgdisplay program gives root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.10
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-0311 HIGH

fpkg2swpk in HP-UX allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
CVE-1999-0312 MEDIUM

HP ypbind allows attackers with root privileges to modify NIS data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-1999-0318 HIGH

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
sun sunos 5.8
sun sunos 5.5.1
sun sunos 5.7
ibm aix 4
hp hp-ux 11
sun solaris 2.6
CVE-1999-0324 HIGH

ppl program in HP-UX allows local users to create root files through symlinks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-0325 HIGH

vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 8
CVE-1999-0326 MEDIUM

Vulnerability in HP-UX mediainit program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 10.30
hp hp-ux 10.20
CVE-1999-0333 HIGH

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-1999-0336 HIGH

Buffer overflow in mstm in HP-UX allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
CVE-1999-0353 HIGH

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.00
hp hp-ux 10.20
CVE-1999-0423 MEDIUM

Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-1999-0432 MEDIUM

ftp on HP-UX 11.00 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-1999-0435 HIGH

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 11.00
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-0436 MEDIUM

Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp desms *
hp hp-ux 11.00
hp hp-ux 10.20
CVE-1999-0447 MEDIUM

Local users can gain privileges using the debug utility in the MPE/iX operating system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe_ix *
CVE-1999-0479 MEDIUM

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
netscape enterprise_server 3.6
CVE-1999-0502 HIGH

A Unix account has a default, null, blank, or missing password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
sun sunos 5.8
sun sunos 5.5.1
sun sunos 5.7
hp hp-ux 10.20
hp hp-ux 11
sun solaris 2.6
CVE-1999-0513 MEDIUM

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.0
sun solaris 2.4
netbsd netbsd 1.2
freebsd freebsd 2.2.2
freebsd freebsd 2.0.5
ibm aix 3.2
linux linux_kernel 2.1
sun sunos 5.5.1
digital unix 4.0d
freebsd freebsd 2.1.6
digital unix 4.0b
freebsd freebsd 1.1.5.1
sun sunos 5.4
ibm aix 3.2.5
hp hp-ux 10.20
sun solaris 2.6
digital unix 4.0c
digital unix 3.2g
sun sunos -
freebsd freebsd 2.1.0
freebsd freebsd 2.2.3
freebsd freebsd 2.1.5
sun sunos 5.5
sun solaris 2.5
digital unix 4.0a
ibm aix 3.1
freebsd freebsd 2.2.4
sun solaris 2.5.1
hp hp-ux 11.00
freebsd freebsd 2.1.7.1
digital unix 4.0
ibm aix 3.2.4
CVE-1999-0517 HIGH

An SNMP community name is the default (e.g. public), null, or missing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-200,

Products Affected

Vendor Product Version
sun sunos 5.0
hp hp-ux 10
hp hp-ux 11.00
CVE-1999-0524 LOW

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,NVD-CWE-noinfo,CWE-200,

Products Affected

Vendor Product Version
linux linux_kernel -
hp tru64 -
sgi irix -
apple mac_os_x -
ibm aix -
apple macos -
oracle solaris -
cisco ios -
sco sco_unix -
novell netware -
ibm os2 -
microsoft windows -
windriver bsdos -
hp hp-ux -
CVE-1999-0551 MEDIUM

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openmail 5.10
hp openmail 4.1
hp openmail 5.1
CVE-1999-0684 MEDIUM

Denial of service in Sendmail 8.8.6 in HPUX.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp sendmail 8.8.6
CVE-1999-0686 MEDIUM

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape enterprise_server *
hp hp-ux 10.24
CVE-1999-0688 MEDIUM

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
hp hp-ux 11.00
CVE-1999-0690 HIGH

HP CDE program includes the current directory in root's PATH variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
cde cde *
CVE-1999-0693 HIGH

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco unixware 7
hp hp-ux 10
ibm aix 4
hp hp-ux 11
CVE-1999-0696 HIGH

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.5.1
hp hp-ux 10.24
sun sunos 5.5
sun sunos 5.3
sun sunos 5.4
sun sunos 4.1.3
hp hp-ux 11.00
sun solaris 2.6
CVE-1999-0707 HIGH

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp visualize_conference_ftp *
hp hp-ux 10.20
CVE-1999-0779 MEDIUM

Denial of service in HP-UX SharedX recserv program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.00
hp hp-ux 10.20
CVE-1999-0829 MEDIUM

HP Secure Web Console uses weak encryption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp secure_web_console *
CVE-1999-0961 MEDIUM

HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9.05
hp hp-ux 9.04
CVE-1999-0962 HIGH

Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10
CVE-1999-0992 HIGH

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp vvos *
CVE-1999-1061 HIGH

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect *
CVE-1999-1062 HIGH

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect *
CVE-1999-1088 HIGH

Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux *
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-1089 HIGH

Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10
hp hp-ux *
CVE-1999-1115 HIGH

Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp apollo_domain_os *
hp apollo_domain_os sr10.2
CVE-1999-1133 MEDIUM

HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10
CVE-1999-1134 HIGH

Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
CVE-1999-1135 HIGH

Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
CVE-1999-1136 MEDIUM

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp mpe_ix 5.0
hp mpe_ix *
hp hp-ux *
CVE-1999-1139 HIGH

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-1999-1144 HIGH

Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 10.00
hp hp-ux 10.20
CVE-1999-1145 HIGH

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux *
CVE-1999-1146 HIGH

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 8
hp hp-ux *
CVE-1999-1160 HIGH

Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 10
CVE-1999-1161 HIGH

Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux *
CVE-1999-1163 HIGH

Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp 9000 800
CVE-1999-1205 LOW

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.00
CVE-1999-1213 MEDIUM

Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.30
CVE-1999-1238 MEDIUM

Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp hp-ux 8
hp hp-ux *
CVE-1999-1239 MEDIUM

HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
CVE-1999-1242 MEDIUM

Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9.00
hp hp-ux 9.01
CVE-1999-1247 HIGH

Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
CVE-1999-1248 MEDIUM

Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 8.00
hp hp-ux *
hp hp-ux 8.06
hp hp-ux 8.02
CVE-1999-1249 MEDIUM

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.20
CVE-1999-1251 LOW

Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.10
hp hp-ux 10.20
CVE-1999-1308 MEDIUM

Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.20
CVE-1999-1311 MEDIUM

Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.10
hp hp-ux 10.20
CVE-1999-1324 HIGH

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,

Products Affected

Vendor Product Version
dec dec_openvms_vax 5.3
hp openvms_vax *
dec dec_openvms_vax 5.5.2
CVE-1999-1408 LOW

Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 9.05
ibm aix 4.1.5
ibm aix 4.1
ibm aix 4.1.1
ibm aix 4.1.3
ibm aix 4.1.4
ibm aix 4.1.2
hp hp-ux 10.20
CVE-1999-1433 HIGH

HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetadmin rev._d.01.09
CVE-1999-1493 HIGH

Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp apollo_domain_os *
CVE-1999-1573 HIGH

Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 10.30
hp hp-ux 11.00
hp hp-ux 10.00
hp hp-ux 10.20
CVE-2000-0005 HIGH

HP-UX aserver program allows local users to gain privileges via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 7.06
hp hp-ux 7.08
hp hp-ux 10.16
hp hp-ux 8.04
hp hp-ux 9.00
hp hp-ux 10.30
hp hp-ux 7.04
hp hp-ux 9.09
hp hp-ux 9.04
hp hp-ux 10.08
hp hp-ux 10.10
hp hp-ux 8.09
hp hp-ux 8.01
hp hp-ux 8.06
hp hp-ux 9.03
hp hp-ux 8.02
hp hp-ux 10.20
hp hp-ux 8.05
hp hp-ux 10.01
hp hp-ux 9.05
hp hp-ux 10.24
hp hp-ux 7.02
hp aserver *
hp hp-ux 10.09
hp hp-ux 9.07
hp hp-ux 10.34
hp hp-ux 8.08
hp hp-ux 9.01
hp hp-ux 7.00
hp 9000 7_800
hp hp-ux 9.06
hp hp-ux 8.00
hp hp-ux 9.10
hp hp-ux 8.07
hp hp-ux 9.08
hp hp-ux 11.00
hp hp-ux 10.00
CVE-2000-0077 HIGH

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
hp hp-ux 11
CVE-2000-0078 HIGH

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
hp hp-ux 11
CVE-2000-0083 MEDIUM

HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
hp hp-ux 11
CVE-2000-0095 MEDIUM

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.30
hp hp-ux 11.00
CVE-2000-0159 HIGH

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2000-0179 MEDIUM

HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_omniback_ii 3.0
hp openview_omniback_ii 3.1
hp openview_omniback_ii 2.55
CVE-2000-0251 MEDIUM

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp vvos 3.50
hp hp-ux 11.4
CVE-2000-0414 MEDIUM

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.10
hp vvos 10.24
hp hp-ux 11.00
hp hp-ux 10.20
hp vvos 11.04
CVE-2000-0443 HIGH

The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetadmin 6.0
CVE-2000-0444 MEDIUM

HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetadmin 6.0
CVE-2000-0468 MEDIUM

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2000-0515 HIGH

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2000-0558 HIGH

Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.1
CVE-2000-0573 HIGH

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2000-0616 MEDIUM

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe_ix 4.5
hp mpe_ix 5.0
hp mpe_ix 6.5
hp mpe_ix 5.5
hp mpe_ix 6.0
CVE-2000-0636 MEDIUM

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect j3111a_rev._g.07.02
hp jetdirect rev._g.08.20
hp jetdirect j3111a_rev._g.08.03
hp jetdirect j3111a_rev._g.07.03
hp jetdirect rev._h.08.05
hp jetdirect rev._h.08.20
hp jetdirect rev._g.08.04
hp jetdirect j3111a_rev._a.08.06
hp jetdirect j3111a_rev._g.07.17
hp jetdirect j3111a_rev._g.05.35
CVE-2000-0699 HIGH

Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2000-0702 HIGH

The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2000-0730 MEDIUM

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2000-0754 LOW

Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.1
CVE-2000-0755 MEDIUM

Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.1
CVE-2000-0801 HIGH

Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2000-0965 MEDIUM

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp vvos 10.24
hp vvos 11.04
CVE-2000-0966 MEDIUM

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
hp hp-ux 10.00
CVE-2000-0972 LOW

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2000-1028 HIGH

Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9.05
hp hp-ux 9.06
hp hp-ux 9.00
hp hp-ux 9.10
hp hp-ux 9.09
hp hp-ux 9.04
hp hp-ux 9.07
hp hp-ux 9.08
hp hp-ux 11.00
hp hp-ux 9.01
hp hp-ux 10.20
CVE-2000-1031 MEDIUM

Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
hp tru64 5.1
hp hp-ux 10.10
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 10.20
CVE-2000-1057 MEDIUM

Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 4.11
hp openview_network_node_manager 5.01
hp openview_network_node_manager 6.1
CVE-2000-1058 MEDIUM

Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 4.11
hp openview_network_node_manager 5.01
hp openview_network_node_manager 6.1
CVE-2000-1062 MEDIUM

Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect x.08.04
hp jetdirect x.08.05
hp jetdirect x.08.20
CVE-2000-1063 MEDIUM

Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect x.08.04
hp jetdirect x.08.05
hp jetdirect x.08.20
CVE-2000-1064 MEDIUM

Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect x.08.04
hp jetdirect x.08.05
hp jetdirect x.08.20
CVE-2000-1065 MEDIUM

Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect x.08.04
hp jetdirect x.08.05
hp jetdirect x.08.20
CVE-2000-1126 HIGH

Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.10
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 10.20
CVE-2000-1127 LOW

registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.20
CVE-2000-1134 HIGH

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_edesktop 2.4
conectiva linux 4.2
conectiva linux 5.0
mandrakesoft mandrake_linux 6.0
caldera openlinux *
suse suse_linux 7.0
redhat linux 6.2
conectiva linux 5.1
redhat linux 6.0
redhat linux 5.2
hp hp-ux 11.11
conectiva linux 4.1
mandrakesoft mandrake_linux 7.0
redhat linux 6.1
redhat linux 6.2e
mandrakesoft mandrake_linux 7.2
immunix immunix 6.2
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 6.1
caldera openlinux_eserver 2.3
conectiva linux 4.0
conectiva linux 4.0es
CVE-2001-0079 LOW

Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp support_tools_manager a.22.00
CVE-2001-0085 HIGH

Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-0105 LOW

Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10
hp hp-ux 11
CVE-2001-0106 MEDIUM

Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-2001-0219 LOW

Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-0248 HIGH

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-131,

Products Affected

Vendor Product Version
sgi irix 6.5.2
sgi irix 6.5.1
sgi irix 6.5
hp hp-ux 11.00
CVE-2001-0249 HIGH

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-131,

Products Affected

Vendor Product Version
oracle solaris 8
sgi irix *
hp hp-ux 11.00
CVE-2001-0266 HIGH

Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-2001-0267 HIGH

NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe_ix 5.5
CVE-2001-0278 MEDIUM

Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe_ix *
CVE-2001-0311 MEDIUM

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
hp omniback_ii a.03.50
CVE-2001-0379 MEDIUM

Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2001-0488 LOW

pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 10.26
hp hp-ux 10.20
CVE-2001-0551 HIGH

Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-0552 HIGH

ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 5.01
ibm tivoli_netview 6.0
ibm tivoli_netview 5.0
hp openview_network_node_manager 6.1
CVE-2001-0606 MEDIUM

Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun iplanet_web_server 4.1
hp virtualvault 4.0
CVE-2001-0607 MEDIUM

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux *
CVE-2001-0608 HIGH

HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe *
CVE-2001-0629 HIGH

HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.1
CVE-2001-0668 HIGH

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-0772 MEDIUM

Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.10
hp hp-ux *
CVE-2001-0797 HIGH

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.1
sun sunos 5.0
hp hp-ux 11.0.4
sun solaris 2.4
sco openserver 5.0.3
sgi irix 3.3
sun sunos 5.7
sgi irix 3.3.3
sco openserver 5.0.2
sun sunos 5.5.1
sco openserver 5.0.6
hp hp-ux 10.10
sco openserver 5.0
sgi irix 3.3.1
sun sunos 5.4
sco openserver 5.0.4
sco openserver 5.0.1
hp hp-ux 10.20
sun solaris 2.6
sco openserver 5.0.6a
ibm aix 5.1
hp hp-ux 10.01
hp hp-ux 10.24
sco openserver 5.0.5
sun sunos -
sgi irix 3.3.2
sun sunos 5.5
ibm aix 4.3.3
sun sunos 5.8
sun solaris 2.5
ibm aix 4.3.1
ibm aix 4.3.2
hp hp-ux 11.11
sun solaris 7.0
sun solaris 8.0
ibm aix 4.3
sun sunos 5.3
sun solaris 2.5.1
hp hp-ux 11.00
sun sunos 5.2
hp hp-ux 10.00
sgi irix 3.2
CVE-2001-0809 LOW

Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
CVE-2001-0817 HIGH

Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-0976 HIGH

Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp process_resource_manager *
CVE-2001-0978 HIGH

login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.26
CVE-2001-0979 HIGH

Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-0981 HIGH

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp cifs-9000_server *
CVE-2001-1039 HIGH

The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetadmin 5.5.177
hp jetadmin 6.0
hp jetadmin 4.0
hp jetadmin 5.6
hp jetadmin 4.1.2
hp jetadmin 6.1
hp jetadmin 5.1
hp jetadmin 5.5
hp jetadmin 6.2
CVE-2001-1040 MEDIUM

HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetadmin 5.5.177
hp jetadmin 6.0
hp jetadmin 4.0
hp jetadmin 5.6
hp jetadmin 4.1.2
hp jetadmin 6.1
hp jetadmin 5.1
hp jetadmin 5.5
hp jetadmin 6.2
CVE-2001-1123 HIGH

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 5.01
hp openview_network_node_manager 6.2
hp openview_network_node_manager 6.1
CVE-2001-1124 MEDIUM

rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
CVE-2001-1136 LOW

The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.04
CVE-2001-1162 HIGH

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.5
samba samba 2.0.6
samba samba 2.0.9
samba samba 2.0.8
hp cifs-9000_server a.01.06
samba samba 2.0.7
hp cifs-9000_server a.01.05
samba samba 2.2.0
CVE-2001-1181 HIGH

Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2001-1182 HIGH

Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-1198 HIGH

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-1244 MEDIUM

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_2000 *
openbsd openbsd 2.9
linux linux_kernel 2.4.3
hp hp-ux 11.0.4
netbsd netbsd 1.5.1
openbsd openbsd 2.8
netbsd netbsd 1.5
sun sunos 5.7
hp vvos 11.04
linux linux_kernel 2.4.5
sun sunos 5.8
sun sunos 5.5.1
hp hp-ux 11.11
linux linux_kernel 2.4.0
linux linux_kernel 2.4.1
microsoft windows_nt 4.0
linux linux_kernel 2.4.2
hp hp-ux 11.00
linux linux_kernel 2.4.4
freebsd freebsd 4.3
CVE-2001-1256 LOW

kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
CVE-2001-1264 HIGH

Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp vvos 4.5
hp hp-ux 11.04
hp vvos 4.0
CVE-2001-1439 LOW

Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.10
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2001-1506 MEDIUM

Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp secure_os 1.0
CVE-2001-1509 MEDIUM

geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.20
CVE-2001-1563 HIGH

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp secure_os 1.0
apache tomcat 3.2.1
CVE-2001-1564 LOW

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-0076 HIGH

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.1.8
sun sdk 1.3.1_01a
microsoft virtual_machine 3802
sun sdk 1.3.1_01
sun jre 1.2.2
sun jre 1.3.0
hp java_jre-jdk 1.2.2
sun sdk 1.3_05
sun sdk 1.2.2_10
hp java_jre-jdk 1.1.8
sun sdk 1.2.2_010
sun jre 1.3.1
sun jdk 1.1.8
hp java_jre-jdk 1.3
CVE-2002-0250 HIGH

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp advancestack_10base-t_switching_hub_j3202a a.03.07
hp advancestack_10base-t_switching_hub_j3205a a.03.07
hp advancestack_10base-t_switching_hub_j3203a a.03.07
hp advancestack_10base-t_switching_hub_j3201a a.03.07
hp advancestack_10base-t_switching_hub_j3204a a.03.07
hp advancestack_10base-t_switching_hub_j3210a a.03.07
hp advancestack_10base-t_switching_hub_j3200a a.03.07
CVE-2002-0279 MEDIUM

The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2002-0350 HIGH

HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp procurve_switch_4000m c.09.09
hp procurve_switch_4000m c.08.22
CVE-2002-0529 MEDIUM

HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp photosmart_print_driver 1.2.1
CVE-2002-0577 LOW

Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.0.4
hp hp-ux 11.00
CVE-2002-0585 MEDIUM

Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2002-0609 MEDIUM

Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe_ix 6.5
hp mpe_ix 6.0
hp mpe_ix 7.0
CVE-2002-0610 HIGH

Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp mpe_ix 6.5
hp mpe_ix 6.0
hp mpe_ix 7.0
CVE-2002-0638 MEDIUM

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_single_network_firewall 7.2
redhat linux 6.2
mandrakesoft mandrake_linux 8.2
redhat linux 6.0
redhat linux 7.0
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 7.0
redhat linux 6.1
redhat linux 7.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 7.1
hp secure_os 1.0
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 7.3
redhat linux 7.2
mandrakesoft mandrake_linux 8.0
CVE-2002-0677 HIGH

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.2
compaq tru64 4.0f
caldera unixware 7.1.1
sgi irix 5.3
sgi irix 6.0
sun sunos 5.7
sgi irix 6.5.9
sgi irix 6.5.5
sun sunos 5.5.1
hp hp-ux 10.10
sgi irix 6.5.6
xi_graphics dextop 2.1
sgi irix 6.1
sgi irix 6.5.12
sgi irix 6.5.14
compaq tru64 5.1a
sgi irix 6.5.11
caldera openunix 8.0
hp hp-ux 10.20
sun solaris 2.6
ibm aix 5.1
caldera unixware 7.1_.0
hp hp-ux 10.24
sgi irix 6.5.2
caldera unixware 7
compaq tru64 5.0a
sgi irix 6.5.3
ibm aix 4.3.3
sgi irix 6.4
sgi irix 6.5
compaq tru64 5.1
sgi irix 6.5.8
sgi irix 6.5.15
sun sunos 5.8
sgi irix 6.0.1
sgi irix 5.2
hp hp-ux 11.11
compaq tru64 4.0g
sgi irix 6.5.16
sgi irix 6.5.10
sgi irix 6.3
sgi irix 6.5.1
sgi irix 6.5.4
sgi irix 6.5.7
hp hp-ux 11.00
sgi irix 6.5.13
CVE-2002-0678 HIGH

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.2
compaq tru64 4.0f
caldera unixware 7.1.1
sgi irix 5.3
sgi irix 6.0
sun sunos 5.7
sgi irix 6.5.9
sgi irix 6.5.5
caldera unixware 7.0
sun sunos 5.5.1
sun solaris 9.0
hp hp-ux 10.10
sgi irix 6.5.6
xi_graphics dextop 2.1
sgi irix 6.1
sgi irix 6.5.12
sgi irix 6.5.14
compaq tru64 5.1a
sgi irix 6.5.11
caldera openunix 8.0
hp hp-ux 10.20
sun solaris 2.6
ibm aix 5.1
hp hp-ux 10.24
sgi irix 6.5.2
compaq tru64 5.0a
sgi irix 6.5.3
ibm aix 4.3.3
sgi irix 6.4
sgi irix 6.5
compaq tru64 5.1
sgi irix 6.5.8
sgi irix 6.5.15
sun sunos 5.8
sgi irix 6.0.1
sgi irix 5.2
hp hp-ux 11.11
compaq tru64 4.0g
sgi irix 6.5.16
sgi irix 6.5.10
sgi irix 6.3
sgi irix 6.5.1
sgi irix 6.5.4
sgi irix 6.5.7
hp hp-ux 11.00
caldera unixware 7.1.0
sgi irix 6.5.13
CVE-2002-0679 HIGH

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm aix 5.1
hp hp-ux 10.24
compaq tru64 4.0f
caldera unixware 7.1.1
compaq tru64 5.0a
ibm aix 4.3.3
sun sunos 5.7
compaq tru64 5.1
sun sunos 5.8
caldera unixware 7.0
sun sunos 5.5.1
sun solaris 9.0
hp hp-ux 10.10
hp hp-ux 11.11
compaq tru64 4.0g
xi_graphics dextop 2.1
compaq tru64 5.1a
hp hp-ux 11.00
caldera openunix 8.0
caldera unixware 7.1.0
hp hp-ux 10.20
sun solaris 2.6
CVE-2002-0711 MEDIUM

Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp trucluster_server 5.0a
hp trucluster_server 5.1
hp trucluster_server 5.1a
CVE-2002-0763 HIGH

Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp virtualvault 4.5
CVE-2002-0798 LOW

Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
CVE-2002-0835 MEDIUM

Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_server 3.1.1
redhat pre-execution_environment 0.1
caldera openlinux_workstation 3.1
caldera openlinux_server 3.1
hp secure_os 1.0
caldera openlinux_workstation 3.1.1
CVE-2002-0836 HIGH

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 9.0
redhat linux 6.2
mandrakesoft mandrake_linux 8.2
redhat linux 7.0
mandrakesoft mandrake_linux 8.1
redhat linux 8.0
redhat linux 7.1
mandrakesoft mandrake_linux 7.2
hp secure_os 1.0
redhat linux 7.3
redhat linux 7.2
mandrakesoft mandrake_linux 8.0
CVE-2002-0991 HIGH

Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp cifs-9000_server a.01.06
hp cifs-9000_server a.01.05
CVE-2002-0992 LOW

Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2002-0993 MEDIUM

Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp instant_support *
CVE-2002-1048 HIGH

HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jetdirect j3111a_rev._g.08.03
hp jetdirect x.08.04
hp jetdirect x.20.00
hp jetdirect j3111a_rev._a.08.06
hp jetdirect j3111a_rev._g.07.17
hp jetdirect j3111a_rev._g.05.35
hp jetdirect j3111a_rev._g.07.02
hp jetdirect x.08.00
hp jetdirect x.21.00
hp jetdirect j3111a_rev._g.07.03
hp jetdirect x.08.05
hp jetdirect x.08.20
hp jetdirect x.08.32
CVE-2002-1134 MEDIUM

Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp webes_service_tools 2.0
hp webes_service_tools 4.0
hp webes_service_tools 3.1
CVE-2002-1147 HIGH

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp procurve_switch_4000m *
CVE-2002-1232 MEDIUM

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
debian debian_linux 2.2
redhat linux 7.1
debian debian_linux 3.0
hp secure_os 1.0
redhat linux 7.3
redhat linux 7.2
redhat linux 6.2
CVE-2002-1317 HIGH

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sgi irix 6.5.9
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.4
sgi irix 6.5.5
sun sunos 5.5.1
sun solaris 9.0
hp hp-ux 10.10
sgi irix 6.5.6
xfree86_project x11r6 3.3.3
sgi irix 6.5.12
hp hp-ux 11.04
hp hp-ux 11.22
sgi irix 6.5.11
hp hp-ux 10.20
sun solaris 2.6
hp hp-ux 10.24
sun sunos -
sgi irix 6.5.2
sgi irix 6.5.3
sgi irix 6.5
sgi irix 6.5.8
sun sunos 5.8
hp hp-ux 11.11
sun solaris 7.0
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.2
sgi irix 6.5.10
sgi irix 6.5.1
sgi irix 6.5.4
sun solaris 8.0
sgi irix 6.5.7
sun solaris 2.5.1
hp hp-ux 11.00
sgi irix 6.5.13
CVE-2002-1318 HIGH

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.17
sgi irix 6.5.9
sgi irix 6.5.5
sgi irix 6.5.18
sgi irix 6.5.6
samba samba 2.2.4
hp cifs-9000_server a.01.09
sgi irix 6.5.12
sgi irix 6.5.14
sgi irix 6.5.11
sgi irix 6.5.2
sgi irix 6.5.3
samba samba 2.2.6
hp cifs-9000_server a.01.08.01
sgi irix 6.5
samba samba 2.2.5
sgi irix 6.5.8
sgi irix 6.5.15
samba samba 2.2.2
sgi irix 6.5.16
sgi irix 6.5.10
sgi irix 6.5.1
sgi irix 6.5.4
hp cifs-9000_server a.01.08
sgi irix 6.5.7
samba samba 2.2.3
sgi irix 6.5.13
CVE-2002-1337 HIGH

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
oracle solaris 8
oracle solaris 7.0
hp hp-ux 11.0.4
windriver bsdos 5.0
sun sunos 5.7
netbsd netbsd 1.5.2
hp hp-ux 10.10
hp alphaserver_sc *
gentoo linux 1.4
windriver platform_sa 1.0
hp hp-ux 11.22
hp hp-ux 10.20
sun sunos -
oracle solaris 9
netbsd netbsd 1.6
netbsd netbsd 1.5.1
netbsd netbsd 1.5
oracle solaris 2.6
sun sunos 5.8
sendmail sendmail *
windriver bsdos 4.2
windriver bsdos 4.3.1
hp hp-ux 11.11
hp hp-ux 11.00
netbsd netbsd 1.5.3
CVE-2002-1406 HIGH

Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.04
CVE-2002-1408 HIGH

Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_emanate_snmp_agent 14.2
hp vvos 11.04
CVE-2002-1409 LOW

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
CVE-2002-1426 HIGH

HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp procurve_switch_4000m c.07.23
CVE-2002-1439 MEDIUM

Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp virtualvault 4.5
hp virtualvault 4.0
hp virtualvault 4.6
hp vvos 11.04
CVE-2002-1473 MEDIUM

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1474 MEDIUM

Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
CVE-2002-1475 MEDIUM

Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
CVE-2002-1604 HIGH

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1605 HIGH

Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1606 MEDIUM

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) lpd, (3) lpq, (4) lpr, or (5) lprm.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1607 MEDIUM

Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1608 MEDIUM

Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1609 MEDIUM

Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1610 LOW

Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1611 MEDIUM

Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1612 HIGH

Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1613 HIGH

Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1614 HIGH

Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1615 HIGH

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp hp-ux 11.04
hp hp-ux 11.22
hp tru64 5.1a
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1616 HIGH

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp tru64 4.0f
hp tru64 5.0a
hp tru64 5.1af
hp tru64 4.0g
CVE-2002-1617 HIGH

Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environment variable to dtterm.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1b_pk2_bl22
CVE-2002-1618 HIGH

JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp jfs 3.1
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-1668 LOW

HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.0.4
hp hp-ux_series_800 10.20
hp hp-ux 11.00
hp hp-ux_series_700 10.20
CVE-2002-1784 MEDIUM

Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1
hp tru64 4.0f
hp tru64 5.0a
hp tru64 4.0g
hp tru64 5.1a
CVE-2002-1793 MEDIUM

HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp virtualvault 4.5
hp virtualvault 4.6
hp vvos 11.04
CVE-2002-1794 HIGH

Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp ldap-ux_integration b.02.00
hp hp-ux 11.11
hp ldap-ux_integration b.03.00
hp hp-ux 11.00
CVE-2002-1796 MEDIUM

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
hp chaivm_ezloader -
CVE-2002-1797 MEDIUM

ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp chaivm *
CVE-2002-1856 MEDIUM

HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp application_server 8.0
CVE-2002-1999 MEDIUM

HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp praesidium_webproxy 1.0
CVE-2002-2138 MEDIUM

RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp advanced_server_9000 b.04.07
hp advanced_server_9000 b.04.05
hp advanced_server_9000 b.04.09
hp advanced_server_9000 b.04.06
hp advanced_server_9000 b.04.08
hp hp-ux 11.00
hp hp-ux 11.4
CVE-2002-2262 MEDIUM

Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 10.24
hp hp-ux 11.11i
hp hp-ux 10.30
hp hp-ux 11.0.4
hp hp-ux 10
hp hp-ux 10.09
hp hp-ux 10.08
hp hp-ux 10.34
hp hp-ux 10.03
hp hp-ux 11
hp hp-ux 11.11
hp hp-ux 10.26
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-2263 MEDIUM

The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
hp visualize_conference_ftp b.11.00.11
CVE-2002-2264 HIGH

Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp secure_web_server_for_tru64 5.1
hp secure_web_server_for_tru64 4.0
hp secure_web_server_for_tru64 5.0
CVE-2002-2270 LOW

Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 10.10
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2002-2363 HIGH

VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cray unicos 8.3
cray unicos 6.0
sgi irix 6.5.6f
openafs openafs 1.3
gnu glibc 2.1.3
sgi irix 6.5.13m
openbsd openbsd 2.1
sgi irix 6.5.5
sgi irix 6.5.17m
sun solaris 9.0
gnu glibc 2.1.2
sgi irix 6.5.6
freebsd freebsd 4.7
sgi irix 6.5.4f
sgi irix 6.5.2m
sgi irix 6.5.14
sgi irix 6.5.20
sgi irix 6.5.6m
hp hp-ux 10.20
sun solaris 2.6
freebsd freebsd 4.6
openafs openafs 1.2.2a
ibm aix 5.1
sgi irix 6.5.11f
sgi irix 6.5.5f
gnu glibc 2.1.1
sun sunos -
sgi irix 6.5.3
ibm aix 4.3.3
mit kerberos_5 1.2.4
sgi irix 6.5.8
hp hp-ux 11.11
sun solaris 7.0
sgi irix 6.5.4
sgi irix 6.5.8f
sgi irix 6.5.12f
freebsd freebsd 4.1
openafs openafs 1.2.2b
freebsd freebsd 4.3
gnu glibc 2.2.4
gnu glibc 2.2
openbsd openbsd 2.6
mit kerberos_5 1.2.3
openafs openafs 1.1.1a
sgi irix 6.5.16f
sgi irix 6.5.9m
sgi irix 6.5.10m
sgi irix 6.5.9
sgi irix 6.5.4m
sgi irix 6.5.18
sun sunos 5.5.1
mit kerberos_5 1.2.6
sgi irix 6.5.15f
openafs openafs 1.2.3
freebsd freebsd 4.5
mit kerberos_5 1.2.7
cray unicos 9.0.2.5
openafs openafs 1.3.2
sgi irix 6.5.11
freebsd freebsd 4.2
sgi irix 6.5.11m
openbsd openbsd 3.0
openafs openafs 1.1
hp hp-ux 10.24
sgi irix 6.5.18m
freebsd freebsd 4.0
sgi irix 6.5.2f
sgi irix 6.5
sgi irix 6.5.3m
sgi irix 6.5.15
sgi irix 6.5.19
sgi irix 6.5.10f
sgi irix 6.5.16
mit kerberos_5 1.2.2
openbsd openbsd 3.1
hp hp-ux_series_800 10.20
sun solaris 8.0
openafs openafs 1.2
hp hp-ux 11.00
openbsd openbsd 2.4
hp hp-ux 11.20
sgi irix 6.5.13
openafs openafs 1.0.4
openbsd openbsd 2.2
openbsd openbsd 2.0
sgi irix 6.5.7f
openbsd openbsd 2.8
sgi irix 6.5.18f
hp hp-ux_series_700 10.20
freebsd freebsd 5.0
sgi irix 6.5.5m
sgi irix 6.5.8m
openafs openafs 1.2.5
sgi irix 6.5.14m
gnu glibc 2.2.3
openafs openafs 1.2.2
gnu glibc 2.2.2
hp hp-ux 11.22
gnu glibc 2.3.2
mit kerberos_5 1.2.5
cray unicos 9.2.4
freebsd freebsd 4.1.1
openafs openafs 1.3.1
sgi irix 6.5.2
sgi irix 6.5.9f
sgi irix 6.5.13f
gnu glibc 2.1
gnu glibc 2.2.5
cray unicos 6.1
sgi irix 6.5.3f
sgi irix 6.5.10
sgi irix 6.5.1
openbsd openbsd 2.5
openafs openafs 1.0.4a
freebsd freebsd 4.4
sun solaris 2.5.1
cray unicos 9.2
openafs openafs 1.0
sgi irix 6.5.17
cray unicos 9.0
openafs openafs 1.0.3
sgi irix 6.5.15m
mit kerberos_5 1.2.1
sun sunos 5.7
sgi irix 6.5.12m
sgi irix 6.5.14f
sgi irix 6.5.7m
gnu glibc 2.3
cray unicos 6.0e
openafs openafs 1.0.1
sgi irix 6.5.12
hp hp-ux 11.04
openafs openafs 1.2.6
openbsd openbsd 2.3
cray unicos 8.0
openbsd openbsd 2.9
gnu glibc 2.3.1
openafs openafs 1.2.4
openafs openafs 1.0.2
openbsd openbsd 3.2
sun sunos 5.8
openbsd openbsd 2.7
openafs openafs 1.1.1
gnu glibc 2.2.1
sgi irix 6.5.17f
openafs openafs 1.2.1
sgi irix 6.5.16m
ibm aix 5.2
sgi irix 6.5.7
cray unicos 7.0
freebsd freebsd 4.6.2
mit kerberos_5 1.2
CVE-2003-0061 HIGH

Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.20
CVE-2003-0064 HIGH

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.1
sgi irix 6.5.6f
sgi irix 6.5.7f
sgi irix 5.3
sgi irix 6.5.18f
sgi irix 5.1.1
sgi irix 6.5.13m
sgi irix 6.5.5
sgi irix 6.5.17m
sun solaris 9.0
sgi irix 6.5.6
sgi irix 6.5.5m
sgi irix 6.5.8m
sgi irix 6.5.4f
hp hp-ux 10.26
sgi irix 6.5.14m
sgi irix 6.1
sgi irix 6.5.2m
hp hp-ux 11.22
sgi irix 6.5.14
sgi irix 6.5.6m
hp hp-ux 10.20
sun solaris 2.6
ibm aix 5.1
sgi irix 6.5.11f
sgi irix 6.5.5f
sun sunos -
sgi irix 6.5.2
sgi irix 6.5.9f
sgi irix 6.5.3
ibm aix 4.3.3
sgi irix 6.4
sgi irix 6.5.8
sgi irix 6.5.13f
sgi irix 5.2
hp hp-ux 11.11
sun solaris 7.0
sgi irix 6.5.3f
sgi irix 6.5.10
sgi irix 6.3
sgi irix 6.5.1
sgi irix 6.5.4
sgi irix 6.5.8f
ibm aix 4.3
sgi irix 6.5.12f
sun solaris 2.5.1
sgi irix 6.2
hp hp-ux 10.30
sgi irix 6.5.17
sgi irix 5.0
sgi irix 6.5.16f
sgi irix 6.5.15m
sgi irix 6.5.9m
sgi irix 6.5.10m
sgi irix 6.0
sun sunos 5.7
sgi irix 6.5.12m
sgi irix 6.5.9
sgi irix 6.5.14f
sgi irix 6.5.4m
sgi irix 6.5.18
sun sunos 5.5.1
sgi irix 6.5.7m
sgi irix 6.5.15f
sgi irix 5.0.1
sgi irix 6.5.12
hp hp-ux 11.04
sgi irix 6.5.11
sgi irix 6.5.11m
hp hp-ux 10.24
sgi irix 6.5.18m
sgi irix 6.5.2f
hp hp-ux 10.34
sgi irix 6.5
sgi irix 6.5.3m
sgi irix 6.5.15
sun sunos 5.8
sgi irix 6.0.1
sgi irix 6.5.10f
ibm aix 4.3.1
ibm aix 4.3.2
sgi irix 6.5.16
sgi irix 6.5.17f
sun solaris 8.0
sgi irix 6.5.16m
ibm aix 5.2
sgi irix 6.5.7
hp hp-ux 11.00
hp hp-ux 11.20
sgi irix 6.5.13
CVE-2003-0085 HIGH

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.6
samba samba 2.0.9
samba samba 2.0.10
samba samba 2.2.1a
samba samba 2.2.0
samba samba 2.2.0a
samba samba 2.2.4
samba samba 2.2.3a
hp cifs-9000_server a.01.09
samba samba 2.2.7a
samba samba 2.0.8
hp cifs-9000_server a.01.06
samba samba 2.0.0
samba samba 2.0.3
hp cifs-9000_server a.01.09.01
samba samba 2.0.5
samba samba 2.2.7
samba samba 2.2.6
hp cifs-9000_server a.01.08.01
samba samba 2.0.4
samba samba 2.0.7
samba samba 2.2.5
samba samba 2.0.2
samba samba 2.2.2
hp cifs-9000_server a.01.08
samba samba 2.2.3
samba samba 2.0.1
hp cifs-9000_server a.01.05
hp cifs-9000_server a.01.07
CVE-2003-0089 HIGH

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
CVE-2003-0161 HIGH

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0d
compaq tru64 4.0g_pk3_bl17
sendmail sendmail 3.0.1
sendmail sendmail_switch 2.1.1
sun solaris 9.0
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.1.3
sendmail sendmail_switch 3.0.3
sendmail sendmail_switch 2.1.2
hp hp-ux 10.20
sun solaris 2.6
sendmail sendmail 8.9.1
compaq tru64 5.0
sun sunos -
sendmail sendmail 8.11.3
sendmail sendmail_switch 2.2.5
sendmail sendmail 8.12
sendmail sendmail 8.11.1
compaq tru64 5.1_pk6_bl20
compaq tru64 5.1_pk5_bl19
hp hp-ux 11.11
compaq tru64 5.1a_pk1_bl1
sun solaris 7.0
sendmail sendmail_switch 2.1.4
sendmail sendmail 8.12.8
hp hp-ux 11.0.4
sendmail sendmail 8.11.2
sendmail sendmail_switch 2.2.4
sendmail sendmail_switch 3.0.1
hp hp-ux 10.08
sendmail sendmail_switch 3.0.2
sun sunos 5.5.1
sendmail sendmail_switch 2.1
sendmail sendmail 8.10.1
sendmail sendmail 8.12.7
sendmail sendmail 8.12.6
compaq tru64 4.0f_pk7_bl18
sendmail sendmail 8.9.3
sendmail sendmail 8.10
sendmail sendmail_switch 2.2.2
sendmail sendmail 8.11.4
hp hp-ux 10.24
sendmail sendmail 8.12.0
compaq tru64 5.0_pk4_bl18
hp sis *
sendmail sendmail 8.11.6
sendmail sendmail_switch 2.2.1
sendmail sendmail 8.9.2
hp hp-ux_series_800 10.20
sun solaris 8.0
sendmail sendmail 3.0.2
hp hp-ux 11.00
hp hp-ux 11.20
hp hp-ux 10.00
sendmail sendmail 2.6.1
compaq tru64 4.0f
hp hp-ux 10.16
sun solaris 2.4
compaq tru64 5.1_pk3_bl17
sendmail sendmail_switch 2.1.5
hp hp-ux_series_700 10.20
hp hp-ux 10.26
sendmail sendmail 2.6.2
sendmail sendmail 3.0
sendmail sendmail 3.0.3
compaq tru64 4.0d_pk9_bl17
sun sunos 5.4
hp hp-ux 11.22
compaq tru64 5.1a
sendmail sendmail 8.11.5
hp hp-ux 10.01
compaq tru64 5.1b
compaq tru64 5.0a
compaq tru64 5.0f
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1b_pk1_bl1
sendmail sendmail 8.11.0
compaq tru64 4.0g
sendmail sendmail 8.9.0
compaq tru64 5.1a_pk3_bl3
sun solaris 2.5.1
hp hp-ux 10.30
sendmail sendmail 8.12.2
sun sunos 5.7
sendmail sendmail 2.6
hp hp-ux 10.10
sendmail sendmail_switch 3.0
compaq tru64 4.0f_pk6_bl17
compaq tru64 5.0a_pk3_bl17
sendmail sendmail 8.12.4
compaq tru64 4.0b
sendmail sendmail 8.10.2
sendmail sendmail 8.12.5
hp hp-ux 10.09
sun sunos 5.5
hp hp-ux 10.34
compaq tru64 5.1
sun sunos 5.8
compaq tru64 5.1_pk4_bl18
sun solaris 2.5
compaq tru64 5.0_pk4_bl17
sendmail sendmail_switch 2.2.3
sendmail sendmail 8.12.1
sendmail sendmail_switch 2.2
CVE-2003-0169 MEDIUM

hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp instant_toptools 5.04
CVE-2003-0196 HIGH

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0d
hp cifs-9000_server a.01.09.02
compaq tru64 4.0f
compaq tru64 4.0g_pk3_bl17
compaq tru64 5.1_pk3_bl17
samba samba 2.2.8
samba samba 2.2.1a
sun solaris 9.0
hp cifs-9000_server a.01.09
samba samba 2.0.0
compaq tru64 4.0d_pk9_bl17
hp hp-ux 11.22
compaq tru64 5.1a
hp hp-ux 10.20
sun solaris 2.6
hp cifs-9000_server a.01.09.01
compaq tru64 5.0
hp hp-ux 10.01
samba samba 2.0.5
sun sunos -
compaq tru64 5.1b
compaq tru64 5.0a
compaq tru64 5.0f
samba samba 2.2.6
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1b_pk1_bl1
samba samba 2.0.2
compaq tru64 5.1_pk6_bl20
samba samba 2.2.2
compaq tru64 5.1_pk5_bl19
hp hp-ux 11.11
compaq tru64 4.0g
compaq tru64 5.1a_pk1_bl1
sun solaris 7.0
hp cifs-9000_server a.01.08
compaq tru64 5.1a_pk3_bl3
sun solaris 2.5.1
samba samba 2.0.6
samba samba 2.0.9
samba samba 2.0.10
sun sunos 5.7
samba samba 2.2.0
sun sunos 5.5.1
samba samba 2.2.0a
samba samba 2.2.4
samba samba 2.2.3a
samba samba 2.2.7a
samba samba 2.0.8
hp cifs-9000_server a.01.06
samba samba 2.0.3
hp hp-ux 11.04
compaq tru64 4.0f_pk6_bl17
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.0a_pk3_bl17
compaq tru64 4.0b
hp hp-ux 10.24
samba samba 2.2.7
compaq tru64 5.0_pk4_bl18
hp cifs-9000_server a.01.08.01
samba samba 2.0.4
samba samba 2.0.7
compaq tru64 5.1
samba samba 2.2.5
sun sunos 5.8
compaq tru64 5.1_pk4_bl18
compaq tru64 5.0_pk4_bl17
samba-tng samba-tng 0.3
sun solaris 8.0
samba samba 2.2.3
samba samba 2.0.1
hp hp-ux 11.00
hp hp-ux 11.20
hp cifs-9000_server a.01.05
hp cifs-9000_server a.01.07
samba-tng samba-tng 0.3.1
CVE-2003-0201 HIGH

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0d
hp cifs-9000_server a.01.09.02
compaq tru64 4.0f
compaq tru64 4.0g_pk3_bl17
compaq tru64 5.1_pk3_bl17
samba samba 2.2.8
samba samba 2.2.1a
apple mac_os_x 10.2
sun solaris 9.0
hp cifs-9000_server a.01.09
samba samba 2.0.0
compaq tru64 4.0d_pk9_bl17
hp hp-ux 11.22
compaq tru64 5.1a
hp hp-ux 10.20
sun solaris 2.6
hp cifs-9000_server a.01.09.01
compaq tru64 5.0
hp hp-ux 10.01
samba samba 2.0.5
sun sunos -
compaq tru64 5.1b
compaq tru64 5.0a
compaq tru64 5.0f
samba samba 2.2.6
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1b_pk1_bl1
samba samba 2.0.2
compaq tru64 5.1_pk6_bl20
apple mac_os_x 10.2.3
compaq tru64 5.1_pk5_bl19
hp hp-ux 11.11
compaq tru64 4.0g
compaq tru64 5.1a_pk1_bl1
sun solaris 7.0
hp cifs-9000_server a.01.08
compaq tru64 5.1a_pk3_bl3
sun solaris 2.5.1
samba samba 2.0.6
samba samba 2.0.9
samba samba 2.0.10
apple mac_os_x 10.2.4
sun sunos 5.7
samba samba 2.2.0
sun sunos 5.5.1
samba samba 2.2.0a
samba samba 2.2.4
apple mac_os_x 10.2.1
samba samba 2.2.3a
samba samba 2.2.7a
samba samba 2.0.8
hp cifs-9000_server a.01.06
samba samba 2.0.3
hp hp-ux 11.04
compaq tru64 4.0f_pk6_bl17
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.0a_pk3_bl17
compaq tru64 4.0b
apple mac_os_x 10.2.2
hp hp-ux 10.24
samba samba 2.2.7
compaq tru64 5.0_pk4_bl18
hp cifs-9000_server a.01.08.01
samba samba 2.0.4
samba samba 2.0.7
compaq tru64 5.1
samba samba 2.2.5
sun sunos 5.8
compaq tru64 5.1_pk4_bl18
compaq tru64 5.0_pk4_bl17
samba-tng samba-tng 0.3
sun solaris 8.0
samba samba 2.0.1
hp hp-ux 11.00
hp hp-ux 11.20
hp cifs-9000_server a.01.05
hp cifs-9000_server a.01.07
samba-tng samba-tng 0.3.1
CVE-2003-0221 HIGH

The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 *
CVE-2003-0333 HIGH

Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2003-0458 MEDIUM

Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp nonstop_seeview_server_gateway d48.03
hp nonstop_seeview_server_gateway g06.00
hp nonstop_seeview_server_gateway d45.01
hp nonstop_seeview_server_gateway g04.00
hp nonstop_seeview_server_gateway g06.04
hp nonstop_seeview_server_gateway g06.12
hp nonstop_seeview_server_gateway d41.00
hp nonstop_seeview_server_gateway g06.03
hp nonstop_seeview_server_gateway g06.14
hp nonstop_seeview_server_gateway g06.18
hp nonstop_seeview_server_gateway d48.02
hp nonstop_seeview_server_gateway g06.05
hp nonstop_seeview_server_gateway g06.11
hp nonstop_seeview_server_gateway g03.00
hp nonstop_seeview_server_gateway g06.07
hp nonstop_seeview_server_gateway d42.00
hp nonstop_seeview_server_gateway d48.00
hp nonstop_seeview_server_gateway d44.00
hp nonstop_seeview_server_gateway d43.01
hp nonstop_seeview_server_gateway d48.01
hp nonstop_seeview_server_gateway g05.01
hp nonstop_seeview_server_gateway g02.00
hp nonstop_seeview_server_gateway g06.10
hp nonstop_seeview_server_gateway g06.09
hp nonstop_seeview_server_gateway g06.17
hp nonstop_seeview_server_gateway g06.06
hp nonstop_seeview_server_gateway g06.16
hp nonstop_seeview_server_gateway g06.08
hp nonstop_seeview_server_gateway d44.02
hp nonstop_seeview_server_gateway d42.01
hp nonstop_seeview_server_gateway g01.00
hp nonstop_seeview_server_gateway g06.19
hp nonstop_seeview_server_gateway g06.20
hp nonstop_seeview_server_gateway d40.00
hp nonstop_seeview_server_gateway d47.00
hp nonstop_seeview_server_gateway d44.01
hp nonstop_seeview_server_gateway d46.00
hp nonstop_seeview_server_gateway g06.01
hp nonstop_seeview_server_gateway d43.00
hp nonstop_seeview_server_gateway d43.02
hp nonstop_seeview_server_gateway d45.00
hp nonstop_seeview_server_gateway g06.13
hp nonstop_seeview_server_gateway g06.15
hp nonstop_seeview_server_gateway g05.00
CVE-2003-0681 HIGH

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 3.0.1
apple mac_os_x 10.2.5
sendmail sendmail_switch 2.1.1
apple mac_os_x 10.2
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.1.3
sendmail sendmail_switch 3.0.3
sendmail sendmail_switch 2.1.2
turbolinux turbolinux_server 6.5
apple mac_os_x_server 10.2.4
ibm aix 5.1
sendmail sendmail 8.9.1
netbsd netbsd 1.6
turbolinux turbolinux_workstation 8.0
sendmail sendmail 8.11.3
ibm aix 4.3.3
sendmail sendmail_switch 2.2.5
sendmail sendmail 8.12
sendmail sendmail 8.11.1
apple mac_os_x 10.2.3
hp hp-ux 11.11
sendmail sendmail_pro 8.9.2
sendmail sendmail_switch 2.1.4
netbsd netbsd 1.5.3
sendmail sendmail 8.12.8
hp hp-ux 11.0.4
sendmail sendmail 8.11.2
sendmail sendmail_switch 2.2.4
apple mac_os_x_server 10.2.2
sendmail sendmail_switch 3.0.1
sendmail sendmail_switch 3.0.2
sendmail sendmail_switch 2.1
apple mac_os_x 10.2.1
sendmail sendmail 8.10.1
sendmail sendmail 8.12.7
sendmail sendmail 8.12.6
gentoo linux 0.5
openbsd openbsd 3.3
sendmail sendmail 8.9.3
apple mac_os_x_server 10.2.3
sendmail advanced_message_server 1.3
sendmail sendmail 8.10
sendmail sendmail_switch 2.2.2
sendmail sendmail 8.11.4
sendmail sendmail 8.12.0
sendmail sendmail 8.12.9
sendmail sendmail 8.11.6
sendmail sendmail_switch 2.2.1
sendmail sendmail 8.9.2
apple mac_os_x_server 10.2.6
sendmail sendmail 3.0.2
hp hp-ux 11.00
sendmail sendmail 2.6.1
netbsd netbsd 1.4.3
apple mac_os_x 10.2.6
sendmail sendmail_switch 2.1.5
turbolinux turbolinux_workstation 6.0
netbsd netbsd 1.6.1
apple mac_os_x_server 10.2
sendmail sendmail 2.6.2
sendmail sendmail 3.0
sendmail sendmail 3.0.3
hp hp-ux 11.22
sendmail sendmail 8.11.5
netbsd netbsd 1.5
apple mac_os_x_server 10.2.1
sendmail sendmail 8.11.0
apple mac_os_x_server 10.2.5
sendmail sendmail 8.9.0
gentoo linux 1.2
sendmail sendmail 8.12.2
apple mac_os_x 10.2.4
sendmail sendmail 2.6
turbolinux turbolinux_workstation 7.0
netbsd netbsd 1.5.2
turbolinux turbolinux_server 8.0
sendmail sendmail 8.8.8
gentoo linux 0.7
sendmail sendmail_switch 3.0
gentoo linux 1.4
sendmail sendmail 8.12.4
sendmail sendmail 8.10.2
turbolinux turbolinux_server 6.1
sendmail sendmail 8.12.5
apple mac_os_x 10.2.2
turbolinux turbolinux_server 7.0
netbsd netbsd 1.5.1
turbolinux turbolinux_advanced_server 6.0
openbsd openbsd 3.2
sendmail advanced_message_server 1.2
sendmail sendmail_pro 8.9.3
sendmail sendmail_switch 2.2.3
sendmail sendmail 8.12.1
ibm aix 5.2
gentoo linux 1.1a
sendmail sendmail_switch 2.2
CVE-2003-0694 HIGH

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0g_pk3_bl17
sendmail sendmail 3.0.1
sgi irix 6.5.20f
apple mac_os_x 10.2.5
sendmail sendmail_switch 2.1.1
sgi irix 6.5.17m
apple mac_os_x 10.2
sun solaris 9.0
sendmail sendmail 8.12.3
freebsd freebsd 4.7
sendmail sendmail_switch 2.1.3
freebsd freebsd 4.9
sendmail sendmail_switch 3.0.3
sendmail sendmail_switch 2.1.2
turbolinux turbolinux_server 6.5
sun solaris 2.6
freebsd freebsd 4.6
apple mac_os_x_server 10.2.4
ibm aix 5.1
sendmail sendmail 8.9.1
sun sunos -
netbsd netbsd 1.6
turbolinux turbolinux_workstation 8.0
sendmail sendmail 8.11.3
ibm aix 4.3.3
sendmail sendmail_switch 2.2.5
sendmail sendmail 8.12
sendmail sendmail 8.11.1
compaq tru64 5.1_pk6_bl20
apple mac_os_x 10.2.3
compaq tru64 5.1_pk5_bl19
hp hp-ux 11.11
compaq tru64 5.1a_pk1_bl1
sendmail sendmail_pro 8.9.2
sun solaris 7.0
sgi irix 6.5.21m
sendmail sendmail_switch 2.1.4
netbsd netbsd 1.5.3
freebsd freebsd 4.3
sendmail sendmail 8.12.8
hp hp-ux 11.0.4
sendmail sendmail 8.11.2
sendmail sendmail_switch 2.2.4
apple mac_os_x_server 10.2.2
sendmail sendmail_switch 3.0.1
sendmail sendmail_switch 3.0.2
sendmail sendmail_switch 2.1
apple mac_os_x 10.2.1
sendmail sendmail 8.10.1
sendmail sendmail 8.12.7
freebsd freebsd 4.5
sgi irix 6.5.19m
sendmail sendmail 8.12.6
compaq tru64 4.0f_pk7_bl18
gentoo linux 0.5
sendmail sendmail 8.9.3
apple mac_os_x_server 10.2.3
sendmail advanced_message_server 1.3
sendmail sendmail 8.10
sendmail sendmail_switch 2.2.2
sendmail sendmail 8.11.4
sgi irix 6.5.18m
freebsd freebsd 4.0
sendmail sendmail 8.12.0
sendmail sendmail 8.12.9
sgi irix 6.5.15
sendmail sendmail 8.11.6
sgi irix 6.5.16
sendmail sendmail_switch 2.2.1
sendmail sendmail 8.9.2
apple mac_os_x_server 10.2.6
sun solaris 8.0
sendmail sendmail 3.0.2
freebsd freebsd 5.1
hp hp-ux 11.00
sendmail sendmail 2.6.1
netbsd netbsd 1.4.3
compaq tru64 4.0f
apple mac_os_x 10.2.6
sgi irix 6.5.19f
compaq tru64 5.1_pk3_bl17
freebsd freebsd 3.0
sendmail sendmail_switch 2.1.5
sgi irix 6.5.18f
turbolinux turbolinux_workstation 6.0
netbsd netbsd 1.6.1
freebsd freebsd 5.0
apple mac_os_x_server 10.2
sendmail sendmail 2.6.2
sendmail sendmail 3.0
sendmail sendmail 3.0.3
hp hp-ux 11.22
compaq tru64 5.1a
freebsd freebsd 4.8
sendmail sendmail 8.11.5
compaq tru64 5.1b
compaq tru64 4.0f_pk8_bl22
netbsd netbsd 1.5
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1b_pk1_bl1
apple mac_os_x_server 10.2.1
sendmail sendmail 8.11.0
compaq tru64 4.0g
apple mac_os_x_server 10.2.5
compaq tru64 5.1a_pk5_bl23
sendmail sendmail 8.9.0
gentoo linux 1.2
freebsd freebsd 4.4
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1a_pk4_bl21
sendmail sendmail 8.12.2
apple mac_os_x 10.2.4
compaq tru64 5.1b_pk2_bl22
sun sunos 5.7
sgi irix 6.5.21f
sendmail sendmail 2.6
turbolinux turbolinux_workstation 7.0
netbsd netbsd 1.5.2
turbolinux turbolinux_server 8.0
sendmail sendmail 8.8.8
gentoo linux 0.7
compaq tru64 4.0g_pk4_bl22
sendmail sendmail_switch 3.0
gentoo linux 1.4
compaq tru64 4.0f_pk6_bl17
sendmail sendmail 8.12.4
sendmail sendmail 8.10.2
turbolinux turbolinux_server 6.1
sendmail sendmail 8.12.5
apple mac_os_x 10.2.2
turbolinux turbolinux_server 7.0
netbsd netbsd 1.5.1
turbolinux turbolinux_advanced_server 6.0
compaq tru64 5.1
sun sunos 5.8
compaq tru64 5.1_pk4_bl18
sendmail advanced_message_server 1.2
sendmail sendmail_pro 8.9.3
sendmail sendmail_switch 2.2.3
sgi irix 6.5.17f
sendmail sendmail 8.12.1
sgi irix 6.5.20m
ibm aix 5.2
gentoo linux 1.1a
sendmail sendmail_switch 2.2
CVE-2003-0746 MEDIUM

Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview *
CVE-2003-0840 HIGH

Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2003-0914 MEDIUM

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0f
compaq tru64 4.0g_pk3_bl17
compaq tru64 5.1_pk3_bl17
netbsd netbsd 1.6.1
freebsd freebsd 5.0
ibm aix 5.1l
nixu namesurfer suite_3.0.1
sun solaris 9.0
freebsd freebsd 4.7
isc bind 8.3.0
freebsd freebsd 4.9
isc bind 8.4.1
nixu namesurfer standard_3.0.1
compaq tru64 5.1a
freebsd freebsd 4.8
freebsd freebsd 4.6
compaq tru64 5.1b
compaq tru64 4.0f_pk8_bl22
netbsd netbsd 1.6
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1b_pk1_bl1
isc bind 8.2.6
isc bind 8.3.5
compaq tru64 5.1_pk6_bl20
compaq tru64 5.1_pk5_bl19
hp hp-ux 11.11
compaq tru64 4.0g
compaq tru64 5.1a_pk1_bl1
sun solaris 7.0
compaq tru64 5.1a_pk5_bl23
isc bind 8.3.6
freebsd freebsd 4.4
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1a_pk4_bl21
isc bind 8.3.1
compaq tru64 5.1b_pk2_bl22
sun sunos 5.7
freebsd freebsd 4.5
compaq tru64 4.0g_pk4_bl22
isc bind 8.4
isc bind 8.2.4
compaq tru64 4.0f_pk6_bl17
compaq tru64 4.0f_pk7_bl18
isc bind 8.2.3
isc bind 8.3.2
isc bind 8.2.5
isc bind 8.2.7
compaq tru64 5.1
sun sunos 5.8
compaq tru64 5.1_pk4_bl18
netbsd netbsd current
isc bind 8.3.4
sco unixware 7.1.1
isc bind 8.3.3
sun solaris 8.0
hp hp-ux 11.00
freebsd freebsd 4.6.2
CVE-2003-0951 HIGH

Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.23
CVE-2003-1087 MEDIUM

Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.22
hp hp-ux 11.00
CVE-2003-1097 HIGH

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
hp hp-ux 10.16
hp hp-ux 10.30
hp hp-ux 10.34
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 10.26
hp hp-ux 11.04
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.20
hp hp-ux 10.20
CVE-2003-1098 HIGH

The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.22
CVE-2003-1356 HIGH

The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2003-1358 HIGH

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.16
hp hp-ux 10.30
hp hp-ux 11.0.4
hp hp-ux 10.09
hp hp-ux 10.08
hp hp-ux 10.34
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 10.26
hp hp-ux 11.04
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.20
hp hp-ux 10.00
hp hp-ux 10.20
CVE-2003-1359 HIGH

Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.16
hp hp-ux 10.30
hp hp-ux 11.0.4
hp hp-ux 10.09
hp hp-ux 10.08
hp hp-ux 10.34
avaya predictive_dialer_system 9.0
avaya predictive_dialer_system 12
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux 10.26
hp hp-ux 11.04
hp hp-ux 11.22
avaya predictive_dialer_system 11
hp hp-ux 11.00
hp hp-ux 11.20
hp hp-ux 10.00
hp hp-ux 10.20
CVE-2003-1360 HIGH

Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 10.10
hp hp-ux 10.16
hp hp-ux 10.30
hp hp-ux 10.26
hp hp-ux 10.09
hp hp-ux 10.08
hp hp-ux 10.34
hp hp-ux 10.00
hp hp-ux 10.20
CVE-2003-1362 HIGH

Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
hp bastille b.02.00.05
CVE-2003-1374 MEDIUM

Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp hp-ux 11
CVE-2003-1375 HIGH

Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2003-1461 HIGH

Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2003-1493 MEDIUM

Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.0.1
hp openview_network_node_manager 5.0.1
hp openview_network_node_manager 6.4
hp openview_network_node_manager 6.10
hp openview_network_node_manager 6.2
hp openview_network_node_manager 6.41
hp openview_network_node_manager 6.31
hp openview_network_node_manager 6.1
CVE-2003-1494 MEDIUM

Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-399,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.4
hp openview_network_node_manager 6.2
CVE-2003-1495 HIGH

Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp insight_manager 1.0
hp remote_diagnostics_enabling_agent *
hp insight_management_suite 3.5
hp insight_management_suite 5.0
hp insight_manager 1.6
hp insight_management_suite 4.0
CVE-2003-1496 HIGH

Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp tru64 5.1
hp tru64 4.0g_pk3_bl17
hp tru64 5.1b
hp tru64 5.1_pk4_bl18
hp tru64 5.1_pk6_bl20
hp tru64 4.0f_pk8_bl22
hp tru64 5.1a_pk4_bl21
hp tru64 5.1a_pk5_bl23
hp tru64 5.1a_pk3_bl3
hp tru64 5.1_pk5_bl19
hp tru64 4.0f_pk6_bl17
hp tru64 4.0f
hp tru64 4.0g_pk4_bl22
hp tru64 5.1a_pk2_bl2
hp tru64 5.1_pk3_bl17
hp tru64 4.0f_pk7_bl18
hp tru64 5.1a_pk1_bl1
hp tru64 4.0g
hp tru64 5.1a
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
cisco css_secure_content_accelerator 1.0
avaya intuity_audix 5.1.46
vmware gsx_server 2.0.1_build_2129
avaya sg200 4.31.29
stonesoft stonebeat_securitycluster 2.0
avaya intuity_audix s3210
stonesoft stonegate 1.5.18
novell edirectory 8.5.27
checkpoint vpn-1 vsx_ng_with_application_intelligence
openssl openssl 0.9.6c
lite speed_technologies_litespeed_web_server 1.0.2
vmware gsx_server 2.5.1
avaya vsu 5
novell edirectory 8.6.2
4d webstar 5.2.4
stonesoft stonegate 1.7
avaya s8300 r2.0.1
cisco pix_firewall_software 6.0
avaya sg203 4.4
4d webstar 5.3.1
neoteris instant_virtual_extranet 3.3.1
sgi propack 2.4
hp hp-ux 11.11
openssl openssl 0.9.7b
redhat openssl 0.9.7a-2
sgi propack 3.0
avaya vsu 5000_r2.0.1
hp apache-based_web_server 2.0.43.04
cisco access_registrar *
cisco css11000_content_services_switch *
sun crypto_accelerator_4000 1.0
cisco webns 7.10
cisco pix_firewall_software 6.0(4.101)
avaya vsu 500
avaya vsu 10000_r2.0.1
4d webstar 5.2.3
lite speed_technologies_litespeed_web_server 1.0.3
novell edirectory 8.7.1
avaya sg5 4.2
cisco pix_firewall_software 6.3(1)
openssl openssl 0.9.6k
redhat linux 7.3
cisco pix_firewall_software 6.2(2)
cisco css_secure_content_accelerator 2.0
dell bsafe_ssl-j 3.0.1
openbsd openbsd 3.3
4d webstar 5.2.2
avaya intuity_audix *
securecomputing sidewinder 5.2
stonesoft stonebeat_securitycluster 2.5
stonesoft servercluster 2.5
cisco pix_firewall_software 6.2(1)
cisco webns 7.10_.0.06s
securecomputing sidewinder 5.2.0.04
tarantella tarantella_enterprise 3.20
stonesoft stonegate 2.0.8
bluecoat proxysg *
redhat enterprise_linux 3.0
checkpoint firewall-1 *
checkpoint firewall-1 next_generation_fp0
bluecoat cacheos_ca_sa 4.1.10
securecomputing sidewinder 5.2.0.02
lite speed_technologies_litespeed_web_server 1.3_rc3
apple mac_os_x 10.3.3
stonesoft stonegate 1.5.17
avaya vsu 100_r2.0.1
stonesoft stonegate_vpn_client 1.7
4d webstar 5.3
checkpoint vpn-1 next_generation_fp2
redhat enterprise_linux_desktop 3.0
cisco pix_firewall_software 6.0(2)
checkpoint firewall-1 next_generation_fp2
stonesoft stonebeat_fullcluster 1_2.0
freebsd freebsd 5.2.1
stonesoft servercluster 2.5.2
openssl openssl 0.9.6h
stonesoft stonegate 2.0.7
stonesoft stonegate_vpn_client 2.0.9
lite speed_technologies_litespeed_web_server 1.1
cisco content_services_switch_11500 *
stonesoft stonegate 1.6.3
checkpoint firewall-1 2.0
lite speed_technologies_litespeed_web_server 1.0.1
hp hp-ux 11.23
openssl openssl 0.9.6j
vmware gsx_server 3.0_build_7592
avaya s8500 r2.0.0
cisco mds_9000 *
sgi propack 2.3
cisco pix_firewall_software 6.3(2)
lite speed_technologies_litespeed_web_server 1.3_rc1
cisco ios 12.1(11)e
cisco pix_firewall_software 6.0(1)
avaya s8300 r2.0.0
cisco ios 12.1(11b)e12
cisco ciscoworks_common_services 2.2
cisco okena_stormwatch 3.2
cisco ios 12.1(13)e9
checkpoint provider-1 4.1
cisco pix_firewall_software 6.1(5)
avaya vsu 2000_r2.0.1
avaya s8700 r2.0.0
redhat linux 8.0
neoteris instant_virtual_extranet 3.3
cisco ios 12.1(19)e1
symantec clientless_vpn_gateway_4400 5.0
redhat linux 7.2
stonesoft stonegate 2.0.1
cisco firewall_services_module 2.1_(0.208)
novell imanager 1.5
cisco ios 12.2(14)sy1
cisco threat_response *
vmware gsx_server 2.0
cisco pix_firewall_software 6.0(3)
cisco pix_firewall 6.2.2_.111
cisco webns 7.2_0.0.03
novell imanager 2.0
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 5.2
openssl openssl 0.9.6d
cisco pix_firewall_software 6.2(3.100)
avaya vsu 7500_r2.0.1
novell edirectory 8.0
cisco firewall_services_module 1.1.2
avaya sg5 4.4
securecomputing sidewinder 5.2.1
stonesoft stonegate_vpn_client 2.0.7
hp apache-based_web_server 2.0.43.00
stonesoft stonegate_vpn_client 1.7.2
neoteris instant_virtual_extranet 3.1
securecomputing sidewinder 5.2.1.02
lite speed_technologies_litespeed_web_server 1.2.2
neoteris instant_virtual_extranet 3.0
cisco pix_firewall_software 6.2(3)
stonesoft stonegate 2.0.5
redhat openssl 0.9.6-15
freebsd freebsd 4.9
openssl openssl 0.9.6f
openssl openssl 0.9.7
checkpoint vpn-1 next_generation_fp1
cisco pix_firewall_software 6.3(3.109)
vmware gsx_server 2.5.1_build_5336
avaya sg208 4.4
dell bsafe_ssl-j 3.0
hp wbem a.02.00.01
novell edirectory 8.5.12a
checkpoint vpn-1 next_generation_fp0
cisco webns 6.10_b4
lite speed_technologies_litespeed_web_server 1.3
stonesoft stonegate 2.0.4
4d webstar 5.2
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_webcluster 2.0
lite speed_technologies_litespeed_web_server 1.2.1
stonesoft stonegate_vpn_client 2.0.8
cisco webns 7.1_0.2.06
cisco application_and_content_networking_software *
openssl openssl 0.9.6i
tarantella tarantella_enterprise 3.30
novell edirectory 8.5
cisco pix_firewall_software 6.1(3)
cisco pix_firewall_software 6.1(2)
lite speed_technologies_litespeed_web_server 1.2_rc2
cisco call_manager *
cisco pix_firewall_software 6.0(4)
4d webstar 4.0
hp aaa_server *
apple mac_os_x_server 10.3.3
stonesoft stonegate 1.7.2
freebsd freebsd 5.1
cisco ciscoworks_common_management_foundation 2.1
hp wbem a.01.05.08
hp hp-ux 11.00
sco openserver 5.0.7
stonesoft stonegate 1.6.2
stonesoft stonegate_vpn_client 2.0
securecomputing sidewinder 5.2.0.01
cisco ios 12.2za
checkpoint firewall-1 next_generation_fp1
cisco webns 6.10
openssl openssl 0.9.7c
sco openserver 5.0.6
cisco ios 12.1(11b)e
avaya sg208 *
openbsd openbsd 3.4
cisco pix_firewall_software 6.1(4)
cisco gss_4490_global_site_selector *
freebsd freebsd 4.8
stonesoft stonegate 2.2.1
hp hp-ux 8.05
cisco pix_firewall_software 6.2
dell bsafe_ssl-j 3.1
avaya converged_communications_server 2.0
cisco ios 12.2sy
avaya sg200 4.4
lite speed_technologies_litespeed_web_server 1.3.1
lite speed_technologies_litespeed_web_server 1.1.1
openssl openssl 0.9.7a
cisco webns 7.1_0.1.02
avaya sg203 4.31.29
avaya intuity_audix s3400
cisco firewall_services_module 1.1.3
redhat openssl 0.9.6b-3
openssl openssl 0.9.6g
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_fullcluster 2.5
stonesoft stonegate 2.0.6
neoteris instant_virtual_extranet 3.2
cisco pix_firewall_software 6.1(1)
tarantella tarantella_enterprise 3.40
avaya s8700 r2.0.1
lite speed_technologies_litespeed_web_server 1.3_rc2
stonesoft stonegate 2.2.4
stonesoft stonebeat_fullcluster 3.0
avaya vsu 5x
stonesoft stonegate 2.0.9
novell edirectory 8.7
4d webstar 5.2.1
cisco firewall_services_module *
lite speed_technologies_litespeed_web_server 1.2_rc1
openssl openssl 0.9.6e
stonesoft stonegate 1.7.1
cisco pix_firewall_software 6.3(3.102)
cisco gss_4480_global_site_selector *
stonesoft stonebeat_fullcluster 2.0
hp wbem a.02.00.00
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.1
stonesoft stonegate 2.2
stonesoft stonegate 2.1
avaya s8500 r2.0.1
cisco firewall_services_module 1.1_(3.005)
avaya sg5 4.3
cisco ios 12.2(14)sy
cisco pix_firewall_software 6.3
cisco ios 12.1(11b)e14
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco css_secure_content_accelerator 1.0
avaya intuity_audix 5.1.46
vmware gsx_server 2.0.1_build_2129
avaya sg200 4.31.29
stonesoft stonebeat_securitycluster 2.0
avaya intuity_audix s3210
stonesoft stonegate 1.5.18
novell edirectory 8.5.27
checkpoint vpn-1 vsx_ng_with_application_intelligence
openssl openssl 0.9.6c
lite speed_technologies_litespeed_web_server 1.0.2
vmware gsx_server 2.5.1
avaya vsu 5
novell edirectory 8.6.2
4d webstar 5.2.4
stonesoft stonegate 1.7
avaya s8300 r2.0.1
cisco pix_firewall_software 6.0
avaya sg203 4.4
4d webstar 5.3.1
neoteris instant_virtual_extranet 3.3.1
sgi propack 2.4
hp hp-ux 11.11
openssl openssl 0.9.7b
redhat openssl 0.9.7a-2
sgi propack 3.0
avaya vsu 5000_r2.0.1
hp apache-based_web_server 2.0.43.04
cisco access_registrar *
cisco css11000_content_services_switch *
sun crypto_accelerator_4000 1.0
cisco webns 7.10
cisco pix_firewall_software 6.0(4.101)
avaya vsu 500
avaya vsu 10000_r2.0.1
4d webstar 5.2.3
lite speed_technologies_litespeed_web_server 1.0.3
novell edirectory 8.7.1
avaya sg5 4.2
cisco pix_firewall_software 6.3(1)
openssl openssl 0.9.6k
checkpoint vpn-1 next_generation
redhat linux 7.3
cisco pix_firewall_software 6.2(2)
cisco css_secure_content_accelerator 2.0
dell bsafe_ssl-j 3.0.1
openbsd openbsd 3.3
4d webstar 5.2.2
avaya intuity_audix *
securecomputing sidewinder 5.2
stonesoft stonebeat_securitycluster 2.5
stonesoft servercluster 2.5
cisco pix_firewall_software 6.2(1)
cisco webns 7.10_.0.06s
securecomputing sidewinder 5.2.0.04
tarantella tarantella_enterprise 3.20
stonesoft stonegate 2.0.8
bluecoat proxysg *
redhat enterprise_linux 3.0
checkpoint firewall-1 *
checkpoint firewall-1 next_generation_fp0
bluecoat cacheos_ca_sa 4.1.10
securecomputing sidewinder 5.2.0.02
lite speed_technologies_litespeed_web_server 1.3_rc3
apple mac_os_x 10.3.3
stonesoft stonegate 1.5.17
avaya vsu 100_r2.0.1
stonesoft stonegate_vpn_client 1.7
4d webstar 5.3
redhat enterprise_linux_desktop 3.0
cisco pix_firewall_software 6.0(2)
checkpoint firewall-1 next_generation_fp2
stonesoft stonebeat_fullcluster 1_2.0
freebsd freebsd 5.2.1
stonesoft servercluster 2.5.2
openssl openssl 0.9.6h
stonesoft stonegate 2.0.7
stonesoft stonegate_vpn_client 2.0.9
lite speed_technologies_litespeed_web_server 1.1
cisco content_services_switch_11500 *
stonesoft stonegate 1.6.3
checkpoint firewall-1 2.0
lite speed_technologies_litespeed_web_server 1.0.1
hp hp-ux 11.23
openssl openssl 0.9.6j
vmware gsx_server 3.0_build_7592
avaya s8500 r2.0.0
cisco mds_9000 *
sgi propack 2.3
cisco pix_firewall_software 6.3(2)
lite speed_technologies_litespeed_web_server 1.3_rc1
cisco ios 12.1(11)e
cisco pix_firewall_software 6.0(1)
avaya s8300 r2.0.0
cisco ios 12.1(11b)e12
cisco ciscoworks_common_services 2.2
cisco okena_stormwatch 3.2
cisco ios 12.1(13)e9
checkpoint provider-1 4.1
cisco pix_firewall_software 6.1(5)
avaya vsu 2000_r2.0.1
avaya s8700 r2.0.0
redhat linux 8.0
neoteris instant_virtual_extranet 3.3
cisco ios 12.1(19)e1
symantec clientless_vpn_gateway_4400 5.0
redhat linux 7.2
stonesoft stonegate 2.0.1
cisco firewall_services_module 2.1_(0.208)
novell imanager 1.5
cisco ios 12.2(14)sy1
cisco threat_response *
vmware gsx_server 2.0
cisco pix_firewall_software 6.0(3)
cisco pix_firewall 6.2.2_.111
cisco webns 7.2_0.0.03
novell imanager 2.0
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 5.2
openssl openssl 0.9.6d
cisco pix_firewall_software 6.2(3.100)
avaya vsu 7500_r2.0.1
novell edirectory 8.0
cisco firewall_services_module 1.1.2
avaya sg5 4.4
securecomputing sidewinder 5.2.1
stonesoft stonegate_vpn_client 2.0.7
hp apache-based_web_server 2.0.43.00
stonesoft stonegate_vpn_client 1.7.2
neoteris instant_virtual_extranet 3.1
securecomputing sidewinder 5.2.1.02
lite speed_technologies_litespeed_web_server 1.2.2
neoteris instant_virtual_extranet 3.0
cisco pix_firewall_software 6.2(3)
stonesoft stonegate 2.0.5
redhat openssl 0.9.6-15
freebsd freebsd 4.9
openssl openssl 0.9.6f
openssl openssl 0.9.7
checkpoint vpn-1 next_generation_fp1
cisco pix_firewall_software 6.3(3.109)
vmware gsx_server 2.5.1_build_5336
avaya sg208 4.4
dell bsafe_ssl-j 3.0
hp wbem a.02.00.01
novell edirectory 8.5.12a
checkpoint vpn-1 next_generation_fp0
cisco webns 6.10_b4
lite speed_technologies_litespeed_web_server 1.3
stonesoft stonegate 2.0.4
4d webstar 5.2
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_webcluster 2.0
lite speed_technologies_litespeed_web_server 1.2.1
stonesoft stonegate_vpn_client 2.0.8
cisco webns 7.1_0.2.06
cisco application_and_content_networking_software *
openssl openssl 0.9.6i
tarantella tarantella_enterprise 3.30
novell edirectory 8.5
cisco pix_firewall_software 6.1(3)
cisco pix_firewall_software 6.1(2)
lite speed_technologies_litespeed_web_server 1.2_rc2
cisco call_manager *
cisco pix_firewall_software 6.0(4)
4d webstar 4.0
hp aaa_server *
apple mac_os_x_server 10.3.3
stonesoft stonegate 1.7.2
freebsd freebsd 5.1
cisco ciscoworks_common_management_foundation 2.1
hp wbem a.01.05.08
hp hp-ux 11.00
sco openserver 5.0.7
stonesoft stonegate 1.6.2
stonesoft stonegate_vpn_client 2.0
securecomputing sidewinder 5.2.0.01
cisco ios 12.2za
checkpoint firewall-1 next_generation_fp1
cisco webns 6.10
openssl openssl 0.9.7c
sco openserver 5.0.6
cisco ios 12.1(11b)e
avaya sg208 *
openbsd openbsd 3.4
cisco pix_firewall_software 6.1(4)
cisco gss_4490_global_site_selector *
freebsd freebsd 4.8
stonesoft stonegate 2.2.1
hp hp-ux 8.05
cisco pix_firewall_software 6.2
dell bsafe_ssl-j 3.1
avaya converged_communications_server 2.0
cisco ios 12.2sy
avaya sg200 4.4
lite speed_technologies_litespeed_web_server 1.3.1
lite speed_technologies_litespeed_web_server 1.1.1
openssl openssl 0.9.7a
cisco webns 7.1_0.1.02
avaya sg203 4.31.29
avaya intuity_audix s3400
cisco firewall_services_module 1.1.3
redhat openssl 0.9.6b-3
openssl openssl 0.9.6g
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_fullcluster 2.5
stonesoft stonegate 2.0.6
neoteris instant_virtual_extranet 3.2
cisco pix_firewall_software 6.1(1)
tarantella tarantella_enterprise 3.40
avaya s8700 r2.0.1
lite speed_technologies_litespeed_web_server 1.3_rc2
stonesoft stonegate 2.2.4
stonesoft stonebeat_fullcluster 3.0
avaya vsu 5x
stonesoft stonegate 2.0.9
novell edirectory 8.7
4d webstar 5.2.1
cisco firewall_services_module *
lite speed_technologies_litespeed_web_server 1.2_rc1
openssl openssl 0.9.6e
stonesoft stonegate 1.7.1
cisco pix_firewall_software 6.3(3.102)
cisco gss_4480_global_site_selector *
stonesoft stonebeat_fullcluster 2.0
hp wbem a.02.00.00
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.1
stonesoft stonegate 2.2
stonesoft stonegate 2.1
avaya s8500 r2.0.1
cisco firewall_services_module 1.1_(3.005)
avaya sg5 4.3
cisco ios 12.2(14)sy
cisco pix_firewall_software 6.3
cisco ios 12.1(11b)e14
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
cisco css_secure_content_accelerator 1.0
forcepoint stonegate 2.2.1
forcepoint stonegate 2.0.4
avaya intuity_audix 5.1.46
vmware gsx_server 2.0.1_build_2129
avaya sg200 4.31.29
stonesoft stonebeat_securitycluster 2.0
avaya intuity_audix s3210
novell edirectory 8.5.27
forcepoint stonegate 1.6.3
checkpoint vpn-1 vsx_ng_with_application_intelligence
openssl openssl 0.9.6c
vmware gsx_server 2.5.1
avaya vsu 5
novell edirectory 8.6.2
4d webstar 5.2.4
avaya s8300 r2.0.1
cisco pix_firewall_software 6.0
avaya sg203 4.4
4d webstar 5.3.1
neoteris instant_virtual_extranet 3.3.1
sgi propack 2.4
hp hp-ux 11.11
openssl openssl 0.9.7b
redhat openssl 0.9.7a-2
sgi propack 3.0
avaya vsu 5000_r2.0.1
hp apache-based_web_server 2.0.43.04
cisco access_registrar *
cisco css11000_content_services_switch *
sun crypto_accelerator_4000 1.0
cisco webns 7.10
cisco pix_firewall_software 6.0(4.101)
avaya vsu 500
avaya vsu 10000_r2.0.1
4d webstar 5.2.3
novell edirectory 8.7.1
avaya sg5 4.2
cisco pix_firewall_software 6.3(1)
openssl openssl 0.9.6k
redhat linux 7.3
cisco pix_firewall_software 6.2(2)
cisco css_secure_content_accelerator 2.0
dell bsafe_ssl-j 3.0.1
openbsd openbsd 3.3
4d webstar 5.2.2
avaya intuity_audix *
securecomputing sidewinder 5.2
stonesoft stonebeat_securitycluster 2.5
stonesoft servercluster 2.5
cisco pix_firewall_software 6.2(1)
forcepoint stonegate 2.0.9
cisco webns 7.10_.0.06s
securecomputing sidewinder 5.2.0.04
tarantella tarantella_enterprise 3.20
bluecoat proxysg *
redhat enterprise_linux 3.0
checkpoint firewall-1 *
checkpoint firewall-1 next_generation_fp0
bluecoat cacheos_ca_sa 4.1.10
securecomputing sidewinder 5.2.0.02
apple mac_os_x 10.3.3
avaya vsu 100_r2.0.1
4d webstar 5.3
checkpoint vpn-1 next_generation_fp2
redhat enterprise_linux_desktop 3.0
cisco pix_firewall_software 6.0(2)
checkpoint firewall-1 next_generation_fp2
stonesoft stonebeat_fullcluster 1_2.0
freebsd freebsd 5.2.1
stonesoft servercluster 2.5.2
openssl openssl 0.9.6h
forcepoint stonegate 1.6.2
cisco content_services_switch_11500 *
checkpoint firewall-1 2.0
hp hp-ux 11.23
openssl openssl 0.9.6j
vmware gsx_server 3.0_build_7592
avaya s8500 r2.0.0
cisco mds_9000 *
sgi propack 2.3
cisco pix_firewall_software 6.3(2)
cisco ios 12.1(11)e
cisco pix_firewall_software 6.0(1)
avaya s8300 r2.0.0
cisco ios 12.1(11b)e12
cisco ciscoworks_common_services 2.2
cisco okena_stormwatch 3.2
cisco ios 12.1(13)e9
checkpoint provider-1 4.1
cisco pix_firewall_software 6.1(5)
avaya vsu 2000_r2.0.1
avaya s8700 r2.0.0
redhat linux 8.0
neoteris instant_virtual_extranet 3.3
cisco ios 12.1(19)e1
symantec clientless_vpn_gateway_4400 5.0
redhat linux 7.2
cisco firewall_services_module 2.1_(0.208)
novell imanager 1.5
cisco ios 12.2(14)sy1
cisco threat_response *
vmware gsx_server 2.0
cisco pix_firewall_software 6.0(3)
cisco pix_firewall 6.2.2_.111
cisco webns 7.2_0.0.03
novell imanager 2.0
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 5.2
openssl openssl 0.9.6d
cisco pix_firewall_software 6.2(3.100)
avaya vsu 7500_r2.0.1
novell edirectory 8.0
cisco firewall_services_module 1.1.2
avaya sg5 4.4
forcepoint stonegate 2.0.6
securecomputing sidewinder 5.2.1
hp apache-based_web_server 2.0.43.00
neoteris instant_virtual_extranet 3.1
securecomputing sidewinder 5.2.1.02
neoteris instant_virtual_extranet 3.0
cisco pix_firewall_software 6.2(3)
redhat openssl 0.9.6-15
freebsd freebsd 4.9
openssl openssl 0.9.6f
openssl openssl 0.9.7
checkpoint vpn-1 next_generation_fp1
cisco pix_firewall_software 6.3(3.109)
vmware gsx_server 2.5.1_build_5336
avaya sg208 4.4
dell bsafe_ssl-j 3.0
hp wbem a.02.00.01
novell edirectory 8.5.12a
checkpoint vpn-1 next_generation_fp0
cisco webns 6.10_b4
4d webstar 5.2
forcepoint stonegate 1.7
stonesoft stonebeat_webcluster 2.5
forcepoint stonegate 1.5.18
stonesoft stonebeat_webcluster 2.0
cisco webns 7.1_0.2.06
cisco application_and_content_networking_software *
forcepoint stonegate 1.5.17
openssl openssl 0.9.6i
tarantella tarantella_enterprise 3.30
novell edirectory 8.5
forcepoint stonegate 1.7.2
cisco pix_firewall_software 6.1(3)
cisco pix_firewall_software 6.1(2)
cisco call_manager *
cisco pix_firewall_software 6.0(4)
forcepoint stonegate 2.1
4d webstar 4.0
litespeedtech litespeed_web_server 1.0.1
hp aaa_server *
forcepoint stonegate 1.7.1
apple mac_os_x_server 10.3.3
freebsd freebsd 5.1
cisco ciscoworks_common_management_foundation 2.1
hp wbem a.01.05.08
hp hp-ux 11.00
sco openserver 5.0.7
securecomputing sidewinder 5.2.0.01
cisco ios 12.2za
checkpoint firewall-1 next_generation_fp1
forcepoint stonegate 2.2.4
forcepoint stonegate 2.0.5
cisco webns 6.10
openssl openssl 0.9.7c
sco openserver 5.0.6
cisco ios 12.1(11b)e
avaya sg208 *
openbsd openbsd 3.4
cisco pix_firewall_software 6.1(4)
cisco gss_4490_global_site_selector *
freebsd freebsd 4.8
hp hp-ux 8.05
cisco pix_firewall_software 6.2
dell bsafe_ssl-j 3.1
avaya converged_communications_server 2.0
cisco ios 12.2sy
avaya sg200 4.4
openssl openssl 0.9.7a
cisco webns 7.1_0.1.02
avaya sg203 4.31.29
avaya intuity_audix s3400
cisco firewall_services_module 1.1.3
forcepoint stonegate 2.0.8
redhat openssl 0.9.6b-3
openssl openssl 0.9.6g
forcepoint stonegate 2.0.7
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_fullcluster 2.5
neoteris instant_virtual_extranet 3.2
cisco pix_firewall_software 6.1(1)
tarantella tarantella_enterprise 3.40
avaya s8700 r2.0.1
forcepoint stonegate 2.2
stonesoft stonebeat_fullcluster 3.0
avaya vsu 5x
novell edirectory 8.7
4d webstar 5.2.1
cisco firewall_services_module *
openssl openssl 0.9.6e
cisco pix_firewall_software 6.3(3.102)
cisco gss_4480_global_site_selector *
stonesoft stonebeat_fullcluster 2.0
hp wbem a.02.00.00
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.1
forcepoint stonegate 2.0.1
avaya s8500 r2.0.1
cisco firewall_services_module 1.1_(3.005)
avaya sg5 4.3
cisco ios 12.2(14)sy
cisco pix_firewall_software 6.3
cisco ios 12.1(11b)e14
CVE-2004-0492 HIGH

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.5
apache http_server 1.3.27
ibm http_server 1.3.26.1
apache http_server 1.3.31
ibm http_server 1.3.28
apache http_server 1.3.29
openbsd openbsd *
hp vvos 11.04
apache http_server 1.3.26
sgi propack 2.4
hp virtualvault 11.0.4
apache http_server 1.3.28
openbsd openbsd 3.4
ibm http_server 1.3.26.2
ibm http_server 1.3.26
hp webproxy 2.0
hp webproxy 2.1
CVE-2004-0525 MEDIUM

HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp integrated_lights-out_firmware 1.50a
hp integrated_lights-out_firmware 1.51a
hp integrated_lights-out_firmware 1.15
hp integrated_lights-out_firmware 1.40a
hp integrated_lights-out_firmware 1.15a
hp integrated_lights-out_firmware 1.41a
hp integrated_lights-out_firmware 1.10
hp integrated_lights-out_firmware 1.26a
hp integrated_lights-out_firmware 1.6a
hp integrated_lights-out_firmware 1.16a
hp integrated_lights-out_firmware 1.27a
hp integrated_lights-out_firmware 1.20a
hp integrated_lights-out_firmware 1.42a
hp integrated_lights-out_firmware 1.50
CVE-2004-0594 MEDIUM

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
php php 5.0.0
openpkg openpkg 2.0
avaya converged_communications_server 2.0
hp hp-ux b.11.11
trustix secure_linux 2.0
trustix secure_linux 2.1
hp hp-ux b.11.22
debian debian_linux 3.0
hp hp-ux b.11.00
trustix secure_linux 1.5
openpkg openpkg 2.1
php php *
hp hp-ux b.11.23
CVE-2004-0657 MEDIUM

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ntp ntp *
hp tru64_unix 5.1b
hp tru64_unix 4.0f
hp tru64_unix 51.1a
hp tru64_unix 4.0g
CVE-2004-0709 HIGH

HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_select_access 6.0
hp openview_select_access 5.2
hp openview_select_access 5.0
hp openview_select_access 5.1
CVE-2004-0716 HIGH

Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11
CVE-2004-0809 MEDIUM

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_desktop 3.0
hp secure_web_server_for_tru64 5.0_a
hp secure_web_server_for_tru64 4.0_g
turbolinux turbolinux_server 10.0
debian debian_linux 3.0
gentoo linux 1.4
hp hp-ux 11.22
turbolinux turbolinux_desktop 10.0
mandrakesoft mandrake_linux 9.2
hp secure_web_server_for_tru64 5.8.2
hp secure_web_server_for_tru64 5.8.1
mandrakesoft mandrake_linux 10.0
hp secure_web_server_for_tru64 5.9.1
redhat enterprise_linux 3.0
turbolinux turbolinux_home *
trustix secure_linux 2.0
hp secure_web_server_for_tru64 4.0_f
hp secure_web_server_for_tru64 5.1_a
hp hp-ux 11.23
hp secure_web_server_for_tru64 5.1
trustix secure_linux 2.1
hp hp-ux 11.11
hp secure_web_server_for_tru64 5.9.2
hp hp-ux 11.00
hp secure_web_server_for_tru64 6.3.0
CVE-2004-0826 HIGH

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape enterprise_server 3.0.1b
netscape directory_server 3.1
mozilla network_security_services 3.2.1
mozilla network_security_services 3.4
sun one_web_server 6.1
mozilla network_security_services 3.7.5
netscape enterprise_server 3.4
mozilla network_security_services 3.6.1
mozilla network_security_services 3.6
mozilla network_security_services 3.2
mozilla network_security_services 3.4.1
mozilla network_security_services 3.5
mozilla network_security_services 3.7.1
netscape enterprise_server 4.1
netscape directory_server 4.1
netscape directory_server 4.13
mozilla network_security_services 3.4.2
sun one_web_server 4.1
netscape enterprise_server 3.0
netscape directory_server 4.11
netscape personalization_engine *
hp hp-ux 11.23
mozilla network_security_services 3.3.2
netscape enterprise_server 3.0.1
mozilla network_security_services 3.7.7
hp hp-ux 11.11
sun java_system_application_server 7.1
netscape enterprise_server 3.0l
mozilla network_security_services 3.7.3
netscape certificate_server 4.2
sun one_application_server 6.0
netscape enterprise_server 3.3
netscape enterprise_server 5.0
netscape enterprise_server 4.1.1
mozilla network_security_services 3.9
sun java_system_application_server 7.0
mozilla network_security_services 3.7
netscape enterprise_server 2.0
netscape enterprise_server 3.6
netscape enterprise_server 2.0.1c
mozilla network_security_services 3.7.2
netscape enterprise_server 3.1
netscape enterprise_server 2.0a
netscape directory_server 3.12
mozilla network_security_services 3.3
netscape enterprise_server 3.5.1
sun java_enterprise_system 2003q4
mozilla network_security_services 3.8
netscape enterprise_server 4.0
mozilla network_security_services 3.3.1
sun one_web_server 6.0
netscape certificate_server 1.0
netscape directory_server 1.3
netscape enterprise_server 3.0.7a
netscape enterprise_server 3.2
netscape enterprise_server 3.5
sun java_enterprise_system 2004q2
hp hp-ux 11.00
CVE-2004-0940 MEDIUM

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,

Products Affected

Vendor Product Version
slackware slackware_linux current
apache http_server *
suse suse_linux 9.1
suse suse_linux 8.0
openpkg openpkg 2.0
slackware slackware_linux 8.0
slackware slackware_linux 9.0
suse suse_linux 8.1
suse suse_linux 9.2
slackware slackware_linux 10.0
hp hp-ux 11.11
suse suse_linux 8.2
slackware slackware_linux 9.1
slackware slackware_linux 8.1
trustix secure_linux 1.5
openpkg openpkg 2.1
hp hp-ux 11.22
openpkg openpkg 2.2
hp hp-ux 11.00
suse suse_linux 9.0
hp hp-ux 11.20
CVE-2004-0951 HIGH

The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp ignite-ux c.6.2.241
CVE-2004-0952 MEDIUM

HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2004-0965 HIGH

stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2004-0993 HIGH

Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp sockd 0.5
hp sockd 0.4
CVE-2004-1029 HIGH

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun jre 1.3.1_09
sun jdk 1.4.2_02
sun jdk 1.4.0_02
sun jre 1.3.1_07
sun jre 1.4.2
sun jre 1.4.0_04
sun jdk 1.4.0_03
sun jre 1.3.1_02
sun jre 1.4.0_03
sun jdk 1.3.1_01a
hp hp-ux 11.22
sun jdk 1.4.2_03
sun jre 1.3.1_05
sun jdk 1.3.1_06
conectiva linux 10.0
sun jdk 1.3.1_01
sun jre 1.4.1
hp hp-ux 11.23
sun jdk 1.4.0_4
hp hp-ux 11.11
sun jdk 1.4.0_01
symantec enterprise_firewall 8.0
sun jre 1.4.0_02
hp java_sdk-rte 1.3
sun jdk 1.4.2
symantec gateway_security_5400 2.0
sun jdk 1.3.1_02
sun jdk 1.4.2_05
sun jdk 1.4
sun jre 1.3.0
sun jdk 1.3.1_04
sun jre 1.4.1_02
gentoo linux *
sun jre 1.3.1_03
symantec gateway_security_5400 2.0.1
sun jdk 1.4.1_02
sun jre 1.4.1_01
sun jdk 1.3.1_05
sun jdk 1.4.2_01
sun jdk 1.3.1_03
sun jre 1.3.1_06
hp java_sdk-rte 1.4
sun jdk 1.4.1_03
sun jdk 1.4.2_04
sun jdk 1.3.1_07
sun jre 1.4.1_07
sun jre 1.4
sun jdk 1.4.1
sun jre 1.4.0_01
hp hp-ux 11.00
sun jre 1.3.1
sun jdk 1.4.1_01
CVE-2004-1082 HIGH

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.5
apple apache_mod_digest_apple *
ibm http_server 1.3.19
apache http_server 1.3.27
hp virtualvault 4.5
avaya network_routing *
avaya communication_manager 2.0.1
hp virtualvault 4.7
apache http_server 1.3.4
apache http_server 1.3.9
openbsd openbsd current
apache http_server 1.3.29
apache http_server 1.3
apache http_server 1.3.14
apache http_server 1.3.20
apache http_server 1.3.26
sun solaris 9.0
apache http_server 1.3.11
sco openserver 5.0.6
apache http_server 1.3.1
apache http_server 1.3.23
apache http_server 1.3.3
apache http_server 1.3.25
hp webproxy a.02.00
avaya modular_messaging_message_storage_server 1.1
openbsd openbsd 3.4
avaya communication_manager 1.1
apache http_server 1.3.7
hp virtualvault 4.6
avaya mn100 *
apache http_server 1.3.24
avaya communication_manager 1.3.1
apache http_server 1.3.12
apache http_server 1.3.6
hp webproxy a.02.10
sun sunos 5.8
apache http_server 1.3.18
apache http_server 1.3.28
avaya communication_manager 2.0
apache http_server 1.3.17
apache http_server 1.3.22
sun solaris 8.0
avaya modular_messaging_message_storage_server 2.0
apache http_server 1.3.19
avaya intuity_audix_lx *
sco openserver 5.0.7
CVE-2004-1328 HIGH

Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
CVE-2004-1332 HIGH

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.24
hp hp-ux 11.11i
hp vvos 10.24
hp hp-ux 11.4
hp hp-ux_series_700 10.20
hp sis *
hp vvos 11.04
hp hp-ux 11.23
hp hp-ux 10.10
hp hp-ux 11.11
hp hp-ux_series_800 10.20
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2004-1375 MEDIUM

Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 11.23
CVE-2004-1480 HIGH

Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp storageworks_command_view 1.8b
hp storageworks_command_view 1.7a
hp storageworks_command_view 1.53.01a
hp storageworks_command_view 1.51.00
hp storageworks_command_view 1.7b
hp storageworks_command_view 1.30.00
hp storageworks_command_view 1.52.00
hp storageworks_command_view 1.8a
hp storageworks_command_view 1.11.1
hp storageworks_command_view 1.11.2
hp storageworks_command_view 1.8
hp storageworks_command_view 1.40.04
hp storageworks_command_view 1.40.01
hp storageworks_command_view 1.53.00
hp storageworks_command_view 1.11
hp storageworks_command_view 1.60.00
hp storageworks_command_view 1.53.05a
CVE-2004-1713 LOW

Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp process_resource_manager c.01.08.02
hp process_resource_manager c.02.01.01
hp process_resource_manager c.01.07
hp workload_manager a.02.01
CVE-2004-1764 HIGH

Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.4
CVE-2004-1811 HIGH

The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp ssl_http_server 5.92
hp ssl_http_server 5.0
CVE-2004-1856 MEDIUM

devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp web_jetadmin 7.5.2546
CVE-2004-1857 LOW

Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp web_jetadmin 7.5.2546
CVE-2004-2439 MEDIUM

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp color_laserjet 4650
hp laserjet_4200 *
hp laserjet_4300 *
hp color_laserjet 5500
hp laserjet_9065 *
hp laserjet_4100_mfp *
hp laserjet_9050_mpf *
hp laserjet_9500_mpf *
hp color_laserjet_4600 *
hp laserjet_3700 *
hp laserjet_9000_mfp *
hp laserjet_9040_mpf *
hp color_laserjet 5550
hp laserjet_2500 *
hp laserjet_9050 *
hp laserjet_9500 *
hp laserjet_9000 *
hp laserjet_3000 *
hp laserjet_9055 *
CVE-2004-2600 MEDIUM

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp carrier_grade_server_cc2300 a6898a
hp carrier_grade_server_cc3300 a6901a
intel server_platform_spsh4 *
intel server_board_scb2 *
intel carrier_grade_server_tigpr2u *
hp carrier_grade_server_cc3300 a6900a
hp carrier_grade_server_cc3310 a9862a
intel server_control *
intel server_platform_srsh4 *
intel cli_auto-configuration_utility *
hp carrier_grade_server_cc2300 a6899a
intel server_board_shg2 *
hp carrier_grade_server_cc3310 a9863a
intel server_board_sds2 *
intel carrier_grade_server_tsrmt2 *
intel server_board_se7500wv2 *
intel client_system_setup_utility *
intel server_board_se7501hg2 *
intel carrier_grade_server_tsrlt2 *
intel entry_server_board_se7210tp1-e *
intel server_configuration_wizard *
intel entry_server_platform_sr1325tp1-e *
intel system_setup_utility *
intel server_platform_sr870bh2 *
intel server_platform_sr870bn4 *
CVE-2004-2665 MEDIUM

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
CVE-2004-2678 MEDIUM

Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1b_p3k_bl24
hp tru64 5.1a
hp tru64 5.1b_pk2_bl22
CVE-2004-2693 HIGH

HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.00
CVE-2004-2753 MEDIUM

Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
CVE-2005-0224 MEDIUM

Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp virtualvault 4.5
hp virtualvault 4.7
hp virtualvault 4.6
CVE-2005-0364 MEDIUM

Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2005-0547 MEDIUM

Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 11.23
CVE-2005-0652 LOW

Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openvms 6.2
hp openvms 7.3-1
hp openvms 7.3-2
hp openvms 7.3
CVE-2005-0719 LOW

Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp tru64 5.1b1
hp tru64 4.0f
hp tru64 4.0g
hp tru64 5.1a
CVE-2005-1056 MEDIUM

Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.4
hp openview_network_node_manager 6.2
hp openview_network_node_manager 6.31
hp openview_network_node_manager 7.50
hp openview_network_node_manager 7.01
CVE-2005-1192 MEDIUM

Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.04
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2005-1370 HIGH

Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_radia_management_portal 1.0
hp openview_radia_management_portal 2.0
CVE-2005-1433 MEDIUM

Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_event_correlation_services 3.2
hp openview_event_correlation_services 3.3
CVE-2005-1434 HIGH

Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.4
hp openview_network_node_manager 6.2
hp openview_network_node_manager 7.50
hp openview_network_node_manager 7.01
CVE-2005-1825 HIGH

Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp radia_client 3.1.2.0
CVE-2005-1826 HIGH

Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp radia_client 3.1.0.0
CVE-2005-2076 LOW

HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp version_control_repository_manager 1.0.2241.0
hp version_control_repository_manager 1.0.2289.0
hp version_control_repository_manager 1.0.3086.0
hp version_control_repository_manager 1.0.1288.1
hp version_control_repository_manager 2.0.1.30
hp version_control_repository_manager 1.0.3085.0
hp version_control_repository_manager 1.0.2345.0
hp version_control_repository_manager 2.1.1.710
hp version_control_repository_manager 2.0.0.50
hp version_control_repository_manager 2.1.1.720
CVE-2005-2552 HIGH

Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp proliant_dl585 *
CVE-2005-2773 HIGH

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
hp openview_network_node_manager *
CVE-2005-2988 MEDIUM

HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp laserjet_2430 *
CVE-2005-2993 LOW

Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp tru64 4.0f
hp tru64 *
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 11.23
CVE-2005-3277 HIGH

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 10.20
CVE-2005-3295 LOW

Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.23
CVE-2005-3564 HIGH

envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
CVE-2005-3565 HIGH

Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2005-3670 HIGH

Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp tru64 5.1b1
hp hp-ux 11.11
hp tru64 5.1b3
hp jetdirect_635n *
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2005-3779 HIGH

Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2005-3983 HIGH

Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp systems_insight_manager 4.1
hp systems_insight_manager 4.0
CVE-2005-4090 HIGH

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.22
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2005-4316 HIGH

HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 11.23
CVE-2005-4451 HIGH

Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2005-4654 MEDIUM

Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp oracle_for_openview 9.1.01
hp oracle_for_openview 8.1.7
hp oracle_for_openview 9.2
CVE-2005-4823 HIGH

Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp http_server 5.93
hp http_server 5.92
hp http_server 5.94
hp http_server 5.0
CVE-2006-0436 HIGH

Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
CVE-2006-0656 MEDIUM

Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.0
hp systems_insight_manager 4.2
CVE-2006-0672 HIGH

Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp psc_1210_all-in-one 1.0
hp psc_1210_all-in-one 1.0.0.1
hp psc_1210_all-in-one *
CVE-2006-1023 MEDIUM

Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.0
hp system_management_homepage 2.1.4
CVE-2006-1248 MEDIUM

Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2006-1389 HIGH

Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
CVE-2006-1509 MEDIUM

/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2006-1654 MEDIUM

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp color_laserjet 4600hdn
hp color_laserjet_2500tn *
hp color_laserjet_2500_toolbox *
hp color_laserjet_2500l *
hp color_laserjet_4600 *
hp color_laserjet 4600dtn
hp color_laserjet_2500n *
hp color_laserjet_4600_toolbox *
hp color_laserjet_2500lse *
hp color_laserjet 4600dn
hp color_laserjet_2500 *
CVE-2006-1689 HIGH

Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
CVE-2006-1774 HIGH

HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp system_management_homepage 2.1.3.132
hp compaqhttpserver 9.9
CVE-2006-2092 MEDIUM

Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp storageworks_secure_path_windows 4.0c
CVE-2006-2551 LOW

Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
CVE-2006-2574 HIGH

Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 11.23
CVE-2006-2579 HIGH

Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 5.1
hp openview_storage_data_protector 5.5
CVE-2006-2580 HIGH

Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_network_node_manager 6.20
hp openview_network_node_manager 6.4
hp openview_network_node_manager 7.50
hp openview_network_node_manager 7.01
CVE-2006-3097 MEDIUM

Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.23
CVE-2006-3201 MEDIUM

Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.23
CVE-2006-3335 HIGH

Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.00
hp hp-ux 11.4
hp hp-ux 11.23
CVE-2006-3686 MEDIUM

Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openvms 7.3-2
CVE-2009-3999 HIGH

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp power_manager 4.2.5
hp power_manager *
hp power_manager 4.2.6
CVE-2009-4000 HIGH

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp power_manager 4.2.5
hp power_manager *
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
CVE-2009-4183 MEDIUM

Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified "access" via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
CVE-2009-4184 MEDIUM

Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp enterprise_cluster_master_toolkit b.05.00
CVE-2009-4185 MEDIUM

Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 2.1.11
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.10-186
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 2.2.6
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.0
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.1
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 2.1.0-109
CVE-2009-5071 HIGH

Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp palm_pre_webos 1.0.3
hp palm_pre_webos 1.0.2
hp palm_pre_webos *
hp palm_pre_webos 1.0.4
hp palm_pre_webos 1.1.0
CVE-2009-5097 HIGH

Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp palm_pre_webos 1.0.3
hp palm_pre_webos 1.0.2
hp palm_pre_webos *
hp palm_pre_webos 1.0.4
CVE-2009-5098 MEDIUM

The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
hp palm_pre_webos 1.0.3
hp palm_pre_webos 1.0.2
hp palm_pre_webos *
hp palm_pre_webos 1.0.4
CVE-2010-0443 MEDIUM

Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openvms_rms vms83a_rms-v1000
hp openvms_rms vms83a_update-v1100
CVE-2010-0444 HIGH

HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
hp operations_agent 8.52
hp operations_agent 8.51
hp operations_agent 8.53
CVE-2010-0445 HIGH

Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager 8.13
hp network_node_manager 8.11
hp network_node_manager 8.10
hp network_node_manager 8.12
CVE-2010-0446 MEDIUM

Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp dreamscreen 130
hp dreamscreen 100
CVE-2010-0447 HIGH

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp openview_performance_insight *
CVE-2010-0448 MEDIUM

Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp soa_registry_foundation 6.64
hp soa_registry_foundation 6.63
CVE-2010-0449 MEDIUM

Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp soa_registry_foundation 6.64
hp soa_registry_foundation 6.63
CVE-2010-0450 HIGH

Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp soa_registry_foundation 6.64
hp soa_registry_foundation 6.63
CVE-2010-0451 MEDIUM

The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 11.31
hp hp-ux b.11.31
CVE-2010-0452 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp project_and_portfolio_management_center *
CVE-2010-1030 MEDIUM

Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.31
CVE-2010-1031 MEDIUM

Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_suite_for_linux 2.00
hp insight_control_suite_for_linux 2.10
hp insight_control_suite_for_linux 2.10.01
hp insight_control_suite_for_linux *
hp insight_control_suite_for_linux 2.00.01
CVE-2010-1032 MEDIUM

Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
CVE-2010-1033 HIGH

Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp operations_manager 7.5
hp operations_manager 8.16
hp operations_manager 8.10
CVE-2010-1034 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 6.0
CVE-2010-1035 HIGH

Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_virtual_machine_management *
hp insight_virtual_machine_management 3.6.1
CVE-2010-1036 MEDIUM

Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.2
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 4.2
hp systems_insight_manager 5.1
hp systems_insight_manager 4.1
hp systems_insight_manager 2.5.2.0
hp systems_insight_manager *
hp systems_insight_manager 4.0
CVE-2010-1037 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.2
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 4.2
hp systems_insight_manager 5.1
hp systems_insight_manager 4.1
hp systems_insight_manager 2.5.2.0
hp systems_insight_manager *
hp systems_insight_manager 4.0
CVE-2010-1038 MEDIUM

Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.2
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 4.2
hp systems_insight_manager 5.1
hp systems_insight_manager 4.1
hp systems_insight_manager 2.5.2.0
hp systems_insight_manager *
hp systems_insight_manager 4.0
CVE-2010-1039 HIGH

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
ibm aix 5.2.0.54
ibm aix 4.0
ibm vios 2.1
ibm aix 4.1.1
ibm aix 430
ibm aix *
ibm aix 4.3.0
ibm aix 2.2.1
ibm aix 5.2.0
ibm aix 3.2
ibm aix 4
ibm aix 5.1l
ibm aix 4.1.5
ibm aix 5.2.2
hp nfs/oncplus *
ibm aix 6.1
ibm aix 1.3
ibm aix 3.2.5
ibm aix 4.2.1
ibm aix 4.2
ibm aix 5.2.0.50
ibm aix 5.1
ibm aix 4.2.1.12
ibm aix 4.1.4
ibm vios *
ibm aix 3.2.0
ibm aix 4.3.3
sgi irix 6.5
ibm aix 4.1.2
ibm aix 4.2.0
ibm vios 1.4
ibm aix 4.3.1
ibm aix 4.3.2
ibm aix 4.1
ibm aix 3.1
ibm aix 1.2.1
ibm aix 4.1.3
ibm aix 5.2
ibm aix 5.2_l
ibm aix 4.3
ibm aix 3.2.4
ibm aix 5.1.0.10
CVE-2010-1549 HIGH

Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 7.6
hp loadrunner 9.0
hp loadrunner 7.5
hp loadrunner 7.51
hp loadrunner 8.14
hp loadrunner 7.0
hp loadrunner 8.0
hp loadrunner *
hp performance_center *
hp loadrunner 7.02
hp loadrunner 8.13
hp loadrunner 7.8
hp loadrunner 8.12
CVE-2010-1550 HIGH

Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
hp openview_network_node_manager 7.0.1
CVE-2010-1551 HIGH

Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
hp openview_network_node_manager 7.0.1
CVE-2010-1552 HIGH

Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
hp openview_network_node_manager 7.0.1
CVE-2010-1553 HIGH

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
hp openview_network_node_manager 7.0.1
CVE-2010-1554 HIGH

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
hp openview_network_node_manager 7.0.1
CVE-2010-1555 HIGH

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
hp openview_network_node_manager 7.0.1
CVE-2010-1556 MEDIUM

Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager 6.0
hp systems_insight_manager 5.3
CVE-2010-1557 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_server_migration_for_windows *
CVE-2010-1558 MEDIUM

Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp multifunction_peripheral_digital_sending_software 4.13
hp multifunction_peripheral_digital_sending_software 4.14
hp multifunction_peripheral_digital_sending_software *
hp multifunction_peripheral_digital_sending_software 4.16
hp multifunction_peripheral_digital_sending_software 4.07
hp multifunction_peripheral_digital_sending_software 4.00
hp multifunction_peripheral_digital_sending_software 4.03
hp multifunction_peripheral_digital_sending_software 4.15
hp multifunction_peripheral_digital_sending_software 4.08
hp multifunction_peripheral_digital_sending_software 4.02
hp multifunction_peripheral_digital_sending_software 4.04
hp multifunction_peripheral_digital_sending_software 4.06
hp multifunction_peripheral_digital_sending_software 4.11
hp multifunction_peripheral_digital_sending_software 4.10
hp multifunction_peripheral_digital_sending_software 4.05
hp multifunction_peripheral_digital_sending_software 4.09
hp multifunction_peripheral_digital_sending_software 4.17
hp multifunction_peripheral_digital_sending_software 4.12
CVE-2010-1586 MEDIUM

Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.12-118
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.10-186
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.2.6
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.0
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 2.1.0-109
CVE-2010-1959 MEDIUM

Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp mercury_testdirector_for_quality_center *
CVE-2010-1960 HIGH

Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-1961 HIGH

Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-1962 HIGH

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.2.1.870.0 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storageworks_storage_mirroring 5.1
hp storageworks_storage_mirroring 5
hp storageworks_storage_mirroring 5.2
hp storageworks_storage_mirroring 5.2.1
CVE-2010-1963 MEDIUM

Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp servicecenter *
CVE-2010-1964 HIGH

Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-1965 HIGH

Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_orchestration *
CVE-2010-1966 MEDIUM

Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control 3.00
hp insight_control *
hp insight_control 3.10
CVE-2010-1967 LOW

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_software_installer 3.00
hp insight_software_installer *
hp insight_software_installer 3.10
CVE-2010-1968 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_software_installer 3.00
hp insight_software_installer *
hp insight_software_installer 3.10
CVE-2010-1969 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp virtual_connect_enterprise_manager 6.10
CVE-2010-1970 MEDIUM

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_software_installer 3.00
hp insight_software_installer *
hp insight_software_installer 3.10
CVE-2010-1971 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_software_installer 3.00
hp insight_software_installer *
hp insight_software_installer 3.10
CVE-2010-1972 HIGH

The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
hp client_automation_enterprise_infrastructure *
CVE-2010-1973 MEDIUM

Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openvms 6.2
hp openvms 7.3-1
hp openvms 7.2-1
hp openvms 7.2
hp openvms 7.2-1h1
hp openvms 8.3
hp openvms 7.2-2
hp openvms *
hp openvms 8.3-1h1
hp openvms 8.2
hp openvms 7.2-6c2
hp openvms 7.3
CVE-2010-2612 LOW

Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openvms 7.3-2
hp openvms 8.3
hp openvms_for_integrity_servers 8.3-1h1
hp openvms_for_integrity_servers 8.3
hp openvms 8.2
CVE-2010-2703 HIGH

Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-2704 HIGH

Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-2705 MEDIUM

Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp procurve_switch_1800-8g *
hp procurve_switch_software pa.02.06
hp procurve_switch_software pb.02.07
hp procurve_switch_software pb.02.04
hp procurve_switch_software pa.02.03
hp procurve_switch_software pa.02.07
hp procurve_switch_software pa.03.01
hp procurve_switch_software pb.02.01
hp procurve_switch_software pb.02.03
hp procurve_switch_software pa.03.00
hp procurve_switch_software pa.02.01
hp procurve_switch_software pa.02.05
hp procurve_switch_1800-24g *
hp procurve_switch_software pb.02.08
hp procurve_switch_software *
hp procurve_switch_software pb.03.01
hp procurve_switch_software pa.02.02
hp procurve_switch_software pa.02.08
hp procurve_switch_software pb.02.05
hp procurve_switch_software pa.02.09
hp procurve_switch_software pb.03.00
hp procurve_switch_software pa.02.04
hp procurve_switch_software pb.02.06
hp procurve_switch_software pb.02.02
hp procurve_switch_software pb.02.09
CVE-2010-2706 MEDIUM

Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp procurve_switch_software r.11.10
hp procurve_switch_2610-24/12pwr *
hp procurve_switch_software r.11.17
hp procurve_switch_software r.11.12
hp procurve_switch_software r.11.05
hp procurve_switch_software r.11.16
hp procurve_switch_software r.11.15
hp procurve_switch_software r.11.04
hp procurve_switch_2610-24 *
hp procurve_switch_software r.11.25
hp procurve_switch_software r.11.11
hp procurve_switch_software r.11.07
hp procurve_switch_software r.11.26
hp procurve_switch_software r.11.27
hp procurve_switch_software r.11.21
hp procurve_switch_2610 *
hp procurve_switch_software r.11.19
hp procurve_switch_2610-48-pwr *
hp procurve_switch_software *
hp procurve_switch_software r.11.13
hp procurve_switch_software r.11.08
hp procurve_switch_software r.11.24
hp procurve_switch_software r.11.18
hp procurve_switch_software r.11.06
hp procurve_switch_software r.11.09
hp procurve_switch_software r.11.22
hp procurve_switch_software r.11.20
hp procurve_switch_2610-24-pwr *
hp procurve_switch_2610-48 *
hp procurve_switch_software r.11.23
hp procurve_switch_software r.11.28
hp procurve_switch_software r.11.14
CVE-2010-2707 HIGH

Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp procurve_switch_software h.08.105
hp procurve_switch_software h.07.32
hp procurve_switch_software h.08.88
hp procurve_switch_software h.10.65
hp procurve_switch_software h.08.91
hp procurve_switch_software h.08.55
hp procurve_switch_software h.08.74
hp procurve_switch_software h.10.38
hp procurve_switch_software h.10.63
hp procurve_switch_software h.08.60
hp procurve_switch_software h.08.65
hp procurve_switch_software h.08.103
hp procurve_switch_2650-pwr *
hp procurve_switch_software h.08.86
hp procurve_switch_software h.08.99
hp procurve_switch_software h.07.56
hp procurve_switch_software h.08.56
hp procurve_switch_software h.08.79
hp procurve_switch_software h.08.75
hp procurve_switch_software h.10.52
hp procurve_switch_software h.08.81
hp procurve_switch_software h.07.55
hp procurve_switch_software h.08.57
hp procurve_switch_software h.10.40
hp procurve_switch_software h.10.33
hp procurve_switch_software h.08.100
hp procurve_switch_software h.08.106
hp procurve_switch_software h.10.37
hp procurve_switch_software h.10.59
hp procurve_switch_software h.08.90
hp procurve_switch_software h.10.24
hp procurve_switch_software h.08.73
hp procurve_switch_software h.08.64
hp procurve_switch_software h.08.94
hp procurve_switch_software h.10.27
hp procurve_switch_software h.10.64
hp procurve_switch_2626-pwr *
hp procurve_switch_software h.08.95
hp procurve_switch_software h.10.47
hp procurve_switch_software h.08.77
hp procurve_switch_software h.08.107
hp procurve_switch_software h.07.46
hp procurve_switch_software h.08.61
hp procurve_switch_software h.07.41
hp procurve_switch_software h.10.62
hp procurve_switch_software h.10.29
hp procurve_switch_software h.10.72
hp procurve_switch_software h.07.02
hp procurve_switch_software h.10.50
hp procurve_switch_software h.10.32
hp procurve_switch_software h.10.57
hp procurve_switch_software h.08.98
hp procurve_switch_software h.07.54
hp procurve_switch_software h.08.97
hp procurve_switch_software h.08.85
hp procurve_switch_software h.08.89
hp procurve_switch_2650 *
hp procurve_switch_software h.08.80
hp procurve_switch_software h.10.60
hp procurve_switch_software h.10.46
hp procurve_switch_software h.08.76
hp procurve_switch_software h.10.44
hp procurve_switch_software h.08.84
hp procurve_switch_software h.08.92
hp procurve_switch_software h.08.93
hp procurve_switch_software h.10.39
hp procurve_switch_software h.07.45
hp procurve_switch_software h.10.21
hp procurve_switch_software h.10.41
hp procurve_switch_software h.10.42
hp procurve_switch_software h.07.53
hp procurve_switch_software h.08.96
hp procurve_switch_software h.10.73
hp procurve_switch_software h.10.28
hp procurve_switch_software h.08.72
hp procurve_switch_software h.10.54
hp procurve_switch_software h.07.31
hp procurve_switch_software h.10.55
hp procurve_switch_software h.08.82
hp procurve_switch_software h.10.68
hp procurve_switch_software h.08.53
hp procurve_switch_software h.08.109
hp procurve_switch_software h.10.20
hp procurve_switch_software h.10.35
hp procurve_switch_software h.10.61
hp procurve_switch_software h.08.102
hp procurve_switch_software h.10.66
hp procurve_switch_software h.10.70
hp procurve_switch_software h.10.69
hp procurve_switch_software h.10.48
hp procurve_switch_software h.10.36
hp procurve_switch_software h.08.70
hp procurve_switch_software h.10.53
hp procurve_switch_software h.10.22
hp procurve_switch_software h.10.58
hp procurve_switch_software h.08.69
hp procurve_switch_software h.08.71
hp procurve_switch_software h.08.62
hp procurve_switch_software h.10.23
hp procurve_switch_software h.10.67
hp procurve_switch_software h.08.67
hp procurve_switch_software h.08.104
hp procurve_switch_software h.10.25
hp procurve_switch_software h.10.49
hp procurve_switch_software h.08.58
hp procurve_switch_software h.07.50
hp procurve_switch_2626 *
hp procurve_switch_software h.10.56
hp procurve_switch_software h.10.71
hp procurve_switch_software h.10.30
hp procurve_switch_software *
hp procurve_switch_software h.08.78
hp procurve_switch_software h.10.26
hp procurve_switch_software h.07.03
hp procurve_switch_software h.10.45
hp procurve_switch_software h.08.87
hp procurve_switch_software h.08.101
hp procurve_switch_software h.08.59
hp procurve_switch_software h.08.83
hp procurve_switch_software h.10.43
hp procurve_switch_software h.10.31
hp procurve_switch_software h.10.51
hp procurve_switch_software h.08.108
CVE-2010-2708 MEDIUM

Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp procurve_switch_software r.11.10
hp procurve_switch_2610-24/12pwr *
hp procurve_switch_software r.11.17
hp procurve_switch_software r.11.12
hp procurve_switch_software r.11.05
hp procurve_switch_software r.11.16
hp procurve_switch_software r.11.15
hp procurve_switch_software r.11.04
hp procurve_switch_2610-24 *
hp procurve_switch_software r.11.11
hp procurve_switch_software r.11.07
hp procurve_switch_2610 *
hp procurve_switch_software r.11.19
hp procurve_switch_2610-48-pwr *
hp procurve_switch_software *
hp procurve_switch_software r.11.13
hp procurve_switch_software r.11.08
hp procurve_switch_software r.11.18
hp procurve_switch_software r.11.06
hp procurve_switch_software r.11.09
hp procurve_switch_software r.11.20
hp procurve_switch_2610-24-pwr *
hp procurve_switch_2610-48 *
hp procurve_switch_software r.11.14
CVE-2010-2709 HIGH

Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-2710 HIGH

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-2711 MEDIUM

Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp magcloud *
CVE-2010-2712 MEDIUM

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2010-3003 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_diagnostics 7.5.5-1
hp insight_diagnostics 7.6.0-23
hp insight_diagnostics 7.4.0-11
hp insight_diagnostics 7.7.0-142
hp insight_diagnostics 7.5.0-14
hp insight_diagnostics 7.8.0-159
hp insight_diagnostics 6.3.0-15
hp insight_diagnostics 6.3.1-1
hp insight_diagnostics 7.0.0-30
hp insight_diagnostics 7.9.1-15
hp insight_diagnostics 7.9.0-105
hp insight_diagnostics 7.0.1-8
hp insight_diagnostics *
CVE-2010-3004 HIGH

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_agent 8.60
hp operations_agent 7.36
CVE-2010-3005 MEDIUM

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_agent 8.60
hp operations_agent 7.36
CVE-2010-3006 HIGH

Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp proliant_g6_lights-out_100_remote_management *
CVE-2010-3007 HIGH

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_express 3.1
hp data_protector_express 4.0
hp data_protector_express 3.5
CVE-2010-3008 HIGH

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_express 3.1
hp data_protector_express 4.0
hp data_protector_express 3.5
CVE-2010-3009 HIGH

Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 6.1
hp system_management_homepage 6.0
CVE-2010-3010 MEDIUM

Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp 3com_officeconnect_gigabit_vpn_firewall_software 1.0.8
hp 3com_officeconnect_gigabit_vpn_firewall_software *
hp 3crevf100-73 *
CVE-2010-3011 MEDIUM

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2010-3012 MEDIUM

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2010-3283 MEDIUM

Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.14.204
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2010-3284 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.14.204
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2010-3285 MEDIUM

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2010-3286 MEDIUM

Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager 6.0
hp systems_insight_manager 6.1
CVE-2010-3287 HIGH

Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp procurve_msm422_access_point *
hp procurve_msm730_access_controller *
hp procurve_access_point_software 5.4.0
hp procurve_miltope_dual_radio_access_point *
hp procurve_msm310_access_point *
hp procurve_access_point_software 5.1.3
hp procurve_msm320-r_access_point *
hp procurve_msm710_access_controller *
hp procurve_access_point_software 5.2.7
hp procurve_msm730_mobility_controller *
hp procurve_access_point_software 5.1.6
hp procurve_access_point_software 5.2.0
hp procurve_access_point_software 5.2.4
hp procurve_access_point_software 5.3.0
hp procurve_msm310-r_access_point *
hp procurve_msm325_access_point *
hp procurve_access_point_software 5.3.4
hp procurve_msm320_access_point *
hp procurve_access_point_software 5.3.1
hp procurve_msm750_access_controller *
hp procurve_msm335_access_point *
hp procurve_access_point_software 5.1.4
hp procurve_access_point_software 5.3.2
hp procurve_msm710_mobility_controller *
hp procurve_access_point_software 5.1.0
hp procurve_access_point_software 5.2.2
hp procurve_access_point_software 5.2.1
hp procurve_access_point_software 5.2.6
hp procurve_msm750_mobility_controller *
hp procurve_access_point_software 5.2.5
hp procurve_access_point_software 5.3.3
hp procurve_access_point_software 5.1.7
hp procurve_msm410_access_point *
hp procurve_multi_service_access_point_miltope_nmap *
hp procurve_access_point_software 5.3.5
hp procurve_access_point_software 5.1.2
hp procurve_m110_access_point *
hp procurve_access_point_software 5.1.8
hp procurve_access_point_software 5.1.9
CVE-2010-3288 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.0
hp systems_insight_manager 6.0
hp systems_insight_manager 4.2
hp systems_insight_manager 4.1
hp systems_insight_manager *
hp systems_insight_manager 4.0
CVE-2010-3289 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.2
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 6.0
hp systems_insight_manager 4.2
hp systems_insight_manager 5.1
hp systems_insight_manager 4.1
hp systems_insight_manager 2.5.2.0
hp systems_insight_manager 5.3
hp systems_insight_manager *
hp systems_insight_manager 4.0
CVE-2010-3290 MEDIUM

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager 5.2
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 6.0
hp systems_insight_manager 4.2
hp systems_insight_manager 5.1
hp systems_insight_manager 4.1
hp systems_insight_manager 2.5.2.0
hp systems_insight_manager 5.3
hp systems_insight_manager *
hp systems_insight_manager 4.0
CVE-2010-3291 MEDIUM

Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp assetcenter ac_5.03
hp assetmanager am_5.22
hp assetmanager 5.2
hp assetcenter 5.0
hp assetmanager am_5.12
hp assetmanager 5.1
CVE-2010-3985 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp operations_orchestration *
hp operations_orchestration 7.2
hp operations_orchestration 7.1
CVE-2010-3986 MEDIUM

Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp virtual_connect_enterprise_manager 6.0
hp virtual_connect_enterprise_manager 6.1
CVE-2010-3987 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_virtual_machine_management 6.1
hp insight_control_virtual_machine_management 6.0
hp insight_control_virtual_machine_management 6.0.1
hp insight_control_virtual_machine_management *
hp insight_control_virtual_machine_management 6.0.2
CVE-2010-3988 MEDIUM

Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_virtual_machine_management 6.1
hp insight_control_virtual_machine_management 6.0
hp insight_control_virtual_machine_management 6.0.1
hp insight_control_virtual_machine_management *
hp insight_control_virtual_machine_management 6.0.2
CVE-2010-3989 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_control_virtual_machine_management 6.1
hp insight_control_virtual_machine_management 6.0
hp insight_control_virtual_machine_management 6.0.1
hp insight_control_virtual_machine_management *
hp insight_control_virtual_machine_management 6.0.2
CVE-2010-3990 MEDIUM

Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp virtual_server_environment 6.0.1
hp virtual_server_environment 6.0.2
hp virtual_server_environment *
hp virtual_server_environment 6.1
hp virtual_server_environment 6.0
CVE-2010-3991 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_server_migration 6.1
hp insight_control_server_migration *
hp insight_control_server_migration 6.0
hp insight_control_server_migration 6.0.2
hp insight_control_server_migration6.0.1 *
CVE-2010-3992 HIGH

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_migration 6.1
hp insight_control_server_migration *
hp insight_control_server_migration 6.0
hp insight_control_server_migration 6.0.2
hp insight_control_server_migration6.0.1 *
CVE-2010-3993 MEDIUM

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_migration 6.1
hp insight_control_server_migration *
hp insight_control_server_migration 6.0
hp insight_control_server_migration 6.0.2
hp insight_control_server_migration6.0.1 *
CVE-2010-3994 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp version_control_repository_manager 1.0.2289.0
hp version_control_repository_manager 1.0.3086.0
hp version_control_repository_manager 1.0.1288.1
hp version_control_repository_manager 6.1
hp version_control_repository_manager 2.0.1.30
hp version_control_repository_manager 6.0.2
hp version_control_repository_manager 2.1.1.710
hp version_control_repository_manager 2.1.1.720
hp version_control_repository_manager 1.0.2241.0
hp hp version_control_repository_manager
hp version_control_repository_manager *
hp version_control_repository_manager 1.0.3085.0
hp version_control_repository_manager 6.0.1
hp version_control_repository_manager 1.0.2345.0
hp version_control_repository_manager 2.0.0.50
CVE-2010-4023 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_power_management *
hp insight_control_power_management 6.0.2
hp insight_control_power_management 6.0
hp insight_control_power_management 6.1
hp insight_control_power_management 6.0.1
CVE-2010-4024 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_control_power_management *
hp insight_control_power_management 6.0.2
hp insight_control_power_management 6.0
hp insight_control_power_management 6.1
hp insight_control_power_management 6.0.1
CVE-2010-4025 HIGH

Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp palm_webos 1.4.1
CVE-2010-4026 MEDIUM

Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp palm_webos 1.4.1
CVE-2010-4027 MEDIUM

Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp palm_webos 1.4.1
CVE-2010-4028 HIGH

Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 7.6
hp loadrunner 9.0
hp loadrunner 7.5
hp loadrunner 7.51
hp loadrunner 8.14
hp loadrunner 7.0
hp loadrunner 8.0
hp loadrunner *
hp loadrunner 7.02
hp loadrunner 8.13
hp loadrunner 7.8
hp loadrunner_web_tours 9.10
hp loadrunner 8.12
CVE-2010-4029 HIGH

Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_essentials 6.0.2
hp storage_essentials 5.1
hp storage_essentials 6.1
hp storage_essentials 6.0
hp storage_essentials *
hp storage_essentials 6.0.3
hp storage_essentials 6.0.4
CVE-2010-4030 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_performance_management 5.0
hp insight_control_performance_management 5.2.2
hp insight_control_performance_management 5.2
hp insight_control_performance_management *
hp insight_control_performance_management 6.0
CVE-2010-4031 HIGH

Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_performance_management 5.0
hp insight_control_performance_management 5.2.2
hp insight_control_performance_management 5.2
hp insight_control_performance_management *
hp insight_control_performance_management 6.0
CVE-2010-4032 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_control_performance_management 5.0
hp insight_control_performance_management 5.2.2
hp insight_control_performance_management 5.2
hp insight_control_performance_management *
hp insight_control_performance_management 6.0
CVE-2010-4100 MEDIUM

Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_performance_management 5.0
hp insight_control_performance_management 5.2.2
hp insight_control_performance_management 5.2
hp insight_control_performance_management *
hp insight_control_performance_management 6.0
CVE-2010-4101 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_recovery 6.0
hp insight_recovery 1.0
hp insight_recovery *
CVE-2010-4102 MEDIUM

Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_recovery 6.0
hp insight_recovery 1.0
hp insight_recovery *
CVE-2010-4103 MEDIUM

Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_managed_system_setup_wizard *
hp insight_managed_system_setup_wizard 6.0
hp insight_managed_system_setup_wizard 6.0.1
CVE-2010-4104 MEDIUM

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_orchestration *
hp insight_orchestration 6.0
CVE-2010-4105 MEDIUM

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_orchestration *
hp insight_orchestration 6.0
CVE-2010-4106 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_control_for_linux 2.11
hp insight_control_for_linux 6.0
hp insight_control_for_linux 2.10.01
hp insight_control_for_linux *
hp insight_control_for_linux 2.10
hp insight_control_for_linux 2.00.01
hp insight_control_for_linux 2.00
CVE-2010-4107 HIGH

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp laserjet_4200 *
hp laserjet_4300 *
hp laserjet_8150 *
hp laserjet_5100 *
hp laserjet_mfp *
hp laserjet_4100 *
hp 9000 *
hp color_laserjet_mfp *
CVE-2010-4108 MEDIUM

HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2010-4109 MEDIUM

Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp palm_webos *
hp palm_webos 1.4.1
CVE-2010-4110 MEDIUM

Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openvms 8.3
hp openvms 8.3-1h1
hp openvms 8.4
CVE-2010-4111 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_diagnostics 8.3.0.3320
hp insight_diagnostics 7.5.5-1
hp insight_diagnostics 8.0.0.2587
hp insight_diagnostics 7.6.0-23
hp insight_diagnostics 7.9.0.2359
hp insight_diagnostics 7.5.0-14
hp insight_diagnostics 7.8.0-159
hp insight_diagnostics 6.3.0-15
hp insight_diagnostics 8.4.0.3521
hp insight_diagnostics 8.2.0.3058
hp insight_diagnostics 6.3.1-1
hp insight_diagnostics 7.0.0-30
hp insight_diagnostics 7.0.1.1219
hp insight_diagnostics 7.8.0.2257
hp insight_diagnostics 7.9.0-105
hp insight_diagnostics 8.1.0-136
hp insight_diagnostics 8.3.1-105
hp insight_diagnostics 7.5.5.1681
hp insight_diagnostics 7.7.0.2112
hp insight_diagnostics 7.4.0.1570
hp insight_diagnostics 7.6.0.1984
hp insight_diagnostics 8.1.0.2718
hp insight_diagnostics 8.3.0-14
hp insight_diagnostics 7.5.0.1679
hp insight_diagnostics 8.1.1.2784
hp insight_diagnostics 7.4.0-11
hp insight_diagnostics 8.4.0-18
hp insight_diagnostics 7.7.0-142
hp insight_diagnostics 6.3.0.878
hp insight_diagnostics 8.1.5-311
hp insight_diagnostics 7.9.1-15
hp insight_diagnostics 7.0.0.1198
hp insight_diagnostics 8.2.5.3157
hp insight_diagnostics 8.1.1-206
hp insight_diagnostics 8.1.5.2890
hp insight_diagnostics 8.0.0-210
hp insight_diagnostics 6.3.1.887
hp insight_diagnostics 7.9.1.2401
hp insight_diagnostics 7.0.1-8
hp insight_diagnostics *
CVE-2010-4112 MEDIUM

HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp insight_management_agents 7.0.0.0
hp insight_management_agents 7.10.0.0
hp insight_management_agents 8.0.0.0
hp insight_management_agents 8.40.0.0
hp insight_management_agents 8.10.0.0
hp insight_management_agents 7.91.0.0
hp insight_management_agents 8.30.0.0
hp insight_management_agents 6.40.0.0
hp insight_management_agents 7.41.0.0
hp insight_management_agents 7.60.0.0
hp insight_management_agents 8.11.0.0
hp insight_management_agents 7.80.0.0
hp insight_management_agents 7.50.0.0
hp insight_management_agents 7.40.0.0
hp insight_management_agents 6.30.0.0
hp insight_management_agents 7.20.0.0
hp insight_management_agents 7.70.0.0
hp insight_management_agents 6.31.0.0
hp insight_management_agents 7.51.0.0
hp insight_management_agents 7.40.1.0
hp insight_management_agents 7.95.0.0
hp insight_management_agents 8.20.0.0
hp insight_management_agents 8.50.0.0
hp insight_management_agents *
hp insight_management_agents 7.30.0.0
hp insight_management_agents 8.26.0.0
hp insight_management_agents 8.1.0.0
hp insight_management_agents 8.15.0.0
hp insight_management_agents 7.90.0.0
hp insight_management_agents 8.22.0.0
CVE-2010-4113 HIGH

Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp power_manager 4.2.5
hp power_manager *
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
CVE-2010-4114 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp discovery&dependency_mapping_inventory 7.50
hp discovery&dependency_mapping_inventory 2.50
hp discovery&dependency_mapping_inventory 2.51
hp discovery&dependency_mapping_inventory 7.51
hp discovery&dependency_mapping_inventory 7.60
hp discovery&dependency_mapping_inventory 2.52
CVE-2010-4115 HIGH

HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
hp storageworks_modular_smart_array_p2000_g3_firmware ts201r014
hp storageworks_modular_smart_array_p2000_g3_firmware ts100p002
hp storageworks_modular_smart_array_p2000_g3_firmware ts100r011
hp storageworks_modular_smart_array_p2000_g3_firmware ts200r005
hp storageworks_modular_smart_array_p2000_g3_firmware ts100r025
hp storageworks_modular_smart_array_p2000_g3_firmware ts201r015
CVE-2010-4116 HIGH

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x before 5.2.2.1771.2 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storageworks_storage_mirroring 5.1
hp storageworks_storage_mirroring 5.2
hp storageworks_storage_mirroring 5.2.1
hp storageworks_storage_mirroring 5.0
CVE-2010-4267 HIGH

Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 1.6.7
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.10.9
CVE-2010-4494 HIGH

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_eus 6.3
opensuse opensuse 11.2
apple mac_os_x *
suse suse_linux_enterprise_server 11
xmlsoft libxml2 *
hp rapid_deployment_pack *
hp insight_control_server_deployment *
apple safari *
opensuse opensuse 11.3
redhat enterprise_linux_workstation 6.0
apple itunes *
debian debian_linux 5.0
google chrome *
redhat enterprise_linux_server 6.0
apache openoffice *
fedoraproject fedora 14
apple iphone_os *
CVE-2011-0261 HIGH

Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0262 HIGH

Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0263 HIGH

Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0264 HIGH

Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0265 HIGH

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0266 HIGH

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0267 HIGH

Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0268 HIGH

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0269 HIGH

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0270 HIGH

Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0271 HIGH

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-0272 HIGH

Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 9.52
CVE-2011-0273 HIGH

Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector_cell_manager 6.11
CVE-2011-0274 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp business_availability_center 8.0
hp business_availability_center 7.0
hp business_availability_center 7.55
hp business_service_management 9.01
hp business_availability_center 8.05
CVE-2011-0275 HIGH

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.0
hp openview_storage_data_protector 6.11
CVE-2011-0276 HIGH

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_performance_insight 5.4
hp openview_performance_insight 5.41
hp openview_performance_insight 5.2
hp openview_performance_insight 5.31
hp openview_performance_insight 5.3
CVE-2011-0277 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp power_manager 4.2.5
hp power_manager 4.2.9
hp power_manager *
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
CVE-2011-0278 MEDIUM

Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp web_jetadmin 10.2
CVE-2011-0279 LOW

HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp multifunction_peripheral_digital_sending_software 4.91.00
CVE-2011-0280 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp power_manager 4.2.5
hp power_manager 4.2.9
hp power_manager *
hp power_manager 4.2.6
hp power_manager 4.2.7
hp power_manager 4.2.8
CVE-2011-0514 MEDIUM

The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp data_protector_manager 6.11
CVE-2011-0770 MEDIUM

Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_c3200_appliance *
hp windows_event_log_smartconnector *
hp arcsight_c1300_appliance *
hp arcsight_c5200_appliance *
hp arcsight_c3400_appliance *
hp arcsight_c1000_appliance *
hp arcsight_c5400_appliance *
CVE-2011-0889 HIGH

Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp client_automation_enterprise 7.2
hp client_automation_enterprise 5.11
hp client_automation_enterprise 7.9
hp client_automation_enterprise 7.5
hp client_automation_enterprise 7.8
CVE-2011-0890 MEDIUM

HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp discovery&dependency_mapping_inventory 7.50
hp discovery&dependency_mapping_inventory 7.51
hp discovery&dependency_mapping_inventory 7.61
hp discovery&dependency_mapping_inventory 7.60
hp discovery&dependency_mapping_inventory 7.70
hp discovery&dependency_mapping_inventory 9.30
CVE-2011-0891 MEDIUM

Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2011-0892 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp diagnostics 7.5
hp diagnostics 8.0
CVE-2011-0893 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp operations 9.10
CVE-2011-0894 MEDIUM

Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations 9.10
CVE-2011-0895 MEDIUM

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 8.13.006
hp network_node_manager_i 8.10
hp network_node_manager_i 8.11.002
hp network_node_manager_i 8.12.004
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 8.13.005
hp network_node_manager_i 9.0
hp network_node_manager_i 9.02
CVE-2011-0896 MEDIUM

Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nfs/oncplus b.11.31.09.02
hp nfs/oncplus b.11.31.03
hp nfs/oncplus b.11.31.01
hp nfs/oncplus b.11.31.06
hp nfs/oncplus b.11.31.05
hp hp-ux b.11.31
hp nfs/oncplus b.11.31.07
hp nfs/oncplus b.11.31.02
hp nfs/oncplus b.11.31.04
hp nfs/oncplus b.11.31.08
hp nfs/oncplus b.11.31.07.01
hp nfs/oncplus *
hp nfs/oncplus b.11.31.09
CVE-2011-0897 MEDIUM

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 allows local users to read arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.00
CVE-2011-0898 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.00
CVE-2011-0921 HIGH

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2011-0922 HIGH

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2011-0923 HIGH

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2011-0924 HIGH

The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2011-1514 MEDIUM

The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.20
hp openview_storage_data_protector 6.11
CVE-2011-1515 MEDIUM

The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.20
hp openview_storage_data_protector 6.11
CVE-2011-1531 MEDIUM

The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp photosmart_d110 *
hp photosmart_premium_fax_all-in-one *
hp photosmart_premium_c310 *
hp photosmart_premium_c510 *
hp envy_100_d410 *
hp photosmart_b110 *
hp photosmart_plus_b210 *
CVE-2011-1532 HIGH

Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp photosmart_d110 *
hp photosmart_premium_fax_all-in-one *
hp photosmart_premium_c310 *
hp photosmart_premium_c510 *
hp envy_100_d410 *
hp photosmart_b110 *
hp photosmart_plus_b210 *
CVE-2011-1533 MEDIUM

Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp photosmart_d110 *
hp photosmart_premium_fax_all-in-one *
hp photosmart_premium_c310 *
hp photosmart_premium_c510 *
hp envy_100_d410 *
hp photosmart_b110 *
hp photosmart_plus_b210 *
CVE-2011-1534 MEDIUM

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.00
hp network_node_manager_i 9.0.0
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
hp network_node_manager_i 9.02
CVE-2011-1535 MEDIUM

Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_for_linux 2.11
hp insight_control_for_linux 6.0
hp insight_control_for_linux 6.1
hp insight_control_for_linux 2.10.01
hp insight_control_for_linux *
hp insight_control_for_linux 2.10
hp insight_control_for_linux 2.00.01
hp insight_control_for_linux 2.00
CVE-2011-1536 MEDIUM

Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp performance_insight 5.2
hp performance_insight 5.1.2
hp performance_insight 5.41.002
hp performance_insight 5.41
hp performance_insight 5.0
hp performance_insight 5.1
hp performance_insight 5.1.1
hp performance_insight 5.3
hp performance_insight 5.4
CVE-2011-1537 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp proliant_support_pack *
hp proliant_support_pack 8.5
CVE-2011-1538 MEDIUM

Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp proliant_support_pack *
hp proliant_support_pack 8.5
CVE-2011-1539 MEDIUM

Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp proliant_support_pack *
hp proliant_support_pack 8.5
CVE-2011-1540 HIGH

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.14.204
hp system_management_homepage 6.2.2.7
hp system_management_homepage 6.2.0-12
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.2.0.13
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 6.2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 6.2
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.2.1-14
hp system_management_homepage 6.2.2-2
hp system_management_homepage 6.0
CVE-2011-1541 HIGH

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.14.204
hp system_management_homepage 6.2.2.7
hp system_management_homepage 6.2.0-12
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.2.0.13
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 6.2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 6.2
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.2.1-14
hp system_management_homepage 6.2.2-2
hp system_management_homepage 6.0
CVE-2011-1542 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 6.0
hp systems_insight_manager 5.1
hp systems_insight_manager 5.3
hp systems_insight_manager *
hp systems_insight_manager 4.0
hp systems_insight_manager 5.2
hp systems_insight_manager 4.2
hp systems_insight_manager 4.1
hp systems_insight_manager 6.1
hp systems_insight_manager 2.5.2.0
CVE-2011-1543 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp systems_insight_manager 2.5
hp systems_insight_manager 5.0
hp systems_insight_manager 6.0
hp systems_insight_manager 5.1
hp systems_insight_manager 5.3
hp systems_insight_manager *
hp systems_insight_manager 4.0
hp systems_insight_manager 5.2
hp systems_insight_manager 4.2
hp systems_insight_manager 4.1
hp systems_insight_manager 6.1
hp systems_insight_manager 2.5.2.0
CVE-2011-1544 MEDIUM

Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_performance_management 5.0
hp insight_control_performance_management 5.2.2
hp insight_control_performance_management 5.2
hp insight_control_performance_management *
hp insight_control_performance_management 6.0
hp insight_control_performance_management 6.1
CVE-2011-1545 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_control_performance_management 5.0
hp insight_control_performance_management 5.2.2
hp insight_control_performance_management 5.2
hp insight_control_performance_management *
hp insight_control_performance_management 6.0
hp insight_control_performance_management 6.1
CVE-2011-1724 MEDIUM

Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp virtual_server_environment 6.0.1
hp virtual_server_environment *
hp virtual_server_environment 6.0
CVE-2011-1725 MEDIUM

Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_automation 7.6
hp network_automation 9.10
hp network_automation 7.5
hp network_automation 9.0
hp network_automation 7.2
CVE-2011-1726 MEDIUM

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp sitescope 11.01
hp sitescope 10.13
hp sitescope 11.1
hp sitescope 9.54
CVE-2011-1727 MEDIUM

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp sitescope 11.01
hp sitescope 10.13
hp sitescope 11.1
hp sitescope 9.54
CVE-2011-1728 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1729 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1730 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1731 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1732 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1733 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1734 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1735 HIGH

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1736 HIGH

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11
CVE-2011-1737 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp palm_webos 1.4.5.1
hp palm_webos 1.4.5
CVE-2011-1738 HIGH

HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp palm_webos 1.4.5.1
hp palm_webos 1.4.5
CVE-2011-1848 HIGH

Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1849 HIGH

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1850 HIGH

Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1851 HIGH

Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1852 HIGH

Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1853 HIGH

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1854 HIGH

Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.0
CVE-2011-1855 MEDIUM

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.00
hp network_node_manager_i 9.0.0
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
hp network_node_manager_i 9.02
CVE-2011-1856 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp business_availability_center 8.0
hp business_availability_center 7.0
hp business_availability_center 7.55
hp business_availability_center 8.03
hp business_availability_center *
hp business_availability_center 8.04
hp business_availability_center 8.01
hp business_availability_center 8.05
hp business_availability_center 8.02
CVE-2011-1857 HIGH

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1858 MEDIUM

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1859 MEDIUM

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1860 MEDIUM

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1861 HIGH

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1862 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1863 HIGH

HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.02
hp service_manager 7.11
hp service_manager 9.20
hp service_center 6.2.8
CVE-2011-1864 HIGH

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.0
hp openview_storage_data_protector 6.11
CVE-2011-1865 HIGH

Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.20
hp openview_storage_data_protector 6.11
CVE-2011-1866 HIGH

Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.20
hp openview_storage_data_protector 6.11
CVE-2011-1867 HIGH

Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center *
hp endpoint_admission_defense 5.0
hp user_access_manager 5.0
CVE-2011-2328 MEDIUM

Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp loadrunner *
CVE-2011-2331 HIGH

Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
hp intelligent_management_center *
CVE-2011-2398 MEDIUM

Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2011-2399 HIGH

Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector 6.10
hp data_protector *
CVE-2011-2400 MEDIUM

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp sitescope 11.01
hp sitescope 10.00
hp sitescope 10.13
hp sitescope 11.1
hp sitescope 9.54
hp sitescope 9.0
CVE-2011-2401 HIGH

Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp sitescope 11.01
hp sitescope 10.00
hp sitescope 10.13
hp sitescope 11.1
hp sitescope 9.54
hp sitescope 9.0
CVE-2011-2402 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_automation 7.6
hp network_automation 9.10
hp network_automation 7.5
hp network_automation 9.0
hp network_automation 7.2
CVE-2011-2403 MEDIUM

SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp network_automation 7.6
hp network_automation 9.10
hp network_automation 7.5
hp network_automation 9.0
hp network_automation 7.2
CVE-2011-2404 HIGH

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp easy_printer_care_software *
CVE-2011-2405 HIGH

The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp proliant_sl_advanced_power_manager *
hp proliant_sl_advanced_power_manager_firmware 1.10
hp proliant_sl_advanced_power_manager_firmware *
CVE-2011-2406 LOW

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp openview_performance_insight 5.4
hp openview_performance_insight 5.41.002
hp openview_performance_insight 5.41
hp openview_performance_insight 5.31
hp openview_performance_insight 5.41.001
hp openview_performance_insight 5.3
CVE-2011-2407 MEDIUM

Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_performance_insight 5.4
hp openview_performance_insight 5.41.002
hp openview_performance_insight 5.41
hp openview_performance_insight 5.31
hp openview_performance_insight 5.41.001
hp openview_performance_insight 5.3
CVE-2011-2408 MEDIUM

Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp palm_webos 3.0.0
CVE-2011-2409 MEDIUM

Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp palm_webos 3.0.0
CVE-2011-2410 MEDIUM

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp openview_performance_insight 5.4
hp openview_performance_insight 5.41.002
hp openview_performance_insight 5.41
hp openview_performance_insight 5.31
hp openview_performance_insight 5.41.001
hp openview_performance_insight 5.3
CVE-2011-2411 HIGH

Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nonstop_server_software h06.19.03
hp nonstop_server_software j06.09.01
hp nonstop_server_software j06.10.02
hp nonstop_server_software h06.21.00
hp nonstop_server_software j06.12.00
hp nonstop_server_software j06.08.00
hp nonstop_server_software j06.08.01
hp nonstop_server_software h06.20.00
hp nonstop_server_software h06.15.00
hp nonstop_server_software h06.18.01
hp nonstop_server_software j06.05.01
hp nonstop_server_software j06.09.00
hp nonstop_server_software j06.10.01
hp nonstop_server_software h06.17.03
hp nonstop_server_software h06.20.03
hp nonstop_server_software j06.09.02
hp nonstop_server_software h06.23.00
hp nonstop_server_software j06.08.02
hp nonstop_server_software j06.04.00
hp nonstop_server *
hp nonstop_server_software h06.17.02
hp nonstop_server_software h06.16.01
hp nonstop_server_software h06.16.02
hp nonstop_server_software h06.21.01
hp nonstop_server_software j06.10.00
hp nonstop_server_software h06.22.01
hp nonstop_server_software h06.19.01
hp nonstop_server_software h06.15.02
hp nonstop_server_software j06.09.03
hp nonstop_server_software h06.18.02
hp nonstop_server_software j06.11.00
samba samba *
hp nonstop_server_software j06.06.03
hp nonstop_server_software h06.16.00
hp nonstop_server_software j06.05.00
hp nonstop_server_software j06.06.02
hp nonstop_server_software h06.19.00
hp nonstop_server_software h06.17.01
hp nonstop_server_software j06.07.01
hp nonstop_server_software h06.17.00
hp nonstop_server_software j06.07.00
hp nonstop_server_software j06.04.01
hp nonstop_server_software j06.04.02
hp nonstop_server_software h06.15.01
hp nonstop_server_software h06.20.02
hp nonstop_server_software j06.08.03
hp nonstop_server_software h06.18.00
hp nonstop_server_software j06.06.01
hp nonstop_server_software j06.05.02
hp nonstop_server_software j06.07.02
hp nonstop_server_software h06.19.02
hp nonstop_server_software h06.20.01
hp nonstop_server_software j06.06.00
hp nonstop_server_software j06.11.01
hp nonstop_server_software h06.22.00
hp nonstop_server_software h06.21.02
CVE-2011-2412 HIGH

Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp business_service_automation_essentials 2.01
CVE-2011-2608 MEDIUM

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp openview_performance_agent 5.0
hp operations_agent 8.60.007
hp operations_agent 8.60.008
hp operations_agent 8.53
hp operations_agent 11.0
hp operations_agent 8.60.006
hp operations_agent 8.60.501
hp operations_agent 8.60.005
hp openview_performance_agent 4.70
CVE-2011-2697 MEDIUM

foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.11.5
CVE-2011-2722 LOW

The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.11.3
hp linux_imaging_and_printing_project 3.9.10
hp linux_imaging_and_printing_project *
hp linux_imaging_and_printing_project 3.10.2
hp linux_imaging_and_printing_project 3.10.5
hp linux_imaging_and_printing_project 3.10.6
hp linux_imaging_and_printing_project 3.11.7
hp linux_imaging_and_printing_project 3.9.2
hp linux_imaging_and_printing_project 3.9.12
hp linux_imaging_and_printing_project 3.9.6
hp linux_imaging_and_printing_project 3.11.1
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.9.4b
hp linux_imaging_and_printing_project 3.10.9
hp linux_imaging_and_printing_project 3.9.4
hp linux_imaging_and_printing_project 3.11.3a
CVE-2011-2779 LOW

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp arcsight_c3200_appliance *
hp windows_event_log_smartconnector *
hp arcsight_c1300_appliance *
hp arcsight_c5200_appliance *
hp arcsight_c3400_appliance *
hp arcsight_c1000_appliance *
hp arcsight_c5400_appliance *
CVE-2011-3155 MEDIUM

Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp onboard_administrator 3.21
hp onboard_administrator 3.31
hp onboard_administrator 3.30
CVE-2011-3156 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3157 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3158 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3159 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3160 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3161 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3162 HIGH

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_for_personal_computers 7.0
hp data_protector_notebook_extension 6.20
CVE-2011-3163 LOW

HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp multifunction_peripheral_digital_sending_software 4.91.20
hp multifunction_peripheral_digital_sending_software 4.91.21
CVE-2011-3164 MEDIUM

Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux_containers a.03.01
hp hp-ux_containers a.03.00
hp hp-ux_containers a.03.00.002
CVE-2011-3165 HIGH

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-3166 HIGH

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-3167 HIGH

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openview_network_node_manager 7.53
hp openview_network_node_manager 7.51
CVE-2011-3168 MEDIUM

Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp tcp_ip_services_openvms 5.6
hp tcp_ip_services_openvms 5.7
CVE-2011-3169 MEDIUM

Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp tcp_ip_services_openvms 5.6
hp tcp_ip_services_openvms 5.7
CVE-2011-3846 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp system_management_homepage 6.2.2.7
CVE-2011-4155 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 9.10
hp network_node_manager_i 9.02
CVE-2011-4156 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 9.10
hp network_node_manager_i 9.02
CVE-2011-4157 HIGH

Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp san/iq *
hp centralized_management_console_software 7.0.01
hp san/iq 8.5
hp centralized_management_console_software 8.0
hp san/iq 8.0
hp san/iq 8.1
hp centralized_management_console_software 8.1
hp centralized_management_console_software 8.5
hp storageworks_p4000_virtual_san_appliance *
hp centralized_management_console_software *
CVE-2011-4158 MEDIUM

Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp directories_support_for_proliant_management_processors 3.20
hp directories_support_for_proliant_management_processors 3.10
CVE-2011-4159 MEDIUM

Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp event_monitoring_service *
CVE-2011-4160 LOW

Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp performance_agent 4.73
hp operations_agent 11.0
hp performance_agent 5.0
CVE-2011-4161 HIGH

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp color_laserjet_enterprise_cp4525 *
hp laserjet_4240 *
hp laserjet_enterprise_600 m601
hp color_laserjet_4730_mfp *
hp laserjet_4350 *
hp color_laserjet_cm6040 *
hp laserjet_m9040 *
hp color_laserjet_3800 *
hp color_laserjet_cp3505 *
hp color_laserjet_cp3525 *
hp color_laserjet_cm6030 *
hp color_laserjet_4730 mfp
hp laserjet_p4515 *
hp color_laserjet_cm4730 mfp
hp laserjet_9040 *
hp laserjet_enterprise_600 m603
hp laserjet_p4014 *
hp laserjet_enterprise_500_color m551
hp laserjet_m5035 *
hp color_laserjet_4700 *
hp color_laserjet_cp6015 *
hp laserjet_4345_mfp *
hp laserjet_5200 *
hp color_laserjet_cp4005 *
hp laserjet_4250 *
hp laserjet_m3035 *
hp color_laserjet_cp5525 *
hp laserjet_p4015 *
hp laserjet_m9050 *
hp laserjet_p3005 *
hp color_laserjet_enterprise_cp4520 *
hp color_laserjet_cm4540 mfp
hp digital_sender_9200c *
hp color_mfp_cm8060 -
hp digital_sender_9250c *
hp laserjet_enterprise_m4555 mfp
hp color_laserjet_9500 *
hp laserjet_9050 *
hp color_laserjet_5550 *
hp color_laserjet_cm3530 *
hp laserjet_enterprise_600 m602
hp color_laserjet_3000 *
hp laserjet_enterprise_p3015 *
CVE-2011-4162 HIGH

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp protecttools_device_access_manager 6.0.0.9
hp protecttools_device_access_manager 6.0.0.10
hp protecttools_device_access_manager *
CVE-2011-4163 HIGH

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp database_archiving_software 6.31
CVE-2011-4164 HIGH

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp database_archiving_software 6.31
CVE-2011-4165 HIGH

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp database_archiving_software 6.31
CVE-2011-4166 HIGH

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp managed_printing_administration *
CVE-2011-4167 HIGH

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp managed_printing_administration *
CVE-2011-4168 HIGH

Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp managed_printing_administration *
CVE-2011-4169 HIGH

Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp managed_printing_administration *
CVE-2011-4785 HIGH

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp hp-chaisoe 1.0
CVE-2011-4786 HIGH

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp easy_printer_care_software *
CVE-2011-4787 HIGH

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp easy_printer_care_software *
CVE-2011-4788 HIGH

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp storageworks_p2000_g3_msa_fibre_channel_dual_controller_lff_array_system ap845a
hp storageworks_p2000_g3_msa_fc/iscsi_dual_combo_controller_lff_array_system aw567a
hp storageworks_p2000_g3_msa_fibre_channel_dual_controller_sff_array_system ap846a
CVE-2011-4789 HIGH

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the vulnerable product is actually HP LoadRunner."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp diagnostics *
CVE-2011-4790 HIGH

Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_automation 7.6
hp network_automation 9.10
hp network_automation 7.5
hp network_automation 9.0
CVE-2011-4791 HIGH

DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp data_protector_media_operations 5.5
hp data_protector_media_operations 6.10
hp data_protector_media_operations *
hp data_protector_media_operations 5.1
hp data_protector_media_operations 5.0
CVE-2011-4834 MEDIUM

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp application_lifestyle_management 11
CVE-2012-0121 HIGH

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_express 6.0
hp data_protector_express 5.0
CVE-2012-0122 HIGH

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_express 6.0
hp data_protector_express 5.0
CVE-2012-0123 HIGH

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_express 6.0
hp data_protector_express 5.0
CVE-2012-0124 HIGH

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector_express 6.0
hp data_protector_express 5.0
CVE-2012-0125 LOW

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 11.31
CVE-2012-0126 MEDIUM

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux 11.11
hp hp-ux 11.23
CVE-2012-0127 HIGH

Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp performance_manager 9.00
CVE-2012-0128 MEDIUM

HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp onboard_administrator 3.21
hp onboard_administrator *
hp onboard_administrator 1.11
hp onboard_administrator 3.11
hp onboard_administrator 1.01
hp onboard_administrator 2.13
hp onboard_administrator 2.52
hp onboard_administrator 2.02
hp onboard_administrator 1.12
hp onboard_administrator 2.10
hp onboard_administrator 2.50
hp onboard_administrator 1.10
hp onboard_administrator 3.20
hp onboard_administrator 2.01
hp onboard_administrator 2.20
hp onboard_administrator 3.00
hp onboard_administrator 3.10
hp onboard_administrator 2.21
hp onboard_administrator 1.30
hp onboard_administrator 2.60
hp onboard_administrator 2.31
hp onboard_administrator 2.41
hp onboard_administrator 2.04
hp onboard_administrator 2.12
hp onboard_administrator 2.25
hp onboard_administrator 2.51
hp onboard_administrator 1.20
hp onboard_administrator 2.11
hp onboard_administrator 3.31
hp onboard_administrator 1.00
hp onboard_administrator 3.30
hp onboard_administrator 2.32
CVE-2012-0129 HIGH

HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp onboard_administrator 3.21
hp onboard_administrator *
hp onboard_administrator 1.11
hp onboard_administrator 3.11
hp onboard_administrator 1.01
hp onboard_administrator 2.13
hp onboard_administrator 2.52
hp onboard_administrator 2.02
hp onboard_administrator 1.12
hp onboard_administrator 2.10
hp onboard_administrator 2.50
hp onboard_administrator 1.10
hp onboard_administrator 3.20
hp onboard_administrator 2.01
hp onboard_administrator 2.20
hp onboard_administrator 3.00
hp onboard_administrator 3.10
hp onboard_administrator 2.21
hp onboard_administrator 1.30
hp onboard_administrator 2.60
hp onboard_administrator 2.31
hp onboard_administrator 2.41
hp onboard_administrator 2.04
hp onboard_administrator 2.12
hp onboard_administrator 2.25
hp onboard_administrator 2.51
hp onboard_administrator 1.20
hp onboard_administrator 2.11
hp onboard_administrator 3.31
hp onboard_administrator 1.00
hp onboard_administrator 3.30
hp onboard_administrator 2.32
CVE-2012-0130 MEDIUM

HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp onboard_administrator 3.21
hp onboard_administrator *
hp onboard_administrator 1.11
hp onboard_administrator 3.11
hp onboard_administrator 1.01
hp onboard_administrator 2.13
hp onboard_administrator 2.52
hp onboard_administrator 2.02
hp onboard_administrator 1.12
hp onboard_administrator 2.10
hp onboard_administrator 2.50
hp onboard_administrator 1.10
hp onboard_administrator 3.20
hp onboard_administrator 2.01
hp onboard_administrator 2.20
hp onboard_administrator 3.00
hp onboard_administrator 3.10
hp onboard_administrator 2.21
hp onboard_administrator 1.30
hp onboard_administrator 2.60
hp onboard_administrator 2.31
hp onboard_administrator 2.41
hp onboard_administrator 2.04
hp onboard_administrator 2.12
hp onboard_administrator 2.25
hp onboard_administrator 2.51
hp onboard_administrator 1.20
hp onboard_administrator 2.11
hp onboard_administrator 3.31
hp onboard_administrator 1.00
hp onboard_administrator 3.30
hp onboard_administrator 2.32
CVE-2012-0131 HIGH

Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp distributed_computing_environment 1.9
hp distributed_computing_environment 1.8
hp hp-ux b.11.11
hp hp-ux b.11.23
CVE-2012-0132 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp business_availability_center 9.01
CVE-2012-0133 LOW

HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp procurve_switch_5400zl_management_module id116as04p
hp procurve_switch_5400zl_management_module id117as00h
hp procurve_switch_5406-48gzl -
hp procurve_switch_5406zl-44g-poe+/2xg_sfp+_v2 -
hp procurve_switch_5400zl_management_module id126as0fb
hp procurve_switch_chassis_e5412zl -
hp procurve_switch_5406zl-44g-poe+/4g_sfp+_v2 -
hp procurve_switch_chassis_e5406zl -
hp procurve_switch_5406-44g-poe+-4sfpzl -
hp procurve_switch_5412-92g-poe+-4sfpzl -
hp procurve_switch_5400zl_management_module id116as0hr
hp procurve_switch_e5412zl -
hp procurve_switch_5412zl-92gg-poe+/2xg_sfp+_v2 -
hp procurve_switch_e5406zl -
hp procurve_switch_5400zl *
hp procurve_switch_5412-96gzl -
hp procurve_switch_5412zl-92g-poe+/4g_sfp+_v2 -
CVE-2012-0134 MEDIUM

Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp openvms 7.3-2
hp openvms 8.3
hp openvms 8.3-1h1
hp openvms 8.4
CVE-2012-0135 LOW

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-0697 HIGH

HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp storageworks_p2000_g3_msa *
CVE-2012-1823 HIGH

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
opensuse opensuse 11.4
suse linux_enterprise_server 11
fedoraproject fedora 40
suse linux_enterprise_software_development_kit 11
php php 5.1.0
redhat enterprise_linux_server_aus 5.3
php php 5.3.0
php php 5.2.16
php php 5.4.0
php php 5.0.1
php php 5.0.2
php php 5.1.2
php php 5.3.8
redhat enterprise_linux_eus 6.2
php php 5.1.5
php php *
hp hp-ux b.11.23
redhat enterprise_linux_server 5.0
php php 5.0.4
opensuse opensuse 12.1
php php 5.3.5
php php 5.3.3
apple mac_os_x *
php php 5.0.5
php php 5.2.12
php php 5.3.9
php php 5.2.10
php php 5.2.14
php php 5.2.2
php php 5.3.7
php php 5.3.2
php php 5.1.3
php php 5.0.0
redhat enterprise_linux_desktop 6.0
redhat application_stack 2.0
php php 5.2.17
php php 5.3.10
redhat enterprise_linux_eus 5.6
redhat storage_for_public_cloud 2.0
php php 5.1.1
redhat enterprise_linux_workstation 6.0
suse linux_enterprise_software_development_kit 10
redhat enterprise_linux_eus 6.1
redhat enterprise_linux_server 6.0
suse linux_enterprise_server 10
php php 5.2.1
php php 5.2.4
php php 5.3.1
php php 5.0.3
php php 5.2.7
php php 5.2.13
debian debian_linux 6.0
php php 5.4.1
php php 5.2.6
redhat storage 2.0
hp hp-ux b.11.31
php php 5.1.4
php php 5.1.6
php php 5.2.3
php php 5.2.8
php php 5.3.4
php php 5.2.11
redhat enterprise_linux_server_aus 5.6
fedoraproject fedora 39
php php 5.2.0
php php 5.2.9
php php 5.3.6
redhat gluster_storage_server_for_on-premise 2.0
redhat enterprise_linux_workstation 5.0
php php 5.2.5
php php 5.2.15
CVE-2012-1993 LOW

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-2000 HIGH

Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities before 9.0.0 allow remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_health_application_and_command_line_utilities 8.3.0
hp system_health_application_and_command_line_utilities 8.6.0
hp system_health_application_and_command_line_utilities 8.4.0
hp system_health_application_and_command_line_utilities 8.6.3
hp system_health_application_and_command_line_utilities 8.2.6-5.rhel5
hp system_health_application_and_command_line_utilities 8.1.1-14.rhel5
hp system_health_application_and_command_line_utilities *
hp system_health_application_and_command_line_utilities 8.1.0-104.rhel5
hp system_health_application_and_command_line_utilities 8.3.2
hp system_health_application_and_command_line_utilities 8.2.2-19.rhel5
hp system_health_application_and_command_line_utilities 8.3.1
hp system_health_application_and_command_line_utilities 8.2.0-283.rhel5
hp system_health_application_and_command_line_utilities 8.5.0
hp system_health_application_and_command_line_utilities 8.2.5-50.rhel5
CVE-2012-2001 MEDIUM

Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp snmp_agents_for_linux 8.2.6-5.sles10
hp snmp_agents_for_linux 8.2.5-50.sles10
hp snmp_agents_for_linux 8.4.0
hp snmp_agents_for_linux 8.6.0
hp snmp_agents_for_linux 8.2.0-284.sles10
hp snmp_agents_for_linux 8.1.0-110.sles10
hp snmp_agents_for_linux 8.1.1-22.sles10
hp snmp_agents_for_linux *
hp snmp_agents_for_linux 8.5.0
hp snmp_agents_for_linux 8.3.0
hp snmp_agents_for_linux 8.2.2-20.sles10
CVE-2012-2002 HIGH

Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp snmp_agents_for_linux 8.2.6-5.sles10
hp snmp_agents_for_linux 8.2.5-50.sles10
hp snmp_agents_for_linux 8.4.0
hp snmp_agents_for_linux 8.6.0
hp snmp_agents_for_linux 8.2.0-284.sles10
hp snmp_agents_for_linux 8.1.0-110.sles10
hp snmp_agents_for_linux 8.1.1-22.sles10
hp snmp_agents_for_linux *
hp snmp_agents_for_linux 8.5.0
hp snmp_agents_for_linux 8.3.0
hp snmp_agents_for_linux 8.2.2-20.sles10
CVE-2012-2003 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp insight_management_agents 7.0.0.0
hp insight_management_agents 7.10.0.0
hp insight_management_agents 8.0.0.0
hp insight_management_agents 8.40.0.0
hp insight_management_agents 8.10.0.0
hp insight_management_agents 7.91.0.0
hp insight_management_agents 8.30.0.0
hp insight_management_agents 6.40.0.0
hp insight_management_agents 7.41.0.0
hp insight_management_agents 7.60.0.0
hp insight_management_agents 8.11.0.0
hp insight_management_agents 7.80.0.0
hp insight_management_agents 7.50.0.0
hp insight_management_agents 7.40.0.0
hp insight_management_agents 8.60.0.0
hp insight_management_agents 6.30.0.0
hp insight_management_agents 7.20.0.0
hp insight_management_agents 7.70.0.0
hp insight_management_agents 8.70.0.0
hp insight_management_agents 6.31.0.0
hp insight_management_agents 7.51.0.0
hp insight_management_agents 7.40.1.0
hp insight_management_agents 7.95.0.0
hp insight_management_agents 8.20.0.0
hp insight_management_agents 8.50.0.0
hp insight_management_agents *
hp insight_management_agents 7.30.0.0
hp insight_management_agents 8.26.0.0
hp insight_management_agents 8.1.0.0
hp insight_management_agents 8.5
hp insight_management_agents 8.15.0.0
hp insight_management_agents 7.90.0.0
hp insight_management_agents 8.22.0.0
CVE-2012-2004 HIGH

Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp insight_management_agents 7.0.0.0
hp insight_management_agents 7.10.0.0
hp insight_management_agents 8.0.0.0
hp insight_management_agents 8.40.0.0
hp insight_management_agents 8.10.0.0
hp insight_management_agents 7.91.0.0
hp insight_management_agents 8.30.0.0
hp insight_management_agents 6.40.0.0
hp insight_management_agents 7.41.0.0
hp insight_management_agents 7.60.0.0
hp insight_management_agents 8.11.0.0
hp insight_management_agents 7.80.0.0
hp insight_management_agents 7.50.0.0
hp insight_management_agents 7.40.0.0
hp insight_management_agents 8.60.0.0
hp insight_management_agents 6.30.0.0
hp insight_management_agents 7.20.0.0
hp insight_management_agents 7.70.0.0
hp insight_management_agents 8.70.0.0
hp insight_management_agents 6.31.0.0
hp insight_management_agents 7.51.0.0
hp insight_management_agents 7.40.1.0
hp insight_management_agents 7.95.0.0
hp insight_management_agents 8.20.0.0
hp insight_management_agents 8.50.0.0
hp insight_management_agents *
hp insight_management_agents 7.30.0.0
hp insight_management_agents 8.26.0.0
hp insight_management_agents 8.1.0.0
hp insight_management_agents 8.5
hp insight_management_agents 8.15.0.0
hp insight_management_agents 7.90.0.0
hp insight_management_agents 8.22.0.0
CVE-2012-2005 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_management_agents 7.0.0.0
hp insight_management_agents 7.10.0.0
hp insight_management_agents 8.0.0.0
hp insight_management_agents 8.40.0.0
hp insight_management_agents 8.10.0.0
hp insight_management_agents 7.91.0.0
hp insight_management_agents 8.30.0.0
hp insight_management_agents 6.40.0.0
hp insight_management_agents 7.41.0.0
hp insight_management_agents 7.60.0.0
hp insight_management_agents 8.11.0.0
hp insight_management_agents 7.80.0.0
hp insight_management_agents 7.50.0.0
hp insight_management_agents 7.40.0.0
hp insight_management_agents 8.60.0.0
hp insight_management_agents 6.30.0.0
hp insight_management_agents 7.20.0.0
hp insight_management_agents 7.70.0.0
hp insight_management_agents 8.70.0.0
hp insight_management_agents 6.31.0.0
hp insight_management_agents 7.51.0.0
hp insight_management_agents 7.40.1.0
hp insight_management_agents 7.95.0.0
hp insight_management_agents 8.20.0.0
hp insight_management_agents 8.50.0.0
hp insight_management_agents *
hp insight_management_agents 7.30.0.0
hp insight_management_agents 8.26.0.0
hp insight_management_agents 8.1.0.0
hp insight_management_agents 8.5
hp insight_management_agents 8.15.0.0
hp insight_management_agents 7.90.0.0
hp insight_management_agents 8.22.0.0
CVE-2012-2006 MEDIUM

Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_management_agents 7.0.0.0
hp insight_management_agents 7.10.0.0
hp insight_management_agents 8.0.0.0
hp insight_management_agents 8.40.0.0
hp insight_management_agents 8.10.0.0
hp insight_management_agents 7.91.0.0
hp insight_management_agents 8.30.0.0
hp insight_management_agents 6.40.0.0
hp insight_management_agents 7.41.0.0
hp insight_management_agents 7.60.0.0
hp insight_management_agents 8.11.0.0
hp insight_management_agents 7.80.0.0
hp insight_management_agents 7.50.0.0
hp insight_management_agents 7.40.0.0
hp insight_management_agents 8.60.0.0
hp insight_management_agents 6.30.0.0
hp insight_management_agents 7.20.0.0
hp insight_management_agents 7.70.0.0
hp insight_management_agents 8.70.0.0
hp insight_management_agents 6.31.0.0
hp insight_management_agents 7.51.0.0
hp insight_management_agents 7.40.1.0
hp insight_management_agents 7.95.0.0
hp insight_management_agents 8.20.0.0
hp insight_management_agents 8.50.0.0
hp insight_management_agents *
hp insight_management_agents 7.30.0.0
hp insight_management_agents 8.26.0.0
hp insight_management_agents 8.1.0.0
hp insight_management_agents 8.5
hp insight_management_agents 8.15.0.0
hp insight_management_agents 7.90.0.0
hp insight_management_agents 8.22.0.0
CVE-2012-2007 HIGH

SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp performance_insight 5.41.001
hp performance_insight 5.41.002
hp performance_insight 5.41
hp performance_insight 5.3
CVE-2012-2008 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp performance_insight 5.41.001
hp performance_insight 5.41.002
hp performance_insight 5.41
hp performance_insight 5.3
CVE-2012-2009 HIGH

Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp performance_insight 5.41.001
hp performance_insight 5.41.002
hp performance_insight 5.41
hp performance_insight 5.3
CVE-2012-2010 MEDIUM

The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp openvms 8.3
hp openvms 8.3-1h1
hp openvms 8.4
CVE-2012-2011 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp web_jetadmin 8.1
hp web_jetadmin 8.0
CVE-2012-2012 HIGH

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-2013 HIGH

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-2014 HIGH

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-2015 HIGH

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-2016 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2012-2017 HIGH

Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp photosmart_wireless_e-all-in-one_printer_series b110
hp photosmart_ink_advantage_e-all-in-one k510
hp photosmart_plus_e-all-in-one_printer_series b210
hp photosmart_e-all-in-one_printer_series d110
hp photosmart_estation_all-in-one-printer_series c510
hp photosmart_premium_fax_e-all-in-one_printer_series c410
CVE-2012-2018 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 8.13.006
hp network_node_manager_i 8.10
hp network_node_manager_i 8.11.002
hp network_node_manager_i 8.12.004
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 8.13.005
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
hp network_node_manager_i 9.02
CVE-2012-2019 HIGH

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_agent 8.52
hp operations_agent 8.60.007
hp operations_agent *
hp operations_agent 8.53
hp operations_agent 8.60.005
hp operations_agent 8.51.102
hp operations_agent 8.60
hp operations_agent 7.36
hp operations_agent 8.60.7
hp operations_agent 8.51
hp operations_agent 8.60.008
hp operations_agent 8.60.006
hp operations_agent 8.60.501
CVE-2012-2020 HIGH

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_agent 8.52
hp operations_agent 8.60.007
hp operations_agent *
hp operations_agent 8.53
hp operations_agent 8.60.005
hp operations_agent 8.51.102
hp operations_agent 8.60
hp operations_agent 7.36
hp operations_agent 8.60.7
hp operations_agent 8.51
hp operations_agent 8.60.008
hp operations_agent 8.60.006
hp operations_agent 8.60.501
CVE-2012-2021 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp assetmanager 5.20
hp assetmanager 5.21
hp assetmanager 9.30
hp assetmanager 5.22
CVE-2012-2561 HIGH

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp business_service_management 9.12
CVE-2012-3268 LOW

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
hp 3cr17254-91 -
hp jd658a -
hp 3cr17251-91 -
hp 0235a22p -
hp 0235a38r -
hp je061a -
hp je022a -
hp je204a -
hp jd008a -
hp je070a -
hp jf428a -
hp 0235a32x -
hp jd372a -
hp jf847a -
hp jd245a -
hp jf287a -
hp jd314a -
hp 0235a08h -
hp jf801a -
hp 0235a21x -
hp 0231a86p -
hp je545a -
huawei ne5000e v800r003
hp je072a -
hp jd242a -
hp 0235a36q -
hp je093a -
hp 0235a29l -
hp je088a -
hp jd238b -
hp jf231a -
hp jd946a -
hp jg183a -
hp je106a -
hp 0150a12b -
hp jd662a -
hp jf242a -
hp jg210a -
hp 0235a10j -
hp 0235a0a7 -
hp 0235a10h -
hp jd336a -
hp 3c17302a -
hp je168a -
hp jr430b -
hp jd318a -
hp jd654a -
hp jd304a -
hp 0235a20j -
hp je069a -
hp 0235a19j -
hp 3cr17181taa-91 -
hp 0231a761 -
hp 3crs42g-24p-91 -
hp 0235a21p -
hp 3cr17343-91 -
hp 3cr17341-91 -
hp jd370a -
hp jf814a -
hp 0235a0ge -
hp jf803a -
hp 0150a12a -
hp je057a -
hp 3c17543 -
hp 3crs42g-48-91 -
hp jf239a -
hp 0235a22f -
hp 0235a22c -
hp jd922a -
hp je046a -
hp je164a -
hp 0235a25r -
hp je092a -
hp jg246a -
hp 3cr17253-91 -
hp je203a -
hp jd011a -
hp jd309a -
hp 0235a20s -
hp jd307a -
hp 0235a27r -
hp 0235a237 -
huawei atn v200r001c01
hp 3cr17333-91 -
hp 3cr17771-91 -
hp jc148a -
hp jd311a -
hp 0235a38q -
hp jd010a -
hp je012a -
hp je104a -
hp 0235a398 -
hp jd450a -
hp jg184a -
hp jd009a -
hp je090a -
hp je109a -
hp je099a -
hp jg299a -
hp 0235a0bs -
hp 0235a38p -
hp 0235a22k -
hp 3cr17162taa-91 -
hp jd026a -
hp 3c13641 -
hp je027a -
hp 0235a10d -
hp 3crbvcxmsr03a -
hp 0235a25s -
hp jd241b -
hp 3cs7902e -
hp 0231a88l -
hp jf240a -
hp 0235a10b -
hp jd670a -
hp jf552a -
hp jf430a -
hp 0235a22d -
hp 0235a0c0 -
huawei ne5000e v300r007
hp 0235a31x -
huawei me60 v600r005c00spc600
hp 0235a15j -
hp jd449a -
hp 3cr17333a-91 -
hp jg221a -
hp jd320b -
hp 0235a0a8 -
hp 3c13751 -
hp 0235a0c2 -
hp jd345a -
hp je094a -
hp jd317a -
huawei -ma5200g v300r003
hp 3crs48g-24s-91 -
hp 0235a395 -
hp je058a -
hp 3crbsg28hpwr93 -
hp 3c13640 -
hp jf813a -
hp 3cr17172taa-91 -
hp jd306a -
hp jd967a -
hp 3cr17332a-91 -
hp 0235a14w -
hp 0235a10k -
hp jg251a -
hp 3cr17561-91 -
hp jd673a -
hp 3cr17250taa-91 -
huawei ne40e&80e v600r003
hp 3cr17250-91 -
hp je097a -
hp 0235a10c -
hp je060a -
hp 3c13636 -
hp jc165a -
hp jd923a -
hp 0235a396 -
hp jg252a -
hp 0235a22e -
hp jc150a -
hp jd357a -
hp je026a -
hp jg303a -
hp 0235a31n -
hp jg245a -
hp 0235a31d -
hp jd193a -
hp jg349a -
hp 0235a29a -
hp jd916a -
hp je030a -
hp je059a -
hp 0235a36n -
hp jd273a -
hp jd335a -
hp jd655a -
hp 0231a88a -
hp 0235a26g -
hp jc056a -
hp jc474a -
hp jd664a -
hp jd665a -
hp 0150a12c -
hp jc125a -
hp jd334a -
hp jg350a -
hp 0235a10g -
hp 3cruwx500275 -
hp jg256a -
hp jd242b -
hp 0235a300 -
hp 0235a322 -
hp jc158a -
hp jd318b -
hp jd378a -
huawei me60 v600r002
hp jd448a -
hp je025a -
hp 3cr17334-91 -
hp jd671a -
hp jd371a -
hp jd657a -
hp 3c17541 -
hp 0235a37t -
hp je167a -
hp jg059a -
hp jd243a -
hp 3cr17660-91 -
hp je020a -
hp 0235a0ct -
hp jd325a -
hp jd347a -
hp jf230a -
hp je551a -
hp 3cr17572-91 -
hp jc566a -
hp jd669a -
hp je527a -
hp 0235a0g3 -
hp 0235a0e5 -
hp 3cr17762taa-91 -
hp jc099a -
hp 0235a325 -
hp jg182a -
hp je074a -
hp 0235a0gc -
hp jd302a -
hp je071a -
hp 0235a0gf -
hp 0235a17b -
hp 0235a22r -
hp 0235a38m -
hp jc178a -
hp 0235a0bx -
hp jf804a -
hp 0235a15f -
hp jd355a -
hp 0235a20l -
hp je105a -
hp 0235a0g0 -
hp rtvz33020as -
hp 0235a391 -
hp jg258a -
hp jd943a -
hp 0235a21q -
hp 0235a20r -
hp 3c13840 -
hp 3c13616 -
hp jg247a -
hp jf427a -
hp jd352a -
hp jd354a -
hp je095a -
hp jd921a -
hp 0235a19k -
hp 3cr17771taa-91 -
huawei cx600 v200r002
hp je033a -
hp jf815a -
hp je100a -
hp jc054a -
hp jf237a -
hp jc652a -
hp 3c13701 -
hp jd315a -
hp lsq1srpd0 -
hp 3cr17172-91 -
hp jc101a -
hp je102a -
hp jf283a -
hp 0235a31c -
hp jd337a -
hp 3cr17251taa-91 -
hp jg255a -
hp je029a -
hp juc653a -
hp 0235a0gd -
hp jc085a -
hp jd172a -
huawei cx600 v600r001
hp 3cr17171taa-91 -
hp jd935a -
hp jd338a -
hp 3crs45g-24-91 -
huawei me60 v100r006
hp 0235a0c4 -
hp 0235a0e7 -
hp jf812a -
hp jd469a -
hp 0235a20k -
huawei cx600 v600r003
hp 0235a22t -
hp je110a -
hp jd326a -
hp je107a -
hp 0235a268 -
hp jg223a -
hp jc697a -
hp jd350a -
hp jg253a -
hp jd275a -
hp 0235a14v -
huawei atb v200r001c00
hp jf285a -
hp jg254a -
hp jd674a -
hp jg092a -
hp 0235a324 -
hp jc613a -
hp jf800a -
hp 0235a390 -
hp 0235a41d -
hp 3crbvcxmsr08a -
hp jg312a -
hp jd468a -
hp jg225a -
hp jd329a -
hp 0235a23h -
huawei me60 v100r005
hp 0235a20p -
hp jd272a -
hp 0235a29y -
hp je021a -
huawei cx600 v600r002
hp 0235a0bq -
hp jd675a -
hp jd328a -
hp 3cr17341taa-91 -
hp jc149a -
hp jd239b -
hp jc104a -
hp 0235a320 -
hp 3c17540taa -
hp jd661a -
hp jd375a -
hp je073a -
hp jg348a -
hp jd194a -
hp jf284a -
hp jg250a -
hp je008a -
hp je064a -
hp 0235a38v -
hp 3cr17161taa-91 -
hp jd305a -
hp jg222a -
hp lsq1fwbsc0 -
hp jd239a -
hp jd249a -
hp 3cr17253taa-91 -
hp 3crbvcxmsr01a -
hp 0235a393 -
hp 0235a0g4 -
hp 3cr17171-91 -
hp 0235a23p -
hp jd379a -
hp je067a -
hp jd310a -
hp 0235a394 -
hp jf640a -
hp jg305a -
hp lsr1fw2a1 -
hp 0235a19l -
hp 3cr17331a-91 -
hp jd348a -
hp 0235a37u -
hp 0235a31p -
hp 0235a15c -
hp je006a -
hp jf228a -
hp jg241a -
hp 0235a0g6 -
hp jg311a -
hp jd333a -
hp jd432a -
hp jd433a -
hp jc611a -
hp je068a -
hp 3cr17331taa-91 -
hp jd447b -
hp jc103a -
hp je091a -
hp 3crbsg5293 -
hp 0235a20v -
hp 3crbvcxmsr02a -
hp jd330a -
huawei me60 v600r003
hp jc147b -
hp je005a -
hp jr431b -
hp 0235a38n -
hp jd308a -
hp jd356a -
hp 0235a31w -
hp 0235a397 -
hp je200a -
hp jc176a -
hp jd377a -
hp jf845a -
hp jf551a -
hp jd313b -
hp jd250a -
hp jc700a -
hp 0235a15h -
hp 3c13612 -
hp 0235a15d -
hp 3crbsg2893 -
hp je165a -
hp 3cr17571-91 -
hp je062a -
hp jg301a -
hp jc105a -
hp jg209a -
hp 0235a31b -
hp 0235a0g5 -
hp jd303a -
hp jf846a -
hp jg207a -
hp je063a -
hp 3crbvcxmsr05a -
hp 3cr17761-91 -
hp jd243b -
hp jd666a -
hp 0235a08m -
hp 0235a326 -
hp jg239a -
hp 0235a32e -
hp je103a -
hp jg214a -
hp 0235a0g2 -
hp 3cr17259-91 -
hp je528a -
hp 0235a238 -
hp jc150b -
hp jd376a -
hp jc612a -
hp jg237a -
hp 0235a0bu -
hp jc125b -
hp 3crs45g-48-91 -
hp jg242a -
hp 0150a129 -
hp jg307a -
hp jc177b -
hp je045a -
hp 0235a31r -
hp 0235a0g9 -
hp rpe-x1 -
hp jd447a -
hp 0235a08f -
hp jg315a -
hp 0235a327 -
hp jd025a -
hp 0235a16t -
hp jd676a -
hp 0235a0g7 -
hp 0235a35j -
hp je096a -
hp 3c17304a -
hp 3cr17151-91 -
hp je007a -
hp je108a -
hp 0235a08k -
hp jd029a -
hp jd331a -
hp 0235a0br -
hp jf553a -
hp jd351a -
hp jf232a -
hp jf430c -
hp jg236a -
hp 0235a269 -
hp jd024a -
hp je013a -
hp 3crbsg28pwr93 -
hp jd220a -
hp 3c13759 -
hp 0235a0bt -
hp jf806a -
hp jd346a -
hp 0235a32g -
hp jd028a -
hp jd268a -
hp jd369a -
hp jd917a -
hp jf241a -
hp 3cr17258-91 -
hp 0235aa2m -
hp jf238a -
hp 0235a09t -
hp je101a -
hp 0231a832 -
hp 0231a0av -
hp 0235a299 -
hp jf844a -
hp 0235a0g8 -
huawei ne5000e v800r002
hp 0235a328 -
huawei ne40e&80e v600r002
hp jd972a -
huawei ne40e&80e v600r001
hp 0235a17a -
hp 3crs48g-24p-91 -
hp 3cs7903e -
hp jc100a -
hp jr024a -
huawei ne40&80 v300r005
hp jf234a -
hp jd319b -
hp jd374a -
hp je031a -
hp jd353a -
hp 3cr17252taa-91 -
hp jd313a -
hp 0235a10f -
hp jd027a -
hp jd238a -
hp 3cr17331-91 -
hp 3cr17661-91 -
hp je023a -
hp 0235a32b -
hp jd660a -
hp jd918a -
hp jc694a -
hp jf816a -
hp jg240a -
hp 3cr17152-91 -
hp jc177a -
hp jc701a -
hp 3cr17342-91 -
hp 0235a19b -
hp jd274a -
hp 0235a19d -
hp 0235a298 -
hp 0235a392 -
hp 3cs7906ev -
hp 0235a27q -
hp jg249a -
hp jf233a -
hp jg238a -
hp jg257a -
hp je066a -
hp 0231a65t -
hp jd240b -
hp jd320a -
hp jd444a -
hp 0235a31v -
hp 0235a39h -
hp 3crs48g-48-91 -
hp 0235a23t -
hp 0235a0ga -
hp 3cr17258taa-91 -
hp jc748a -
hp jd663b -
hp 0235a248 -
hp je018a -
hp 3cr17662-91 -
hp jc149b -
huawei ne40e&80e v300r003
hp jd312a -
hp jc147a -
hp jc691a -
hp 0235a19h -
hp je201a -
hp 3crbvcxmsr07a -
hp 3cr17343a-91 -
hp 3crs42g-24-91 -
hp jd319a -
hp 3cruwx500475 -
hp 0235a27d -
hp 0235a42b -
hp jf802a -
hp jd007a -
hp 0235a0g1 -
hp 0235a267 -
hp 0235a301 -
hp jf229a -
hp jg208a -
hp jd344a -
hp 0235a19c -
huawei ma5200g v200r003
hp je166a -
hp 0235a10e -
hp 0235a0as -
hp 3crs48g-48p-91 -
hp jd251a -
hp 0235a0e3 -
hp je199a -
hp 3crs48g-24-91 -
hp jc055a -
hp jc474b -
hp jg213a -
hp jc635a -
hp 3cr17562-91 -
hp jg091a -
hp jd023a -
hp jg478a -
hp 0235a25n -
hp 0235a0e6 -
hp 3c17543taa -
hp jd431a -
hp jd448b -
hp 3cr17671-91 -
hp 3c17540 -
hp 0235a297 -
hp jc148b -
hp 0235a22h -
hp 3cr17341a-91 -
hp jc496a -
hp jd659a -
hp je009a -
hp 0235a37x -
hp je526a -
hp jc699a -
hp jg215a -
hp 0235a42d -
huawei ne20e-x6 v600r003
hp 3cr17772taa-91 -
hp 0235a15g -
hp 0235a34b -
hp jd667a -
hp je015a -
hp jf236a -
hp je028a -
huawei ne20 v200r005
hp 3c13613 -
hp jd241a -
hp jf286a -
hp jf808a -
hp jc666a -
hp 0235a20n -
hp 3cr17332-91 -
hp je089a -
hp 3crbvcxmsr06a -
hp 0235a15b -
hp jd193b -
hp jf247a -
hp jd316a -
hp jd327a -
hp 3cr17161-91 -
hp 3cr17772-91 -
hp jf809a -
hp jc653a -
hp jg248a -
hp 0235a31q -
hp 3cs7906e -
hp je016a -
hp 3c17541taa -
hp jd668a -
hp jd672a -
hp jf235a -
hp 3crbsg2093 -
hp je048a -
hp 3cs7903es -
hp 0235a31e -
hp jf817a -
hp jf807a -
hp 3cr17181-91 -
hp 3cr17162-91 -
hp jd663a -
hp jd240a -
hp 0235a20q -
hp 0235a33r -
hp 0235a321 -
hp jc178b -
hp jf431c -
hp jc086a -
hp jc124b -
hp jd656a -
hp 3cr17762-91 -
hp jg300a -
hp je032a -
hp 0235a27s -
hp jc698a -
hp jg302a -
hp 0235a323 -
hp jd349a -
hp je198a -
hp 0235a296 -
hp 3cr17761taa-91 -
hp jg304a -
hp jd373a -
hp 0235a10l -
hp jd332a -
hp jf431a -
CVE-2012-6108 LOW

HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.12.11
hp linux_imaging_and_printing_project 3.9.10
hp linux_imaging_and_printing_project 3.12.10
hp linux_imaging_and_printing_project 1.0
hp linux_imaging_and_printing_project *
hp linux_imaging_and_printing_project 3.12.2
hp linux_imaging_and_printing_project 3.10.5
hp linux_imaging_and_printing_project 3.12.9
hp linux_imaging_and_printing_project 3.9.12
hp linux_imaging_and_printing_project 3.11.1
hp linux_imaging_and_printing_project 3.10.9
hp linux_imaging_and_printing_project 3.12.6
hp linux_imaging_and_printing_project 3.11.3
hp linux_imaging_and_printing_project 3.10.2
hp linux_imaging_and_printing_project 3.10.6
hp linux_imaging_and_printing_project 2.0
hp linux_imaging_and_printing_project 3.11.5
hp linux_imaging_and_printing_project 3.11.7
hp linux_imaging_and_printing_project 3.11.10
hp linux_imaging_and_printing_project 3.9.2
hp linux_imaging_and_printing_project 3.9.6
hp linux_imaging_and_printing_project 2.7.10
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.9.4b
hp linux_imaging_and_printing_project 3.9.4
hp linux_imaging_and_printing_project 3.11.3a
hp linux_imaging_and_printing_project 3.12.4
CVE-2012-6277 HIGH

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
symantec mail_security *
symantec data_loss_prevention_endpoint *
ibm notes *
symantec mail_security 6.5.7
ibm domino *
symantec messaging_gateway *
hp autonomy_keyview_idol *
symantec data_loss_prevention_enforce/detection_servers *
CVE-2012-6501 MEDIUM

The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp pki_activex_control *
CVE-2013-0200 LOW

HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.11.3
hp linux_imaging_and_printing_project 3.9.10
hp linux_imaging_and_printing_project 1.0
hp linux_imaging_and_printing_project *
redhat enterprise_linux 6.0
hp linux_imaging_and_printing_project 3.10.2
hp linux_imaging_and_printing_project 3.10.5
hp linux_imaging_and_printing_project 3.10.6
hp linux_imaging_and_printing_project 2.0
hp linux_imaging_and_printing_project 3.11.5
hp linux_imaging_and_printing_project 3.11.7
hp linux_imaging_and_printing_project 3.11.10
hp linux_imaging_and_printing_project 3.9.2
hp linux_imaging_and_printing_project 3.9.12
hp linux_imaging_and_printing_project 3.9.6
hp linux_imaging_and_printing_project 3.11.1
hp linux_imaging_and_printing_project 2.7.10
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.9.4b
hp linux_imaging_and_printing_project 3.10.9
hp linux_imaging_and_printing_project 3.9.4
hp linux_imaging_and_printing_project 3.11.3a
CVE-2013-2321 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp service_manager_web_tier 9.31
CVE-2013-2322 LOW

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp nonstop_sql/mx 2.0
hp nonstop_sql/mx 3.1
hp nonstop_sql/mx *
hp nonstop_sql/mx 2.3
hp nonstop_sql/mx 2.2
hp nonstop_sql/mx 3.0
hp nonstop_sql/mx 21
hp nonstop_sql/mx 1.8
CVE-2013-2323 MEDIUM

HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp nonstop_sql/mx 3.1
hp nonstop_sql/mx 3.0
hp nonstop_sql/mx 3.2
CVE-2013-2324 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2325 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2326 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2327 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2328 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2329 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2330 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2331 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2332 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2333 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2334 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2335 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2013-2336 MEDIUM

HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.11
hp service_manager 9.31
hp service_manager 9.30
hp service_center 6.2.8
CVE-2013-2337 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.11
hp service_manager 9.31
hp service_manager 9.30
hp service_center 6.2.8
CVE-2013-2338 HIGH

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_3_firmware 1.50
hp integrated_lights-out_4_firmware 1.13
hp integrated_lights-out_3_firmware 1.28
hp integrated_lights-out_3_firmware 1.05
hp integrated_lights-out_3_firmware 1.20
hp integrated_lights-out_3_firmware *
hp integrated_lights-out_3_firmware 1.26
hp integrated_lights-out_4_firmware 1.11
hp integrated_lights-out_3_firmware 1.00
CVE-2013-2339 MEDIUM

HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Thin Client allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp smart_zero_core 4.3
hp smart_zero_core 4.3.1
CVE-2013-2340 HIGH

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp h3c_switch s3100-8c-si_ls-s3100-8c-si-ac-ovs
hp h3c_processor_module msr_50
hp h3c_switch s5100-16p-si_ls-5100-16p-si-ovs-h3
hp procurve_switch je008a
hp procurve_switch jd313b
hp 3com_baseline_plus_switch 2900g-28pwr
hp h3c_router rt-msr2012-ac-ovs-h3
hp procurve_switch je101a
hp procurve_switch jg257a
hp 3com_switch ss4_5500g-ei-pwr
hp h3c_router msr_3016_poe
hp procurve_switch jd306a
hp h3c_router sr8802
hp procurve_switch jg304a
hp h3c_router rt-msr5060-ac-ovs-h3
hp procurve_switch jg299a
hp procurve_switch je028a
hp procurve_switch je107a
hp h3c_router rt-msr2015-ac-ovs-a-h3
hp procurve_switch jg303a
hp h3c_router rt-msr2012-ac-ovs-w-h3
hp procurve_switch je069a
hp procurve_switch je165a
hp h3c_switch s12508
hp procurve_switch jd241a
hp procurve_switch jd335a
hp h3c_switch s5100-50c-ei_ls-5100-50c-ei-ovs
hp procurve_switch jf430a
hp h3c_switch s9505e
hp procurve_switch jg316a
hp procurve_switch jd317a
hp 3com_switch 4210
hp h3c_router msr_20-10
hp procurve_router jf229a
hp procurve_switch jd337a
hp h3c_router msr_20-15
hp procurve_router jf233a
hp procurve_router jd656a
hp procurve_switch jg251a
hp procurve_router jd432a
hp procurve_switch jc100a
hp procurve_router jd967a
hp vpn_firewall_appliance jg214a
hp procurve_switch jd305a
hp 3com_switch_taa_compliant 5500g-ei-sfp
hp procurve_router jd918a
hp procurve_switch je166a
hp procurve_switch jd334a
hp h3c_router msr_920
hp 3com_baseline_plus_switch 2900
hp procurve_switch jc652a
hp procurve_switch jc085a
hp 3com_switch ss4_5500-si
hp 3com_switch_taa_compliant 5500g-ei-pwr
hp procurve_router jf800a
hp procurve_switch jc099a
hp 3com_switch ss4_5500-ei
hp procurve_router jf236a
hp procurve_switch jg092a
hp h3c_router rt-msr2012-t-ac-ovs-h3
hp procurve_router jd653a
hp 3com_router 5231
hp procurve_switch jd374a
hp procurve_router jf812a
hp procurve_router jf804a
hp procurve_switch je071a
hp procurve_switch jc102a
hp procurve_router jc147b
hp procurve_switch jd338a
hp procurve_switch jd344a
hp h3c_switch s7506e-v
hp procurve_switch jg256a
hp procurve_router jd662a
hp procurve_switch jg225a
hp procurve_switch je094a
hp procurve_switch jd243b
hp procurve_switch je074a
hp h3c_routing_switch s9505e
hp procurve_switch jd011a
hp procurve_switch jg302a
hp procurve_switch jd240a
hp h3c_router msr_30-20_rtvz33020as
hp procurve_switch jc474a
hp h3c_router msr_30-40_poe
hp procurve_switch jd327a
hp h3c_switch s3100-26c-si_ls-s3100-26c-si-dc-ovs
hp procurve_switch jd307a
hp procurve_switch jd392a
hp procurve_switch je046a
hp procurve_switch jg242a
hp 3com_router ss4_5500g-ei
hp procurve_switch je167a
hp procurve_switch je024a
hp h3c_switch s3610-28tp_ls-3610-28tp-ovs
hp 3com_switch 4200g-ntg
hp h3c_router msr_20-13_w
hp h3c_router msr_20-13
hp procurve_switch jd304a
hp h3c_switch s3100-26c-si_ls-s3100-26c-si-ac-ovs
hp procurve_switch jc654a
hp procurve_switch jg300a
hp procurve_switch jd243a
hp procurve_switch jd394a
hp procurve_router jd972a
hp h3c_switch s3100-8c-si_ls-s3100-8c-si-dc-ovs
hp procurve_router jf640a
hp procurve_switch jc106a
hp procurve_switch jf552a
hp procurve_switch je106a
hp h3c_switch s5120-52c-ei
hp procurve_switch je099a
hp procurve_switch jd350a
hp h3c_router rt-msr3016-ac-ovs-h3
hp procurve_router jf813a
hp 3com_switch 4200g
hp procurve_switch jf430b
hp 3com_switch 4210-48g
hp procurve_switch jc611a
hp h3c_ethernet_switch s5500-28c-ei-dc
hp h3c_switch s5120-52p-si
hp procurve_switch jd331a
hp procurve_switch jg246a
hp procurve_switch je109a
hp h3c_router msr_30-40
hp h3c_switch s3100-16c-si_ls-s3100-16c-si-dc-ovs
hp procurve_switch jd239a
hp 3com_router 3018
hp procurve_switch jg349a
hp procurve_switch jd319b
hp procurve_router jf228a
hp procurve_router jd663b
hp 3com_baseline_plus_switch 2900g
hp 3com_router 5009
hp h3c_switch s5120-48p-ei
hp h3c_switch s7503e-s
hp procurve_router jf287a
hp 3com_switch 4210_pwr
hp h3c_switch s3100-16t-si_ls-s3100-16t-si-ac-ovs
hp procurve_switch jd370a
hp h3c_router rt-msr3040-ac-poe-ovs-h3
hp 3com_switch 4200g_pwr
hp procurve_router jd922a
hp h3c_switch s3600-28f-ei_ls-3600-28f-ei-ovs
hp procurve_router jf283a
hp procurve_router jd943a
hp procurve_switch jc655a
hp h3c_switch s5100-8p-si_ls-5100-8p-si-ovs-h3
hp procurve_switch jg252a
hp h3c_ethernet_switch s5600-50c
hp procurve_router jd917a
hp h3c_switch s5120-28p-hpwr-si
hp vpn_firewall_appliance jd271a
hp procurve_router jf807a
hp procurve_switch jg250a
hp h3c_router msr_20-21
hp h3c_routing_switch s12508
hp h3c_router rt-msr2015-ac-ovs-i-h3
hp procurve_switch je033a
hp procurve_switch jg305a
hp procurve_switch jd336a
hp h3c_router rt-msr3060-dc-ovs-h3
hp h3c_router rt-msr3020-dc-ovs-h3
hp procurve_switch jg350a
hp h3c_ethernet_switch s5600-50c-pwr
hp procurve_switch jg253a
hp h3c_ethernet_switch s5500-28c-pwr-si
hp h3c_router msr_30-20_poe
hp procurve_switch je023a
hp procurve_router jd663a
hp procurve_router jd944a
hp procurve_router jf285a
hp procurve_router jc150a
hp h3c_ethernet_switch s5600-26c
hp h3c_router rt-msr3016-ac-poe-ovs-h3
hp h3c_switch s7502e
hp procurve_switch jd238b
hp h3c_router rt-msr3060-ac-ovs-h3
hp procurve_router jf809a
hp procurve_switch jg240a
hp h3c_switch s3600-52p-pwr-ei_ls-3600-52p-pwr-ei-ovs
hp procurve_switch je090a
hp 3com_switch 4510g
hp procurve_switch jd308a
hp h3c_switch s3100-26t-si_ls-s3100-26t-si-ac-ovs
hp 3com_switch 4210_pwr_9p_taa
hp h3c_router msr_30-20
hp h3c_router rt-msr3020-ac-poe-ovs-h3
hp h3c_switch s3610-28f_ls-3610-28f-ovs
hp 3com_switch 4510g_pwr
hp procurve_router jc150b
hp h3c_switch s5100-16p-ei_ls-5100-16p-ei-ovs-h3
hp h3c_switch s7503e
hp procurve_switch jg241a
hp h3c_switch s3100-16c-si_ls-s3100-16c-si-ac-ovs
hp h3c_switch s3600-52p-ei_ls-3600-52p-ei-ovs
hp h3c_switch s3610-52p_ls-3610-52p-ovs
hp procurve_switch jd354a
hp procurve_switch je005a
hp procurve_switch je068a
hp procurve_switch je026a
hp procurve_router jf231a
hp h3c_router msr_50-40
hp procurve_switch je018a
hp procurve_switch jd373a
hp procurve_router jd921a
hp procurve_switch jg247a
hp procurve_switch je022a
hp procurve_switch jc086a
hp procurve_switch jd376a
hp procurve_switch jd242a
hp procurve_switch jd302a
hp procurve_switch jd377a
hp h3c_router rt-msr2020-ac-ovs-h3c
hp procurve_router jc149b
hp procurve_router jd935a
hp procurve_switch jd355a
hp h3c_router rt-msr3060-ac-poe-ovs-h3
hp procurve_switch jc104a
hp procurve_switch jg239a
hp procurve_switch je097a
hp procurve_switch jc474b
hp h3c_switch s3600-28p-si_ls-3600-28p-si-ovs
hp procurve_router jf234a
hp h3c_ethernet_switch s5600-26c-pwr
hp h3c_ethernet_switch s7503e
hp h3c_router sr8812
hp procurve_switch je067a
hp 3com_switch 4800g
hp procurve_switch jg254a
hp procurve_switch jd345a
hp procurve_switch jg236a
hp 3com_router 5232
hp 3com_router 5642_taa
hp h3c_switch s5100-26c-pwr-ei_ls-5100-26c-pwr-ei-ovs
hp procurve_switch jg222a
hp h3c_switch s7506e
hp procurve_router jd923a
hp h3c_router sr8808
hp procurve_switch jd009a
hp 3com_router 6040
hp procurve_switch jd393a
hp h3c_router rt-msr2040-ac-ovs-h3
hp h3c_switch s5820x-28s
hp procurve_switch jg237a
hp h3c_routing_switch s12518
hp procurve_switch jc103a
hp procurve_router jd431a
hp h3c_ethernet_switch s7502e
hp procurve_switch jg307a
hp procurve_switch jg311a
hp procurve_switch jd347a
hp procurve_switch jd320b
hp procurve_switch jd391a
hp procurve_switch jd330a
hp h3c_switch s5100-16p-pwr-ei_ls-5100-16p-pwr-ei-ovs
hp 3com_switch ss4_switch_5500g-ei
hp h3c_router rt-msr2012-ac-ovs-s-h3
hp h3c_ethernet_switch s5500-52c-pwr-ei
hp h3c_router msr5040-dc-ovs-h3c
hp procurve_switch je006a
hp procurve_router jf817a
hp h3c_processing_module msr_50_g2
hp h3c_switch s5100-50c-pwr-ei_ls-5100-50c-pwr-ei-ovs
hp procurve_router jd946a
hp procurve_switch jc694a
hp procurve_switch jc105a
hp h3c_ethernet_switch s5500-52c-si
hp procurve_router jf284a
hp procurve_switch jg348a
hp procurve_router jf183a
hp 3com_router 5012
hp procurve_switch je045a
hp procurve_switch jc612a
hp procurve_switch jf846a
hp procurve_switch jg243a
hp h3c_router msr_20-15_a
hp procurve_switch je048a
hp procurve_switch jg301a
hp 3com_router 5640
hp procurve_switch jd352a
hp procurve_switch jg255a
hp procurve_switch jd349a
hp h3c_switch s3600-52p-pwr-si_ls-3600-52p-pwr-si-ovs
hp procurve_switch jg091a
hp h3c_switch s5120-52c-pwr-ei
hp procurve_switch jd353a
hp procurve_switch jd310a
hp procurve_switch jf427a
hp h3c_switch s3600-28p-pwr-si_ls-3600-28p-pwr-si-ovs
hp procurve_router jf815a
hp h3c_router msr_30-60
hp h3c_switch s3600-28p-ei_ls-3600-28p-ei-ovs
hp h3c_ethernet_switch s7506e-v
hp procurve_router jf230a
hp procurve_switch jg258a
hp 3com_taa_switch 5500-ei
hp procurve_switch je096a
hp h3c_switch s5100-26c-ei_ls-5100-26c-ei-ovs
hp h3c_switch s5120-20p-si
hp h3c_switch s3600-28p-pwr-ei_ls-3600-28p-pwr-ei-ovs
hp procurve_switch je089a
hp procurve_switch jc691a
hp vpn_firewall_appliance jg213a
hp h3c_ethernet_switch s5500-28f-ei
hp procurve_switch jg312a
hp procurve_switch jg259a
hp procurve_switch je110a
hp 3com_router 6080
hp h3c_router msr_30-10
hp procurve_switch jf431a
hp 3com_switch 4500_pwr
hp 3com_switch_taa_compliant 5500g-ei
hp procurve_switch jg219a
hp h3c_router sr_20-12_w
hp procurve_switch je020a
hp procurve_switch jd238a
hp h3c_ethernet_switch s7510e
hp procurve_switch jg238a
hp procurve_router jf235a
hp procurve_switch jd007a
hp procurve_switch je164a
hp procurve_switch jf553a
hp h3c_switch s5800-32c-pwr
hp 3com_router 3041
hp h3c_switch s5800-56c-pwr
hp vpn_firewall_appliance jd270a
hp procurve_router jd945a
hp h3c_switch s5800-60c-pwr
hp procurve_switch je016a
hp procurve_switch je019a
hp procurve_switch je169a
hp h3c_router msr_50-60
hp h3c_router rt-msr2015-ac-ovs-iw-h3
hp h3c_router rt-msr2015-ac-ovs-aw-h3
hp procurve_router jc149a
hp procurve_router jc148a
hp procurve_switch jd357a
hp procurve_switch je015a
hp h3c_router msr_20-15_iw
hp procurve_switch jf430c
hp procurve_switch jd242b
hp procurve_router jc147a
hp procurve_switch jd241b
hp procurve_switch jc124a
hp 3com_switch e4210-24g-poe
hp 3com_switch ss4_5500-ei-pwr
hp procurve_switch jg315a
hp h3c_ethernet_switch s5500-28c-ei
hp procurve_router jf816a
hp h3c_router rt-msr3011-ac-ovs-h3
hp procurve_switch jd309a
hp h3c_switch s3600-28tp-si_ls-3600-28tp-si-ovs
hp procurve_switch je105a
hp procurve_switch je027a
hp procurve_switch je095a
hp h3c_router rt-msr3040-ac-ovs-as-h3
hp procurve_switch jc653a
hp procurve_switch jd318b
hp procurve_router jc148b
hp procurve_switch jd328a
hp h3c_switch s5120-28c-pwr-ei
hp procurve_switch jd369a
hp h3c_switch s5120-28c-ei
hp procurve_switch je072a
hp procurve_switch jd378a
hp h3c_switch s3100-52p_ls-3100-52p-ovs-h3
hp procurve_switch je017a
hp h3c_router msr_20-12
hp h3c_ethernet_switch s5600-26f
hp procurve_switch jd239b
hp procurve_switch jg306a
hp h3c_router msr_3016
hp 3com_baseline_plus_switch 2900g-28hpwr
hp h3c_switch s3610-28p_ls-3610-28p-ovs
hp h3c_switch s5820x-28c
hp 3com_router 3016
hp h3c_ethernet_switch s7506e
hp procurve_switch jc125a
hp h3c_ethernet_switch s7503e-s
hp 3com_switch 4500
hp procurve_switch jd333a
hp procurve_router jf808a
hp procurve_switch jd303a
hp procurve_switch je070a
hp procurve_switch jf844a
hp procurve_router jd433a
hp procurve_switch je025a
hp procurve_switch je066a
hp procurve_switch jc125b
hp h3c_switch s5100-48p-si_ls-5100-48p-si-ovs-h3
hp procurve_router jf802a
hp procurve_switch je088a
hp procurve_router jf801a
hp procurve_switch 658247-b21
hp 3com_switch ss4_5500g-ei
hp procurve_switch jd346a
hp procurve_switch jd240b
hp procurve_switch jg374a
hp 3com_switch 4210-24g
hp procurve_switch je093a
hp h3c_ethernet_switch s5500-28c-pwr-ei
hp procurve_switch je031a
hp h3c_router msr_20-20
hp procurve_router jd916a
hp h3c_switch s5120-28p-pwr-si
hp procurve_switch je102a
hp h3c_router rt-msr2013-ac-ovs-h3
hp procurve_switch jd356a
hp procurve_switch jc613a
hp procurve_router jf240a
hp 3com_router 5682
hp 3com_router 3040
hp procurve_switch jf428a
hp h3c_switch s3100-8t-si_ls-s3100-8t-si-ac-ovs
hp h3c_switch s5120-28p-si
hp procurve_switch 658250-b21
hp procurve_switch je104a
hp 3com_router 3036
hp h3c_ethernet_switch s5500-52c-pwr-si
hp 3com_router 3012
hp 3com_router 3013
hp procurve_switch jf847a
hp procurve_switch je030a
hp procurve_switch jg221a
hp procurve_switch je073a
hp h3c_switch s5100-48p-ei_ls-5100-48p-ei-ovs
hp procurve_switch jf431c
hp procurve_router jf239a
hp procurve_switch jd008a
hp procurve_switch jg248a
hp procurve_router jd655a
hp h3c_routing_switch s9508e-v
hp procurve_switch jd325a
hp procurve_router jd664a
hp procurve_switch jc101a
hp procurve_switch jf551a
hp procurve_switch je009a
hp procurve_router jf241a
hp procurve_switch jf845a
hp procurve_switch jc124b
hp h3c_switch s5100-24p-ei_ls-5100-24p-ei-ovs
hp procurve_switch je100a
hp h3c_router rt-msr2011-ac-ovs-h3
hp h3c_routing_switch s9512e
hp procurve_switch je108a
hp h3c_high_performance_main_processing_unit msr_50_3ge
hp procurve_router jd429b
hp h3c_router msr_20-12_t1
hp procurve_switch jd372a
hp procurve_switch jg249a
hp 3com_switch e4510-24g
hp procurve_router jf182a
hp h3c_router msr_20-40
hp 3com_router 5642
hp h3c_ethernet_switch s5500-52c-ei
hp h3c_switch s5800-32f
hp 3com_switch 5500g-ei_sfp
hp h3c_router rt-msr2040-ac-ovs-h3c
hp h3c_switch s5800-56c
hp procurve_switch je021a
hp procurve_switch jg245a
hp h3c_switch s9508e-v
hp procurve_switch jd395a
hp procurve_router jf184a
hp procurve_switch je091a
hp procurve_switch jc748a
hp h3c_switch s3600-52p-si_ls-3600-52p-si-ovs
hp h3c_router msr_20-15_a_w
hp procurve_switch jd375a
hp procurve_switch je029a
hp h3c_ethernet_switch s5500-28c-si
hp h3c_switch s5100-8p-pwr-ei_ls-5100-8p-pwr-ei-ovs
hp procurve_switch jf431b
hp h3c_router sr8805
hp h3c_router rt-msr3040-ac-ovs-h
hp h3c_switch s5120-24p-ei
hp procurve_switch jd332a
hp procurve_router jf238a
hp procurve_switch je092a
hp h3c_router msr_3010
hp procurve_router jf806a
hp 3com_router jg005a
hp procurve_switch je047a
hp procurve_router jf814a
hp procurve_switch jg223a
hp h3c_router msr_900
hp procurve_switch jd010a
hp h3c_router msr_30-60_poe
hp h3c_router msr_20-11
hp h3c_switch s5800-32c
hp h3c_switch s12518
hp procurve_switch jd329a
hp procurve_router jf237a
hp procurve_switch je007a
hp h3c_router rt-msr2013-ac-ovs-w-h3
hp procurve_switch jd371a
hp procurve_switch jd379a
hp procurve_router jf803a
hp procurve_switch jd326a
hp h3c_switch s5100-24p-si_ls-5100-24p-si-ovs-h3
hp procurve_switch je032a
hp 3com_router 5680
hp h3c_switch s5100-8p-ei_ls-5100-8p-ei-ovs-h3
hp procurve_switch jd351a
hp procurve_switch jd348a
hp procurve_switch je168a
CVE-2013-2341 HIGH

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp h3c_switch s3100-8c-si_ls-s3100-8c-si-ac-ovs
hp h3c_processor_module msr_50
hp h3c_switch s5100-16p-si_ls-5100-16p-si-ovs-h3
hp procurve_switch je008a
hp procurve_switch jd313b
hp 3com_baseline_plus_switch 2900g-28pwr
hp h3c_router rt-msr2012-ac-ovs-h3
hp procurve_switch je101a
hp procurve_switch jg257a
hp 3com_switch ss4_5500g-ei-pwr
hp h3c_router msr_3016_poe
hp procurve_switch jd306a
hp h3c_router sr8802
hp procurve_switch jg304a
hp h3c_router rt-msr5060-ac-ovs-h3
hp procurve_switch jg299a
hp procurve_switch je028a
hp procurve_switch je107a
hp h3c_router rt-msr2015-ac-ovs-a-h3
hp procurve_switch jg303a
hp h3c_router rt-msr2012-ac-ovs-w-h3
hp procurve_switch je069a
hp procurve_switch je165a
hp h3c_switch s12508
hp procurve_switch jd241a
hp procurve_switch jd335a
hp h3c_switch s5100-50c-ei_ls-5100-50c-ei-ovs
hp procurve_switch jf430a
hp h3c_switch s9505e
hp procurve_switch jg316a
hp procurve_switch jd317a
hp 3com_switch 4210
hp h3c_router msr_20-10
hp procurve_router jf229a
hp procurve_switch jd337a
hp h3c_router msr_20-15
hp procurve_router jf233a
hp procurve_router jd656a
hp procurve_switch jg251a
hp procurve_router jd432a
hp procurve_switch jc100a
hp procurve_router jd967a
hp vpn_firewall_appliance jg214a
hp procurve_switch jd305a
hp 3com_switch_taa_compliant 5500g-ei-sfp
hp procurve_router jd918a
hp procurve_switch je166a
hp procurve_switch jd334a
hp h3c_router msr_920
hp 3com_baseline_plus_switch 2900
hp procurve_switch jc652a
hp procurve_switch jc085a
hp 3com_switch ss4_5500-si
hp 3com_switch_taa_compliant 5500g-ei-pwr
hp procurve_router jf800a
hp procurve_switch jc099a
hp 3com_switch ss4_5500-ei
hp procurve_router jf236a
hp procurve_switch jg092a
hp h3c_router rt-msr2012-t-ac-ovs-h3
hp procurve_router jd653a
hp 3com_router 5231
hp procurve_switch jd374a
hp procurve_router jf812a
hp procurve_router jf804a
hp procurve_switch je071a
hp procurve_switch jc102a
hp procurve_router jc147b
hp procurve_switch jd338a
hp procurve_switch jd344a
hp h3c_switch s7506e-v
hp procurve_switch jg256a
hp procurve_router jd662a
hp procurve_switch jg225a
hp procurve_switch je094a
hp procurve_switch jd243b
hp procurve_switch je074a
hp h3c_routing_switch s9505e
hp procurve_switch jd011a
hp procurve_switch jg302a
hp procurve_switch jd240a
hp h3c_router msr_30-20_rtvz33020as
hp procurve_switch jc474a
hp h3c_router msr_30-40_poe
hp procurve_switch jd327a
hp h3c_switch s3100-26c-si_ls-s3100-26c-si-dc-ovs
hp procurve_switch jd307a
hp procurve_switch jd392a
hp procurve_switch je046a
hp procurve_switch jg242a
hp 3com_router ss4_5500g-ei
hp procurve_switch je167a
hp procurve_switch je024a
hp h3c_switch s3610-28tp_ls-3610-28tp-ovs
hp 3com_switch 4200g-ntg
hp h3c_router msr_20-13_w
hp h3c_router msr_20-13
hp procurve_switch jd304a
hp h3c_switch s3100-26c-si_ls-s3100-26c-si-ac-ovs
hp procurve_switch jc654a
hp procurve_switch jg300a
hp procurve_switch jd243a
hp procurve_switch jd394a
hp procurve_router jd972a
hp h3c_switch s3100-8c-si_ls-s3100-8c-si-dc-ovs
hp procurve_router jf640a
hp procurve_switch jc106a
hp procurve_switch jf552a
hp procurve_switch je106a
hp h3c_switch s5120-52c-ei
hp procurve_switch je099a
hp procurve_switch jd350a
hp h3c_router rt-msr3016-ac-ovs-h3
hp procurve_router jf813a
hp 3com_switch 4200g
hp procurve_switch jf430b
hp 3com_switch 4210-48g
hp procurve_switch jc611a
hp h3c_ethernet_switch s5500-28c-ei-dc
hp h3c_switch s5120-52p-si
hp procurve_switch jd331a
hp procurve_switch jg246a
hp procurve_switch je109a
hp h3c_router msr_30-40
hp h3c_switch s3100-16c-si_ls-s3100-16c-si-dc-ovs
hp procurve_switch jd239a
hp 3com_router 3018
hp procurve_switch jg349a
hp procurve_switch jd319b
hp procurve_router jf228a
hp procurve_router jd663b
hp 3com_baseline_plus_switch 2900g
hp 3com_router 5009
hp h3c_switch s5120-48p-ei
hp h3c_switch s7503e-s
hp procurve_router jf287a
hp 3com_switch 4210_pwr
hp h3c_switch s3100-16t-si_ls-s3100-16t-si-ac-ovs
hp procurve_switch jd370a
hp h3c_router rt-msr3040-ac-poe-ovs-h3
hp 3com_switch 4200g_pwr
hp procurve_router jd922a
hp h3c_switch s3600-28f-ei_ls-3600-28f-ei-ovs
hp procurve_router jf283a
hp procurve_router jd943a
hp procurve_switch jc655a
hp h3c_switch s5100-8p-si_ls-5100-8p-si-ovs-h3
hp procurve_switch jg252a
hp h3c_ethernet_switch s5600-50c
hp procurve_router jd917a
hp h3c_switch s5120-28p-hpwr-si
hp vpn_firewall_appliance jd271a
hp procurve_router jf807a
hp procurve_switch jg250a
hp h3c_router msr_20-21
hp h3c_routing_switch s12508
hp h3c_router rt-msr2015-ac-ovs-i-h3
hp procurve_switch je033a
hp procurve_switch jg305a
hp procurve_switch jd336a
hp h3c_router rt-msr3060-dc-ovs-h3
hp h3c_router rt-msr3020-dc-ovs-h3
hp procurve_switch jg350a
hp h3c_ethernet_switch s5600-50c-pwr
hp procurve_switch jg253a
hp h3c_ethernet_switch s5500-28c-pwr-si
hp h3c_router msr_30-20_poe
hp procurve_switch je023a
hp procurve_router jd663a
hp procurve_router jd944a
hp procurve_router jf285a
hp procurve_router jc150a
hp h3c_ethernet_switch s5600-26c
hp h3c_router rt-msr3016-ac-poe-ovs-h3
hp h3c_switch s7502e
hp procurve_switch jd238b
hp h3c_router rt-msr3060-ac-ovs-h3
hp procurve_router jf809a
hp procurve_switch jg240a
hp h3c_switch s3600-52p-pwr-ei_ls-3600-52p-pwr-ei-ovs
hp procurve_switch je090a
hp 3com_switch 4510g
hp procurve_switch jd308a
hp h3c_switch s3100-26t-si_ls-s3100-26t-si-ac-ovs
hp 3com_switch 4210_pwr_9p_taa
hp h3c_router msr_30-20
hp h3c_router rt-msr3020-ac-poe-ovs-h3
hp h3c_switch s3610-28f_ls-3610-28f-ovs
hp 3com_switch 4510g_pwr
hp procurve_router jc150b
hp h3c_switch s5100-16p-ei_ls-5100-16p-ei-ovs-h3
hp h3c_switch s7503e
hp procurve_switch jg241a
hp h3c_switch s3100-16c-si_ls-s3100-16c-si-ac-ovs
hp h3c_switch s3600-52p-ei_ls-3600-52p-ei-ovs
hp h3c_switch s3610-52p_ls-3610-52p-ovs
hp procurve_switch jd354a
hp procurve_switch je005a
hp procurve_switch je068a
hp procurve_switch je026a
hp procurve_router jf231a
hp h3c_router msr_50-40
hp procurve_switch je018a
hp procurve_switch jd373a
hp procurve_router jd921a
hp procurve_switch jg247a
hp procurve_switch je022a
hp procurve_switch jc086a
hp procurve_switch jd376a
hp procurve_switch jd242a
hp procurve_switch jd302a
hp procurve_switch jd377a
hp h3c_router rt-msr2020-ac-ovs-h3c
hp procurve_router jc149b
hp procurve_router jd935a
hp procurve_switch jd355a
hp h3c_router rt-msr3060-ac-poe-ovs-h3
hp procurve_switch jc104a
hp procurve_switch jg239a
hp procurve_switch je097a
hp procurve_switch jc474b
hp h3c_switch s3600-28p-si_ls-3600-28p-si-ovs
hp procurve_router jf234a
hp h3c_ethernet_switch s5600-26c-pwr
hp h3c_ethernet_switch s7503e
hp h3c_router sr8812
hp procurve_switch je067a
hp 3com_switch 4800g
hp procurve_switch jg254a
hp procurve_switch jd345a
hp procurve_switch jg236a
hp 3com_router 5232
hp 3com_router 5642_taa
hp h3c_switch s5100-26c-pwr-ei_ls-5100-26c-pwr-ei-ovs
hp procurve_switch jg222a
hp h3c_switch s7506e
hp procurve_router jd923a
hp h3c_router sr8808
hp procurve_switch jd009a
hp 3com_router 6040
hp procurve_switch jd393a
hp h3c_router rt-msr2040-ac-ovs-h3
hp h3c_switch s5820x-28s
hp procurve_switch jg237a
hp h3c_routing_switch s12518
hp procurve_switch jc103a
hp procurve_router jd431a
hp h3c_ethernet_switch s7502e
hp procurve_switch jg307a
hp procurve_switch jg311a
hp procurve_switch jd347a
hp procurve_switch jd320b
hp procurve_switch jd391a
hp procurve_switch jd330a
hp h3c_switch s5100-16p-pwr-ei_ls-5100-16p-pwr-ei-ovs
hp 3com_switch ss4_switch_5500g-ei
hp h3c_router rt-msr2012-ac-ovs-s-h3
hp h3c_ethernet_switch s5500-52c-pwr-ei
hp h3c_router msr5040-dc-ovs-h3c
hp procurve_switch je006a
hp procurve_router jf817a
hp h3c_processing_module msr_50_g2
hp h3c_switch s5100-50c-pwr-ei_ls-5100-50c-pwr-ei-ovs
hp procurve_router jd946a
hp procurve_switch jc694a
hp procurve_switch jc105a
hp h3c_ethernet_switch s5500-52c-si
hp procurve_router jf284a
hp procurve_switch jg348a
hp procurve_router jf183a
hp 3com_router 5012
hp procurve_switch je045a
hp procurve_switch jc612a
hp procurve_switch jf846a
hp procurve_switch jg243a
hp h3c_router msr_20-15_a
hp procurve_switch je048a
hp procurve_switch jg301a
hp 3com_router 5640
hp procurve_switch jd352a
hp procurve_switch jg255a
hp procurve_switch jd349a
hp h3c_switch s3600-52p-pwr-si_ls-3600-52p-pwr-si-ovs
hp procurve_switch jg091a
hp h3c_switch s5120-52c-pwr-ei
hp procurve_switch jd353a
hp procurve_switch jd310a
hp procurve_switch jf427a
hp h3c_switch s3600-28p-pwr-si_ls-3600-28p-pwr-si-ovs
hp procurve_router jf815a
hp h3c_router msr_30-60
hp h3c_switch s3600-28p-ei_ls-3600-28p-ei-ovs
hp h3c_ethernet_switch s7506e-v
hp procurve_router jf230a
hp procurve_switch jg258a
hp 3com_taa_switch 5500-ei
hp procurve_switch je096a
hp h3c_switch s5100-26c-ei_ls-5100-26c-ei-ovs
hp h3c_switch s5120-20p-si
hp h3c_switch s3600-28p-pwr-ei_ls-3600-28p-pwr-ei-ovs
hp procurve_switch je089a
hp procurve_switch jc691a
hp vpn_firewall_appliance jg213a
hp h3c_ethernet_switch s5500-28f-ei
hp procurve_switch jg312a
hp procurve_switch jg259a
hp procurve_switch je110a
hp 3com_router 6080
hp h3c_router msr_30-10
hp procurve_switch jf431a
hp 3com_switch 4500_pwr
hp 3com_switch_taa_compliant 5500g-ei
hp procurve_switch jg219a
hp h3c_router sr_20-12_w
hp procurve_switch je020a
hp procurve_switch jd238a
hp h3c_ethernet_switch s7510e
hp procurve_switch jg238a
hp procurve_router jf235a
hp procurve_switch jd007a
hp procurve_switch je164a
hp procurve_switch jf553a
hp h3c_switch s5800-32c-pwr
hp 3com_router 3041
hp h3c_switch s5800-56c-pwr
hp vpn_firewall_appliance jd270a
hp procurve_router jd945a
hp h3c_switch s5800-60c-pwr
hp procurve_switch je016a
hp procurve_switch je019a
hp procurve_switch je169a
hp h3c_router msr_50-60
hp h3c_router rt-msr2015-ac-ovs-iw-h3
hp h3c_router rt-msr2015-ac-ovs-aw-h3
hp procurve_router jc149a
hp procurve_router jc148a
hp procurve_switch jd357a
hp procurve_switch je015a
hp h3c_router msr_20-15_iw
hp procurve_switch jf430c
hp procurve_switch jd242b
hp procurve_router jc147a
hp procurve_switch jd241b
hp procurve_switch jc124a
hp 3com_switch e4210-24g-poe
hp 3com_switch ss4_5500-ei-pwr
hp procurve_switch jg315a
hp h3c_ethernet_switch s5500-28c-ei
hp procurve_router jf816a
hp h3c_router rt-msr3011-ac-ovs-h3
hp procurve_switch jd309a
hp h3c_switch s3600-28tp-si_ls-3600-28tp-si-ovs
hp procurve_switch je105a
hp procurve_switch je027a
hp procurve_switch je095a
hp h3c_router rt-msr3040-ac-ovs-as-h3
hp procurve_switch jc653a
hp procurve_switch jd318b
hp procurve_router jc148b
hp procurve_switch jd328a
hp h3c_switch s5120-28c-pwr-ei
hp procurve_switch jd369a
hp h3c_switch s5120-28c-ei
hp procurve_switch je072a
hp procurve_switch jd378a
hp h3c_switch s3100-52p_ls-3100-52p-ovs-h3
hp procurve_switch je017a
hp h3c_router msr_20-12
hp h3c_ethernet_switch s5600-26f
hp procurve_switch jd239b
hp procurve_switch jg306a
hp h3c_router msr_3016
hp 3com_baseline_plus_switch 2900g-28hpwr
hp h3c_switch s3610-28p_ls-3610-28p-ovs
hp h3c_switch s5820x-28c
hp 3com_router 3016
hp h3c_ethernet_switch s7506e
hp procurve_switch jc125a
hp h3c_ethernet_switch s7503e-s
hp 3com_switch 4500
hp procurve_switch jd333a
hp procurve_router jf808a
hp procurve_switch jd303a
hp procurve_switch je070a
hp procurve_switch jf844a
hp procurve_router jd433a
hp procurve_switch je025a
hp procurve_switch je066a
hp procurve_switch jc125b
hp h3c_switch s5100-48p-si_ls-5100-48p-si-ovs-h3
hp procurve_router jf802a
hp procurve_switch je088a
hp procurve_router jf801a
hp procurve_switch 658247-b21
hp 3com_switch ss4_5500g-ei
hp procurve_switch jd346a
hp procurve_switch jd240b
hp procurve_switch jg374a
hp 3com_switch 4210-24g
hp procurve_switch je093a
hp h3c_ethernet_switch s5500-28c-pwr-ei
hp procurve_switch je031a
hp h3c_router msr_20-20
hp procurve_router jd916a
hp h3c_switch s5120-28p-pwr-si
hp procurve_switch je102a
hp h3c_router rt-msr2013-ac-ovs-h3
hp procurve_switch jd356a
hp procurve_switch jc613a
hp procurve_router jf240a
hp 3com_router 5682
hp 3com_router 3040
hp procurve_switch jf428a
hp h3c_switch s3100-8t-si_ls-s3100-8t-si-ac-ovs
hp h3c_switch s5120-28p-si
hp procurve_switch 658250-b21
hp procurve_switch je104a
hp 3com_router 3036
hp h3c_ethernet_switch s5500-52c-pwr-si
hp 3com_router 3012
hp 3com_router 3013
hp procurve_switch jf847a
hp procurve_switch je030a
hp procurve_switch jg221a
hp procurve_switch je073a
hp h3c_switch s5100-48p-ei_ls-5100-48p-ei-ovs
hp procurve_switch jf431c
hp procurve_router jf239a
hp procurve_switch jd008a
hp procurve_switch jg248a
hp procurve_router jd655a
hp h3c_routing_switch s9508e-v
hp procurve_switch jd325a
hp procurve_router jd664a
hp procurve_switch jc101a
hp procurve_switch jf551a
hp procurve_switch je009a
hp procurve_router jf241a
hp procurve_switch jf845a
hp procurve_switch jc124b
hp h3c_switch s5100-24p-ei_ls-5100-24p-ei-ovs
hp procurve_switch je100a
hp h3c_router rt-msr2011-ac-ovs-h3
hp h3c_routing_switch s9512e
hp procurve_switch je108a
hp h3c_high_performance_main_processing_unit msr_50_3ge
hp procurve_router jd429b
hp h3c_router msr_20-12_t1
hp procurve_switch jd372a
hp procurve_switch jg249a
hp 3com_switch e4510-24g
hp procurve_router jf182a
hp h3c_router msr_20-40
hp 3com_router 5642
hp h3c_ethernet_switch s5500-52c-ei
hp h3c_switch s5800-32f
hp 3com_switch 5500g-ei_sfp
hp h3c_router rt-msr2040-ac-ovs-h3c
hp h3c_switch s5800-56c
hp procurve_switch je021a
hp procurve_switch jg245a
hp h3c_switch s9508e-v
hp procurve_switch jd395a
hp procurve_router jf184a
hp procurve_switch je091a
hp procurve_switch jc748a
hp h3c_switch s3600-52p-si_ls-3600-52p-si-ovs
hp h3c_router msr_20-15_a_w
hp procurve_switch jd375a
hp procurve_switch je029a
hp h3c_ethernet_switch s5500-28c-si
hp h3c_switch s5100-8p-pwr-ei_ls-5100-8p-pwr-ei-ovs
hp procurve_switch jf431b
hp h3c_router sr8805
hp h3c_router rt-msr3040-ac-ovs-h
hp h3c_switch s5120-24p-ei
hp procurve_switch jd332a
hp procurve_router jf238a
hp procurve_switch je092a
hp h3c_router msr_3010
hp procurve_router jf806a
hp 3com_router jg005a
hp procurve_switch je047a
hp procurve_router jf814a
hp procurve_switch jg223a
hp h3c_router msr_900
hp procurve_switch jd010a
hp h3c_router msr_30-60_poe
hp h3c_router msr_20-11
hp h3c_switch s5800-32c
hp h3c_switch s12518
hp procurve_switch jd329a
hp procurve_router jf237a
hp procurve_switch je007a
hp h3c_router rt-msr2013-ac-ovs-w-h3
hp procurve_switch jd371a
hp procurve_switch jd379a
hp procurve_router jf803a
hp procurve_switch jd326a
hp h3c_switch s5100-24p-si_ls-5100-24p-si-ovs-h3
hp procurve_switch je032a
hp 3com_router 5680
hp h3c_switch s5100-8p-ei_ls-5100-8p-ei-ovs-h3
hp procurve_switch jd351a
hp procurve_switch jd348a
hp procurve_switch je168a
CVE-2013-2342 HIGH

The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete data via an SSH session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
hp storeonce_d2d *
hp storeonce_d2d 2.1.01
hp storeonce_d2d 2.2.10
hp storeonce_d2d 2.2.13
hp storeonce_d2d 2.2.16
hp storeonce_d2d 2.2.14
hp storeonce_d2d 2.2.00
CVE-2013-2343 HIGH

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp lefthand_virtual_san_appliance_hydra_software *
hp lefthand_p4000_virtual_san_appliance -
hp lefthand_virtual_san_appliance_hydra -
CVE-2013-2344 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2345 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2346 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2347 HIGH

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2348 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2349 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2350 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-2351 HIGH

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.20
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
CVE-2013-2352 HIGH

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
hp san/iq 10.0
hp san/iq 9.5
hp san/iq *
hp san/iq 8.5
hp san/iq 9.0
hp san/iq 8.0
hp san/iq 8.1
CVE-2013-2353 HIGH

Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storeonce_d2d *
CVE-2013-2355 MEDIUM

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2356 MEDIUM

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2357 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2358 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2359 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2360 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2361 MEDIUM

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2362 LOW

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2363 MEDIUM

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2364 LOW

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
CVE-2013-2365 HIGH

HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp database_and_middleware_automation 10.01
hp database_and_middleware_automation 10.0
CVE-2013-2367 HIGH

Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sitescope 11.20
hp sitescope 11.21
CVE-2013-2368 MEDIUM

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-2369 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-2370 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-3573 HIGH

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp insight_diagnostics 9.4.0.4710
CVE-2013-3574 HIGH

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp insight_diagnostics 9.4.0.4710
CVE-2013-3575 MEDIUM

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp insight_diagnostics 9.4.0.4710
CVE-2013-3576 HIGH

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2013-4325 MEDIUM

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.12.11
hp linux_imaging_and_printing_project 3.9.10
hp linux_imaging_and_printing_project 3.12.10
hp linux_imaging_and_printing_project 3.13.2
hp linux_imaging_and_printing_project 1.0
hp linux_imaging_and_printing_project 3.12.2
hp linux_imaging_and_printing_project 3.13.7
hp linux_imaging_and_printing_project 3.10.5
hp linux_imaging_and_printing_project 3.12.9
hp linux_imaging_and_printing_project 3.9.12
hp linux_imaging_and_printing_project 3.13.6
hp linux_imaging_and_printing_project 3.11.1
hp linux_imaging_and_printing_project 3.13.4
hp linux_imaging_and_printing_project 3.13.9
hp linux_imaging_and_printing_project 3.10.9
hp linux_imaging_and_printing_project 3.12.6
hp linux_imaging_and_printing_project 3.11.3
hp linux_imaging_and_printing_project 3.10.2
hp linux_imaging_and_printing_project 3.10.6
hp linux_imaging_and_printing_project 2.0
hp linux_imaging_and_printing_project 3.11.5
hp linux_imaging_and_printing_project 3.11.7
hp linux_imaging_and_printing_project 3.11.10
hp linux_imaging_and_printing_project 3.9.2
hp linux_imaging_and_printing_project 3.9.6
hp linux_imaging_and_printing_project 3.13.3
hp linux_imaging_and_printing_project 3.13.5
hp linux_imaging_and_printing_project 2.7.10
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.9.4b
hp linux_imaging_and_printing_project 3.13.8
hp linux_imaging_and_printing_project 3.9.4
hp linux_imaging_and_printing_project 3.11.3a
hp linux_imaging_and_printing_project 3.12.4
CVE-2013-4784 HIGH

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp integrated_lights-out_bmc *
CVE-2013-4797 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4798 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4799 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4800 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4801 HIGH

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4802 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp application_lifecycle_management *
hp application_lifecycle_management 11.00
CVE-2013-4805 HIGH

Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_firmware 1.50a
hp integrated_lights-out_firmware 1.15
hp integrated_lights-out_firmware 1.40a
hp integrated_lights-out_firmware 1.15a
hp integrated_lights-out_firmware 1.41a
hp integrated_lights-out_firmware 1.10
hp integrated_lights-out_firmware 1.26a
hp integrated_lights-out_firmware 1.16a
hp integrated_lights-out_firmware 1.27a
hp integrated_lights-out_firmware 1.20a
hp integrated_lights-out_firmware 1.42a
hp integrated_lights-out_firmware *
hp integrated_lights-out_firmware 1.50
CVE-2013-4806 HIGH

The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 5500-48g-poe_ei_switch jd376a
hp 3com_router 3018
hp h3c_ethernet_switch s5600-26c-pwr
hp 5500-24g-sfp_dc_ei_switch jd379a
hp 3com_router 5642
hp h3c_ethernet_switch s5600-50c-pwr
hp 5500-24g_si_switch jd369a
hp 5500-48g_si_switch jd370a
hp 3com_router 5232
hp 3com_router 5642_taa
hp 5500-24g-4sfp_hi_switch_with_2_interface_slots jg311a
hp 5500-24g_ei_switch jd377a
hp 3com_router 5012
hp h3c_ethernet_switch s5600-26c
hp 5500-48g-poe_si_switch jd372a
hp 5500-24g_dc_ei_switch jd373a
hp 5500-48g_ei_switch jd375a
hp h3c_ethernet_switch s5600-26f
hp 3com_router 5682
hp 5500-24g-sfp_ei_switch jd374a
hp 5500g-24_ei_sfp_no_power_supply_unit_switch jf553a
hp 5500-24g-poe_ei_switch jd378a
hp h3c_ethernet_switch s5600-50c
hp 5500g-48_ei_10/100/1000_no_power_supply_unit_switch jf552a
hp 5500-24g-poe_si_switch jd371a
hp 5500g-24_ei_10/100/1000_no_power_supply_unit_switch jf551a
hp 3com_router 3012
CVE-2013-4807 HIGH

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_m1216nfh_multifunction_printer_firmware 20130703
hp laserjet_pro_m1213nf_mfp_firmware 20130703
hp hotspot_laserjet_pro_m1218nfs_mfp_firmware 20130703
hp laserjet_pro_m1214nfh_mfp_firmware 20130703
hp laserjet_pro_cp1025nw_firmware 20130703
hp laserjet_pro_p1606dn_firmware 20130212
hp laserjet_pro_m1217nfw_multifunction_printer_firmware 20130703
hp laserjet_pro_p1102w_firmware 20130703
hp laserjet_pro_m1212nf_mfp_firmware 20130703
CVE-2013-4808 HIGH

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 7.11
hp service_manager 9.31
hp service_manager 9.30
hp service_center 6.2.8
CVE-2013-4809 HIGH

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp procurve_manager 4.0
hp identity_driven_manager 4.0
hp procurve_manager 3.20
CVE-2013-4810 HIGH

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
hp procurve_manager 4.0
hp application_lifecycle_management -
hp identity_driven_manager 4.0
hp procurve_manager 3.20
CVE-2013-4811 HIGH

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp procurve_manager 4.0
hp identity_driven_manager 4.0
hp procurve_manager 3.20
CVE-2013-4812 HIGH

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp procurve_manager 4.0
hp identity_driven_manager 4.0
hp procurve_manager 3.20
CVE-2013-4813 HIGH

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp procurve_manager 4.0
hp identity_driven_manager 4.0
hp procurve_manager 3.20
CVE-2013-4814 MEDIUM

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp xp_9000_command_view 7.4.0
hp xp_9000_command_view 7.1.1
hp xp_9000_command_view 7.4.1
hp xp_9000_command_view 7.3.0
hp xp_9000_command_view 7.0.0
hp xp_9000_command_view 7.3.1
hp xp_9000_command_view 7.5.0
hp xp_9000_command_view 7.2.0
hp xp_9000_command_view 7.1.0
CVE-2013-4817 MEDIUM

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_sso_agent_option 10.0
hp icewall_sso_agent_option 8.0
CVE-2013-4818 MEDIUM

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_smart_device_option 10.0
hp icewall_sso_agent 8.0.1
hp icewall_sso_agent 10.0
hp icewall_file_manager 3.0
hp icewall_sso_agent 8.0
hp icewall_sso_agent_option 10.0
hp icewall_sso_agent_option 8.0
CVE-2013-4819 LOW

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_sso_agent_option 10.0
hp icewall_sso_agent_option 8.0
CVE-2013-4820 LOW

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_smart_device_option 10.0
hp icewall_sso_agent 8.0.1
hp icewall_federation_agent 8.0
hp icewall_sso_agent 10.0
hp icewall_file_manager 3.0
hp icewall_java_agent_library 8.0
hp icewall_java_agent_library 10.0
hp icewall_sso_saml2_option 8.0
hp icewall_sso_agent 8.0
hp icewall_sso_agent_option 10.0
hp icewall_sso_agent_option 8.0
CVE-2013-4821 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 7.1
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
CVE-2013-4822 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.1
hp intelligent_management_center 5.2
hp imc_branch_intelligent_management_system_software_module 5.2
hp imc_branch_intelligent_management_system_software_module 5.1
hp intelligent_management_center 5.0
hp intelligent_management_center *
hp imc_branch_intelligent_management_system_software_module 5.0
CVE-2013-4823 MEDIUM

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 5.1
hp intelligent_management_center 5.2
hp imc_branch_intelligent_management_system_software_module 5.2
hp imc_branch_intelligent_management_system_software_module 5.1
hp intelligent_management_center 5.0
hp intelligent_management_center *
hp imc_branch_intelligent_management_system_software_module 5.0
CVE-2013-4824 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_service_operation_management_software_module -
hp intelligent_management_center *
CVE-2013-4825 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_service_operation_management_software_module -
hp intelligent_management_center *
CVE-2013-4826 MEDIUM

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_service_operation_management_software_module -
hp intelligent_management_center *
CVE-2013-4827 HIGH

SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp imc_service_operation_management_software_module -
hp intelligent_management_center *
CVE-2013-4828 MEDIUM

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
hp laserjet_m4555f -
hp laserjet_m725f -
hp color_laserjet_cm4540fskm -
hp color_laserjet_m575f -
hp color_laserjet_m775z -
hp laserjet_m4555h -
hp laserjet_m525f -
hp color_laserjet_m575dn -
hp color_laserjet_m775z+ -
hp laserjet_m725z+ -
hp color_laserjet_cm4540f -
hp color_laserjet_m775dn -
hp laserjet_m525dn -
hp laserjet_m725z -
hp laserjet_m4555 -
hp color_laserjet_cm4540 -
hp laserjet_enterprise_color_flow_m575c -
hp laserjet_m4555fskm -
hp laserjet_m725dn -
hp scanjet_enterprise_8500fn1 -
hp color_laserjet_m775f -
hp laserjet_flow_m525c -
CVE-2013-4829 LOW

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp laserjet_m4555f -
hp laserjet_m725f -
hp color_laserjet_cm4540fskm -
hp color_laserjet_m575f -
hp color_laserjet_m775z -
hp laserjet_m4555h -
hp laserjet_m525f -
hp color_laserjet_m575dn -
hp color_laserjet_m775z+ -
hp laserjet_m725z+ -
hp color_laserjet_cm4540f -
hp color_laserjet_m775dn -
hp laserjet_m525dn -
hp laserjet_m725z -
hp laserjet_m4555 -
hp color_laserjet_cm4540 -
hp laserjet_enterprise_color_flow_m575c -
hp laserjet_m4555fskm -
hp laserjet_m725dn -
hp scanjet_enterprise_8500fn1 -
hp color_laserjet_m775f -
hp laserjet_flow_m525c -
CVE-2013-4830 HIGH

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.31
hp service_manager 9.30
CVE-2013-4831 MEDIUM

HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.31
hp service_manager 9.30
CVE-2013-4832 MEDIUM

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.31
hp service_manager 9.30
CVE-2013-4833 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.31
hp service_manager 9.30
CVE-2013-4834 HIGH

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp application_lifecycle_management *
CVE-2013-4835 HIGH

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sitescope 11.10
hp sitescope 10.11
hp sitescope 11.01
hp sitescope 11.12
hp sitescope 11.11
hp sitescope 11.20
hp sitescope 10.13
hp sitescope 11.1
hp sitescope 11.21
CVE-2013-4836 HIGH

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp alm_synchronizer *
hp alm_synchronizer 1.30
hp alm_synchronizer 1.20
hp alm_synchronizer 1.10
hp alm_synchronizer 1.40
CVE-2013-4837 HIGH

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4838 HIGH

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4839 HIGH

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 9.0.0
hp loadrunner 9.52
hp loadrunner 11.50
hp loadrunner 9.51
hp loadrunner 9.50.0
CVE-2013-4840 HIGH

Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp secpath1000fe 5.20
hp 5820_vpn_firewall_module jd255a
hp 9500_vpn_firewall_module jd245a
hp s1000-e_vpn_firewall_appliance jd272a
h3c sr88_firewall_processing_module 0231a88l
h3c s5820_secblade_vpn_firewall_module 0231a94j
hp 12500_vpn_firewall_module jc635a
h3c secpath1000fe 5.20
hp secbladefw 5.20
h3c f1000-e_vpn_firewall 0235a26g
h3c sr66_gigabit_firewall_module 0231a88a
hp 6600_firewall_processing_rtr_module jd250a
h3c s7500e_secblade_vpn_firewall_module 0231a832
h3c s9500e_secblade_vpn_firewall_module 0231a0av
hp 8800_firewall_processing_module jd251a
h3c secbladefw 5.20
hp 10500/7500_advanced_vpn_firewall_module jd249a
CVE-2013-4841 HIGH

Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storevirtual_virtual_storage_appliance -
hp lefthand 8.1
hp storevirtual_4000 -
hp lefthand 8.5
hp lefthand 9.0
hp lefthand 9.5
hp lefthand 10
hp lefthand *
CVE-2013-4842 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_firmware 1.16a
hp integrated_lights-out_4 -
hp integrated_lights-out_firmware 1.15
hp integrated_lights-out_firmware 1.20a
hp integrated_lights-out_firmware 1.15a
hp integrated_lights-out_firmware *
hp integrated_lights-out_firmware 1.10
hp integrated_lights-out_firmware 1.26a
CVE-2013-4843 MEDIUM

Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_firmware 1.16a
hp integrated_lights-out_4 -
hp integrated_lights-out_firmware 1.15
hp integrated_lights-out_firmware 1.20a
hp integrated_lights-out_firmware 1.15a
hp integrated_lights-out_firmware *
hp integrated_lights-out_firmware 1.10
hp integrated_lights-out_firmware 1.26a
CVE-2013-4844 HIGH

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.32
hp service_manager 7.11
hp service_manager 9.31
hp service_manager 9.30
hp service_center 6.2.8
CVE-2013-4845 MEDIUM

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp officejet_pro_8500 cb025a
hp officejet_pro_8500 cb862a
hp officejet_pro_8500 cb793a
hp officejet_pro_8500 cb794a
hp officejet_pro_8500_firmware -
hp officejet_pro_8500 cb023a
hp officejet_pro_8500 cb874a
hp officejet_pro_8500 cn539a
hp officejet_pro_8500 cb022a
CVE-2013-4846 MEDIUM

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.8-177
hp system_management_homepage 3.0.1.73
hp system_management_homepage 2.1.10-186
hp system_management_homepage 3.0.2-77
hp system_management_homepage 3.0.2
hp system_management_homepage 2.1.3.132
hp system_management_homepage 7.1
hp system_management_homepage 2.1.15-210
hp system_management_homepage 2.1.8.179
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.10
hp system_management_homepage 3.0.0.64
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.0.1.104
hp system_management_homepage 7.0
hp system_management_homepage 2.0.0
hp system_management_homepage 3.0.1-73
hp system_management_homepage 2.1.0-103(a)
hp system_management_homepage 6.3.0
hp system_management_homepage 7.2.1
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.5.146
hp system_management_homepage 2.1.11.197
hp system_management_homepage 6.3.1
hp system_management_homepage 2.0.2.106
hp system_management_homepage 6.1.0.102
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.6.156
hp system_management_homepage 2.1.0-109
hp system_management_homepage 3.0.2.77
hp system_management_homepage 2.1.12-118
hp system_management_homepage *
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.11
hp system_management_homepage 6.2.2.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.7.168
hp system_management_homepage 6.2.0
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.12-200
hp system_management_homepage 6.0.0-95
hp system_management_homepage 6.1
hp system_management_homepage 2.0.1
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.15
hp system_management_homepage 2.1.14.20
hp system_management_homepage 2.1.0.121
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10.186
hp system_management_homepage 2.2.6
hp system_management_homepage 6.0.0.96
hp system_management_homepage 6.1.0-103
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.14
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.12.201
hp system_management_homepage 2.1.2.127
hp system_management_homepage 3.0.1
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.4.143
hp system_management_homepage 2.1.15.210
hp system_management_homepage 3.0.0
hp system_management_homepage 3.0.0-68
hp system_management_homepage 2.1.3
hp system_management_homepage 2.2.8
hp system_management_homepage 6.0
hp system_management_homepage 7.2
CVE-2013-4854 HIGH

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.9.1
opensuse opensuse 11.4
isc bind 9.7.1
isc dnsco_bind 9.9.4
freebsd freebsd 8.3
isc bind 9.7.3
isc bind 9.9.0
isc bind 9.9.2
suse suse_linux_enterprise_software_development_kit 11.0
isc bind 9.8.1
slackware slackware_linux 12.2
redhat enterprise_linux 6.0
mandriva enterprise_server 5.0
slackware slackware_linux 13.0
freebsd freebsd 8.1
isc bind 9.8.4
redhat enterprise_linux 5
isc bind 9.8.2
isc bind 9.7.5
isc bind 9.7.2
isc bind 9.9.3
freebsd freebsd 8.0
slackware slackware_linux 13.1
isc bind 9.7.0
isc bind 9.7.6
isc bind 9.8.5
isc bind 9.8.3
freebsd freebsd 9.1
hp hp-ux b.11.31
freebsd freebsd 9.2
slackware slackware_linux 12.1
isc bind 9.7.4
isc bind 9.8.6
slackware slackware_linux 13.37
isc bind 9.7.7
fedoraproject fedora 18
mandriva business_server 1.0
novell suse_linux 11
freebsd freebsd 9.0
isc bind 9.8.0
freebsd freebsd 8.4
freebsd freebsd 8.2
fedoraproject fedora 19
isc dnsco_bind 9.9.3
CVE-2013-5870 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server_supplementary 6.0
hp jre *
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_server_supplementary_aus 6.5
redhat enterprise_linux_desktop_supplementary 6.0
hp jdk *
redhat enterprise_linux_server_supplementary_eus 6.5.z
redhat enterprise_linux_server_supplementary 5.0
redhat enterprise_linux_workstation_supplementary 6.0
oracle javafx 2.2.45
redhat enterprise_linux_desktop_supplementary 5.0
CVE-2013-5895 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server_supplementary 6.0
hp jre *
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_server_supplementary_aus 6.5
redhat enterprise_linux_desktop_supplementary 6.0
hp jdk *
redhat enterprise_linux_server_supplementary_eus 6.5.z
redhat enterprise_linux_server_supplementary 5.0
redhat enterprise_linux_workstation_supplementary 6.0
oracle javafx 2.2.45
redhat enterprise_linux_desktop_supplementary 5.0
CVE-2013-5904 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server_supplementary 6.0
hp jdk *
redhat enterprise_linux_server_supplementary_eus 6.5.z
hp jre *
redhat enterprise_linux_server_supplementary 5.0
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_server_supplementary_aus 6.5
redhat enterprise_linux_workstation_supplementary 6.0
redhat enterprise_linux_desktop_supplementary 5.0
redhat enterprise_linux_desktop_supplementary 6.0
CVE-2013-5906 MEDIUM

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server_supplementary 6.0
hp jre *
oracle jdk 1.6.0
oracle jdk 1.5.0
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_server_supplementary_aus 6.5
oracle jre 1.6.0
redhat enterprise_linux_desktop_supplementary 6.0
hp jdk *
redhat enterprise_linux_server_supplementary_eus 6.5.z
oracle jre 1.5.0
redhat enterprise_linux_server_supplementary 5.0
redhat enterprise_linux_workstation_supplementary 6.0
redhat enterprise_linux_desktop_supplementary 5.0
CVE-2013-6188 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp system_management_homepage 7.2.2
hp system_management_homepage 7.1
hp system_management_homepage 7.2.1
hp system_management_homepage 7.2
CVE-2013-6189 HIGH

Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp application_information_optimizer 6.3
hp application_information_optimizer 6.4
hp application_information_optimizer 7.0
hp application_information_optimizer 6.2
CVE-2013-6191 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp operations_orchestration *
hp operations_orchestration 7.2
hp operations_orchestration 7.1
CVE-2013-6192 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp operations_orchestration *
hp operations_orchestration 7.2
hp operations_orchestration 7.1
CVE-2013-6193 MEDIUM

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_cp1525nw_color_printer ce875a
hp laserjet_pro_m1217nfw_mfp ce844a
hp laserjet_pro_400_color_printer_m451 ce957a
hp color_laserjet_cm2320n_multifunction_printer cc434a
hp color_laserjet_cp5225 ce711a
hp color_laserjet_cp1515 cc377a
hp color_laserjet_cp5225 ce712a
hp laserjet_pro_300_color_printer_m351 ce955a
hp laserjet_pro_p1102 ce658a
hp laserjet_pro_400_color_mfp_m475 ce863a
hp laserjet_pro_cp1025nw ce918a
hp laserjet_pro_cm1415fnw_color_multifunction_printer ce862a
hp laserjet_pro_300_color_mfp_printer_m375 ce903a
hp laserjet_m1522n_multifunction_printer cc372a
hp laserjet_m2727_multifunction_printer cb532a
hp laserjet_pro_m1536dnf_multifunction_printer ce538a
hp color_laserjet_cp1518 cc378a
hp laserjet_pro_m1213nf_mfp ce845a
hp hp_laserjet_pro_m1214nfh_mfp ce842a
hp laserjet_pro_p1606dn ce749a
hp laserjet_pro_p1102 ce657a
hp laserjet_pro_400_color_mfp_m475 ce864a
hp topshot_laserjet_pro_m275_mfp cf040a
hp color_laserjet_cp2025_printer cb494a
hp laserjet_pro_400_color_printer_m451 ce956a
hp laserjet_pro_m1216nfh_mfp ce843a
hp color_laserjet_cm1312nfi_multifunction_printer cc431a
hp laserjet_pro_cp1025nw ce914a
hp laserjet_pro_100_color_mfp_m175 ce866a
hp laserjet_pro_m1212nf_mfp ce841a
hp laserjet_m2727_multifunction_printer cb533a
hp color_laserjet_cp5225 ce710a
hp laserjet_pro_400_color_printer_m451 ce958a
CVE-2013-6194 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-6195 HIGH

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 6.20
hp storage_data_protector 6.21
CVE-2013-6196 LOW

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp autonomy_ultraseek 5.0
CVE-2013-6197 MEDIUM

Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.20
hp service_manager_web_tier 9.20
hp service_manager_web_client 9.21
hp service_manager_web_tier 9.21
hp service_manager_web_client 9.20
CVE-2013-6198 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.20
hp service_manager_web_tier 9.20
hp service_manager_web_client 9.21
hp service_manager_web_tier 9.21
hp service_manager_web_client 9.20
CVE-2013-6200 MEDIUM

Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2013-6201 HIGH

Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp security_management_system 3.5.0
hp security_management_system 3.6.0.1
hp security_management_system 3.3.0
hp security_management_system 3.6.0
CVE-2013-6202 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.31
hp service_manager 9.30
hp service_manager 9.33
CVE-2013-6203 HIGH

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-1656.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp application_information_optimizer 6.3
hp application_information_optimizer 6.4
hp application_information_optimizer 7.0
hp application_information_optimizer 6.2
hp application_information_optimizer 7.1
CVE-2013-6204 HIGH

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp application_information_optimizer 6.3
hp application_information_optimizer 6.4
hp application_information_optimizer 7.0
hp application_information_optimizer 6.2
hp application_information_optimizer 7.1
CVE-2013-6205 MEDIUM

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
hp rapid_deployment_pack -
CVE-2013-6206 HIGH

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
hp rapid_deployment_pack -
CVE-2013-6207 HIGH

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sitescope 11.10
hp sitescope 10.11
hp sitescope 10.12
hp sitescope 11.12
hp sitescope 11.11
hp sitescope 10.13
hp sitescope 10.10
hp sitescope 11.21
CVE-2013-6208 HIGH

Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp smart_update_manager 5.3.5
CVE-2013-6209 MEDIUM

Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
hp hp-ux b.11.23
CVE-2013-6210 HIGH

Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp unified_functional_testing 11.0
hp unified_functional_testing *
CVE-2013-6211 HIGH

Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and StoreOnce 4xxx Backup System before 3.9.0 allows remote attackers to obtain sensitive information or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storeonce_4210_iscsi_backup_system *
hp storeonce_4420_backup_system *
hp storeonce_4430_backup_system *
hp storeonce_virtual_storage_appliance *
hp storeonce_2610_iscsi_backup_system *
hp storeonce_2620_iscsi_backup_system *
hp storeonce_4210_fc_backup_system *
hp storeonce_4220_backup_system *
CVE-2013-6212 MEDIUM

Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp database_and_middleware_automation 10.10
hp database_and_middleware_automation 10.01
hp database_and_middleware_automation 10.0
hp database_and_middleware_automation 10.20
CVE-2013-6213 HIGH

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.0.0.0
hp loadrunner *
hp loadrunner 11.50
hp loadrunner 11.51
CVE-2013-6214 MEDIUM

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 9.05
hp universal_configuration_management_database 10.10
hp universal_configuration_management_database 10.01
CVE-2013-6215 HIGH

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 10.10
hp universal_configuration_management_database 10.01
CVE-2013-6216 LOW

Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp array_diagnostics_utility *
hp smartssd_wear_gauge_utility *
hp proliant_array_diagnostics *
hp array_configuration_utility *
CVE-2013-6218 HIGH

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.20
hp network_node_manager_i 9.03
hp network_node_manager_i 9.01
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
hp network_node_manager_i 9.02
CVE-2013-6219 LOW

Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux_whitelisting *
CVE-2013-6220 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.20
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
CVE-2013-6221 HIGH

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp service_virtualization 3.0
CVE-2013-6222 MEDIUM

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.32
hp service_manager 7.21
hp service_manager 9.31
hp service_manager 9.30
hp service_manager 9.33
CVE-2013-6402 LOW

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.12.11
hp linux_imaging_and_printing_project 3.9.10
hp linux_imaging_and_printing_project 3.12.10
hp linux_imaging_and_printing_project 3.13.2
hp linux_imaging_and_printing_project *
hp linux_imaging_and_printing_project 3.13.10
hp linux_imaging_and_printing_project 3.12.2
hp linux_imaging_and_printing_project 3.13.7
hp linux_imaging_and_printing_project 3.10.5
hp linux_imaging_and_printing_project 3.11.12
hp linux_imaging_and_printing_project 3.12.9
hp linux_imaging_and_printing_project 3.9.12
hp linux_imaging_and_printing_project 3.13.6
hp linux_imaging_and_printing_project 3.11.1
hp linux_imaging_and_printing_project 3.13.4
hp linux_imaging_and_printing_project 3.13.9
hp linux_imaging_and_printing_project 3.10.9
hp linux_imaging_and_printing_project 3.12.6
hp linux_imaging_and_printing_project 3.11.3
hp linux_imaging_and_printing_project 3.10.2
hp linux_imaging_and_printing_project 3.10.6
hp linux_imaging_and_printing_project 3.11.5
hp linux_imaging_and_printing_project 3.11.7
hp linux_imaging_and_printing_project 3.11.10
hp linux_imaging_and_printing_project 3.9.2
hp linux_imaging_and_printing_project 3.9.6
hp linux_imaging_and_printing_project 3.13.3
hp linux_imaging_and_printing_project 3.13.5
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.9.4b
hp linux_imaging_and_printing_project 3.13.8
hp linux_imaging_and_printing_project 3.9.4
hp linux_imaging_and_printing_project 3.11.3a
hp linux_imaging_and_printing_project 3.12.4
CVE-2013-6427 MEDIUM

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing_project 3.12.11
hp linux_imaging_and_printing_project 3.9.10
hp linux_imaging_and_printing_project 3.12.10
hp linux_imaging_and_printing_project 3.13.2
hp linux_imaging_and_printing_project 3.13.10
hp linux_imaging_and_printing_project 3.12.2
hp linux_imaging_and_printing_project 3.13.7
hp linux_imaging_and_printing_project 3.10.5
hp linux_imaging_and_printing_project 3.11.12
hp linux_imaging_and_printing_project 3.12.9
hp linux_imaging_and_printing_project 3.9.12
hp linux_imaging_and_printing_project 3.13.6
hp linux_imaging_and_printing_project 3.11.1
hp linux_imaging_and_printing_project 3.13.4
hp linux_imaging_and_printing_project 3.13.9
hp linux_imaging_and_printing_project 3.10.9
hp linux_imaging_and_printing_project 3.12.6
hp linux_imaging_and_printing_project 3.11.3
hp linux_imaging_and_printing_project 3.10.2
hp linux_imaging_and_printing_project 3.10.6
hp linux_imaging_and_printing_project 3.11.5
hp linux_imaging_and_printing_project 3.11.7
hp linux_imaging_and_printing_project 3.11.10
hp linux_imaging_and_printing_project 3.9.2
hp linux_imaging_and_printing_project 3.9.6
hp linux_imaging_and_printing_project 3.13.3
hp linux_imaging_and_printing_project 3.13.5
hp linux_imaging_and_printing_project 3.9.8
hp linux_imaging_and_printing_project 3.9.4b
hp linux_imaging_and_printing_project 3.13.8
hp linux_imaging_and_printing_project 3.9.4
hp linux_imaging_and_printing_project 3.11.3a
hp linux_imaging_and_printing_project 3.12.4
CVE-2013-6852 MEDIUM

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp 2620-24-poe+_switch -
CVE-2014-0382 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server_supplementary 6.0
hp jre *
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_server_supplementary_aus 6.5
redhat enterprise_linux_desktop_supplementary 6.0
hp jdk *
redhat enterprise_linux_server_supplementary_eus 6.5.z
redhat enterprise_linux_server_supplementary 5.0
redhat enterprise_linux_workstation_supplementary 6.0
oracle javafx 2.2.45
redhat enterprise_linux_desktop_supplementary 5.0
CVE-2014-0418 MEDIUM

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server_supplementary 6.0
hp jre *
oracle jdk 1.6.0
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_server_supplementary_aus 6.5
oracle jre 1.6.0
redhat enterprise_linux_desktop_supplementary 6.0
hp jdk *
redhat enterprise_linux_server_supplementary_eus 6.5.z
redhat enterprise_linux_server_supplementary 5.0
redhat enterprise_linux_workstation_supplementary 6.0
redhat enterprise_linux_desktop_supplementary 5.0
CVE-2014-2490 HIGH

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
debian debian_linux 7.0
oracle jdk 1.8.0
hp hp-ux b.11.23
hp hp-ux b.11.31
oracle jdk 1.7.0
oracle jre 1.8.0
CVE-2014-2600 MEDIUM

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_sso_password_reset_option 10.0
hp icewall_identity_manager 4.0
hp icewall_identity_manager 5.0
CVE-2014-2601 HIGH

The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_2_firmware 1.30
hp integrated_lights-out_2_firmware 1.00
hp integrated_lights-out_2_firmware 1.10
hp integrated_lights-out_2_firmware 1.20
hp integrated_lights-out_2_firmware 2.12
hp integrated_lights-out_2_firmware 1.75
hp integrated_lights-out_2_firmware 2.15
hp integrated_lights-out_2_firmware 1.70
hp integrated_lights-out_2_firmware *
hp integrated_lights-out_2_firmware 2.22
hp integrated_lights-out_2_firmware 2.20
CVE-2014-2602 MEDIUM

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp oneview 1.0
hp oneview 1.01
CVE-2014-2603 LOW

Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sn6000_stackable_8gb_12-port_single_power_fibre_channel_switch bk780a
hp sn6000_stackable_8gb_24-port_single_power_fibre_channel_switch aw575b
hp 8gb_simple_san_connection_kit ak241b
hp sn6000_stackable_8gb_24-port_dual_power_fibre_channel_switch aw576b
hp sn6000_stackable_8gb_12-port_single_power_fibre_channel_switch bk780b
hp sn6000_stackable_8gb_24-port_dual_power_fibre_channel_switch aw576a
hp hp_h-series_fibre_channel_switch_firmware *
hp sn6000_stackable_8gb_24-port_single_power_fibre_channel_switch aw575a
hp 8/20q_fibre_channel_switch_16_port ak242b
hp 8/20q_fibre_channel_switch_8_port aq233b
hp 8/20q_fibre_channel_switch_16_port ak242a
hp 8/20q_fibre_channel_switch_8_port aq233a
hp 8gb_simple_san_connection_kit ak241a
CVE-2014-2604 MEDIUM

Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_sso 10.0
hp icewall_mcrp 3.0
hp icewall_mcrp 2.1
CVE-2014-2605 MEDIUM

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_management_software 9.5
hp storevirtual_4330fc -
hp storage_management_software 11.0
hp storevirtual_4130 -
hp storage_management_software 10.5
hp storevirtual_4630 -
hp storevirtual_4330 -
hp storevirtual_4730 -
hp storevirtual_4730fc -
hp storage_management_software 10.0
hp storevirtual_4530 -
hp storevirtual_vsa -
hp storevirtual_4335 -
CVE-2014-2606 HIGH

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_management_software 9.5
hp storevirtual_4330fc -
hp storage_management_software 11.0
hp storevirtual_4130 -
hp storage_management_software 10.5
hp storevirtual_4630 -
hp storevirtual_4330 -
hp storevirtual_4730 -
hp storevirtual_4730fc -
hp storage_management_software 10.0
hp storevirtual_4530 -
hp storevirtual_vsa -
hp storevirtual_4335 -
CVE-2014-2607 HIGH

Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_manager_i 9.1
hp operations_manager_i 9.24
hp operations_manager_i 9.23
hp operations_manager_i 9.13
hp operations_manager_i 9.12
hp operations_manager_i 9.2
CVE-2014-2609 HIGH

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp executive_scorecard 9.41
hp executive_scorecard 9.40
CVE-2014-2610 HIGH

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp executive_scorecard 9.41
hp executive_scorecard 9.40
CVE-2014-2611 HIGH

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp executive_scorecard 9.41
hp executive_scorecard 9.40
CVE-2014-2612 MEDIUM

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp release_control 9.21
hp release_control 9.20
hp release_control 9.11
hp release_control 9.12
hp release_control 9.13
hp release_control 9.1
CVE-2014-2613 HIGH

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp release_control 9.21
hp release_control 9.20
hp release_control 9.11
hp release_control 9.12
hp release_control 9.13
hp release_control 9.1
CVE-2014-2614 HIGH

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sitescope 11.10
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.12
hp sitescope 11.23
hp sitescope 11.11
hp sitescope 11.20
hp sitescope 11.21
hp sitescope 11.13
CVE-2014-2615 HIGH

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 10.10
hp universal_configuration_management_database 10.01
CVE-2014-2616 HIGH

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 10.10
hp universal_configuration_management_database 10.01
CVE-2014-2617 HIGH

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 10.10
hp universal_configuration_management_database 10.01
CVE-2014-2618 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_branch_intelligent_management_system_software_module 7.0
hp intelligent_management_center 7.0
CVE-2014-2619 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_branch_intelligent_management_system_software_module 7.0
hp intelligent_management_center 7.0
CVE-2014-2620 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_branch_intelligent_management_system_software_module 7.0
hp intelligent_management_center 7.0
CVE-2014-2621 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_branch_intelligent_management_system_software_module 7.0
hp intelligent_management_center 7.0
CVE-2014-2622 HIGH

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_branch_intelligent_management_system_software_module 7.0
hp intelligent_management_center 7.0
CVE-2014-2623 HIGH

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 8.10
hp storage_data_protector 8.0
CVE-2014-2624 HIGH

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.20
hp network_node_manager_i 9.0
hp network_node_manager_i 9.10
CVE-2014-2625 HIGH

Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp network_virtualization 8.6
CVE-2014-2626 HIGH

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp network_virtualization 8.6
CVE-2014-2627 MEDIUM

Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nonstop_netbatch h06.28
hp nonstop_netbatch h06.05
hp nonstop_netbatch h06.05.02
hp nonstop_netbatch h06.27
hp nonstop_netbatch j06.15
hp nonstop_netbatch j06.17.01
hp nonstop_netbatch h06.26.01
hp nonstop_netbatch j06.14.03
hp nonstop_netbatch h06.25.01
hp nonstop_netbatch h06.03
hp nonstop_netbatch h06.04
hp nonstop_netbatch h06.24.01
hp nonstop_netbatch g06.14
hp nonstop_netbatch g06.32.01
hp nonstop_netbatch j06.16
hp nonstop_netbatch j06.17
hp nonstop_netbatch j06.16.02
hp nonstop_netbatch h06.05.01
hp nonstop_netbatch j06.14
hp nonstop_netbatch h06.27.01
hp nonstop_netbatch j06.13.01
hp nonstop_netbatch j06.03
hp nonstop_netbatch h06.26
hp nonstop_netbatch j06.15.02
hp nonstop_netbatch h06.25
CVE-2014-2628 MEDIUM

Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp enterprise_maps 1.00
CVE-2014-2629 MEDIUM

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp nonstop_safeguard_security *
CVE-2014-2630 MEDIUM

Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_agent 11.0
CVE-2014-2631 MEDIUM

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp application_lifecycle_management 11.50
hp application_lifecycle_management 12.00
CVE-2014-2632 HIGH

Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.32
hp service_manager 7.21
hp service_manager 9.31
hp service_manager 9.30
hp service_manager 9.33
CVE-2014-2633 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.32
hp service_manager 7.21
hp service_manager 9.31
hp service_manager 9.30
hp service_manager 9.33
CVE-2014-2634 HIGH

Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_manager 9.21
hp service_manager 9.32
hp service_manager 7.21
hp service_manager 9.31
hp service_manager 9.30
hp service_manager 9.33
CVE-2014-2635 HIGH

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sprinter 12.01
CVE-2014-2636 HIGH

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sprinter 12.01
CVE-2014-2637 HIGH

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sprinter 12.01
CVE-2014-2638 HIGH

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sprinter 12.01
CVE-2014-2639 MEDIUM

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp mpio_device_specific_module_manager *
hp mpio_device_specific_module_manager 4.01.00
CVE-2014-2640 MEDIUM

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
hp system_management_homepage 7.2.1
hp system_management_homepage 7.2
CVE-2014-2641 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
hp system_management_homepage 7.2.1
hp system_management_homepage 7.2
CVE-2014-2642 MEDIUM

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 7.0
hp system_management_homepage 7.1
hp system_management_homepage 7.2.1
hp system_management_homepage 7.2
CVE-2014-2643 MEDIUM

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager 7.1
hp systems_insight_manager 7.2
hp systems_insight_manager 7.0
hp systems_insight_manager *
CVE-2014-2644 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp systems_insight_manager 7.1
hp systems_insight_manager 7.2
hp systems_insight_manager 7.0
hp systems_insight_manager *
CVE-2014-2645 MEDIUM

HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp systems_insight_manager 7.1
hp systems_insight_manager 7.2
hp systems_insight_manager 7.0
hp systems_insight_manager *
CVE-2014-2646 HIGH

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp network_automation 9.10
hp network_automation 9.20
CVE-2014-2647 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp operations_agent *
CVE-2014-2648 HIGH

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_manager 9.11
hp operations_manager 9.10
CVE-2014-2649 HIGH

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
linux kernel -
hp operations_manager 9.20
CVE-2014-3956 LOW

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
fedoraproject fedora 20
sendmail sendmail 8.7.10
sendmail sendmail 8.13.3
hp hpux *
sendmail sendmail 8.13.7
sendmail sendmail 8.13.8
sendmail sendmail 8.6.7
sendmail sendmail 8.12.3
sendmail sendmail 8.13.0
sendmail sendmail 8.14.6
sendmail sendmail 8.13.6
sendmail sendmail 8.11.5
sendmail sendmail 8.13.2
sendmail sendmail 8.13.5
sendmail sendmail 8.14.1
sendmail sendmail 8.9.1
sendmail sendmail 8.11.3
sendmail sendmail 8.14.3
sendmail sendmail 8.11.0
sendmail sendmail 8.14.0
sendmail sendmail 8.11.1
sendmail sendmail 8.9.0
freebsd freebsd *
sendmail sendmail 8.12.8
sendmail sendmail 8.11.2
sendmail sendmail 8.14.2
sendmail sendmail 8.12.2
sendmail sendmail 8.7.8
sendmail sendmail 8.7.6
sendmail sendmail 8.14.5
sendmail sendmail 8.8.8
sendmail sendmail 8.10.1
sendmail sendmail 8.12.7
sendmail sendmail 8.14.4
sendmail sendmail 8.10.0
sendmail sendmail 8.12.6
sendmail sendmail 8.12.4
sendmail sendmail 8.14.7
sendmail sendmail 8.9.3
sendmail sendmail 8.10.2
sendmail sendmail 8.10
sendmail sendmail 8.12.5
sendmail sendmail 8.11.4
sendmail sendmail 8.12.10
sendmail sendmail 8.12.0
sendmail sendmail 8.12.9
sendmail sendmail 8.7.9
sendmail sendmail 8.11.6
sendmail sendmail *
sendmail sendmail 8.13.4
sendmail sendmail 8.9.2
sendmail sendmail 8.12.1
sendmail sendmail 8.7.7
sendmail sendmail 8.12.11
sendmail sendmail 8.13.1
sendmail sendmail 8.11.7
CVE-2014-4661 MEDIUM

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp records_manager *
hp records_manager 8.1
CVE-2014-4669 LOW

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp enterprise_maps 1.00
CVE-2014-5160 MEDIUM

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp data_protector 6.11
hp data_protector 6.10
CVE-2014-7301 MEDIUM

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 1.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp sgi_tempo -
CVE-2014-7302 HIGH

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp sgi_tempo -
CVE-2014-7303 HIGH

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp sgi_tempo -
CVE-2014-7874 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp system_management_homepage *
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2014-7875 HIGH

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_cm3530_multifunction_printer_firmware *
CVE-2014-7876 HIGH

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_chassis_management_firmware *
hp integrated_lights-out_2_firmware *
CVE-2014-7877 MEDIUM

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp-ux b.11.31
CVE-2014-7878 HIGH

The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
hp helion_cloud_development_platform 1.0
CVE-2014-7879 HIGH

HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp hp-ux b.11.11
hp hp-ux b.11.23
hp hp-ux b.11.31
CVE-2014-7880 MEDIUM

Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp tcp_ip_services_openvms *
CVE-2014-7881 MEDIUM

Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
CVE-2014-7882 MEDIUM

Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp sitescope 11.10
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.12
hp sitescope 11.23
hp sitescope 11.11
hp sitescope 11.20
hp sitescope 11.21
hp sitescope 11.13
CVE-2014-7883 MEDIUM

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 9.05
hp universal_configuration_management_database 10.11
hp universal_configuration_management_database 10.01
CVE-2014-7884 HIGH

Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_logger 6.0
CVE-2014-7888 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7889 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7890 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7891 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7892 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7893 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7894 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7895 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7896 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp xp_p9000_tiered_storage_manager *
hp xp_p9000_replication_manager *
hp xp_p9000_device_manager *
hp xp7_global_link_manager_software *
CVE-2014-7897 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2014-7898 HIGH

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ole_point_of_sale_driver *
CVE-2015-0839 MEDIUM

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-320,

Products Affected

Vendor Product Version
hp linux_imaging_and_printing *
CVE-2015-0949 MEDIUM

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
hp elitebook_850_g1_firmware 01.09
dell latitude_e6430_firmware a09
CVE-2015-1390

Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
hp airwave *
CVE-2015-1391

Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hp airwave *
CVE-2015-2106 MEDIUM

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_3_firmware *
hp integrated_lights-out_2_firmware *
CVE-2015-2107 MEDIUM

HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp operations_manager_i_management_pack 1.0
CVE-2015-2108 LOW

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp operations_orchestration 10.0
hp operations_orchestration 9.0
CVE-2015-2109 HIGH

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_orchestration 10.0
CVE-2015-2110 HIGH

Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp loadrunner 11.52
CVE-2015-2111 LOW

Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_provisioning 1.40
hp intelligent_provisioning 1.50
hp intelligent_provisioning 1.60
CVE-2015-2112 HIGH

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp easy_tools *
CVE-2015-2113 HIGH

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp easy_tools *
CVE-2015-2114 MEDIUM

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
hp support_solution_framework *
CVE-2015-2115 LOW

Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp capture_and_route_software 1.4
hp capture_and_route_software 1.3
CVE-2015-2116 HIGH

Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storage_data_protector 7.03
hp storage_data_protector 7.02
hp storage_data_protector 7.01
hp storage_data_protector 7.00
CVE-2015-2117 HIGH

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp tippingpoint_security_management_system *
hp tippingpoint_virtual_security_management_system *
CVE-2015-2118 MEDIUM

Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp access_control 14.1
hp access_control 12.0
hp access_control 12.2
hp access_control 12.3
hp access_control 13.0
hp access_control 12.1
hp access_control 14.0
CVE-2015-2120 HIGH

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sitescope 11.30.521
hp sitescope 11.13
hp sitescope 11.24.391
CVE-2015-2121 HIGH

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp network_virtualization 8.61
hp network_virtualization 11.52
CVE-2015-2122 HIGH

The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
hp sdn_van_controller *
CVE-2015-2123 HIGH

Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nonstop_safeguard_security *
CVE-2015-2124 HIGH

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp smart_zero_core 4.3
hp smart_zero_core 4.4
hp thinpro_linux 5.0
hp thinpro_linux 4.2
hp thinpro_linux 4.1
hp thinpro_linux 5.1
hp thinpro_linux 4.4
hp thinpro_linux 4.3
CVE-2015-2125 MEDIUM

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
hp webinspect *
CVE-2015-2126 HIGH

Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp hp-ux 11.11iv3
hp hp-ux 11.11iv2
CVE-2015-2132 MEDIUM

Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_manager_i 9.24
hp operations_manager_i 9.23
hp operations_manager_i 10.00
hp operations_manager_i 9.25
hp operations_manager_i 10.01
CVE-2015-2134 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2015-2135 HIGH

Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_provisioning 2.10
hp intelligent_provisioning *
hp intelligent_provisioning 2.00
CVE-2015-2136 MEDIUM

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2015-2137 HIGH

Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp operations_manager_i 9.22
hp operations_manager_i 9.24
hp operations_manager_i 9.23
hp operations_manager_i 10.00
hp operations_manager_i 9.25
hp operations_manager_i 10.01
CVE-2015-2139 MEDIUM

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2015-2140 MEDIUM

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2015-2201

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
arubanetworks airwave *
hp airwave *
CVE-2015-2202

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
arubanetworks airwave *
hp airwave *
CVE-2015-2802 MEDIUM

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp asset_manager_cloudsystem_chargeback 9.40
hp asset_manager 9.40
hp asset_manager 9.41
hp asset_manager 9.50
hp sitescope *
hp asset_manager 9.31
hp sitescope 11.30
hp asset_manager 9.30
hp asset_manager 9.32
CVE-2015-2902 MEDIUM

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
hp arcsight_smartconnectors *
CVE-2015-2903 MEDIUM

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp arcsight_smartconnectors *
CVE-2015-3113 HIGH

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-122,

Products Affected

Vendor Product Version
suse linux_enterprise_desktop 12
suse linux_enterprise_workstation_extension 12
opensuse opensuse 13.1
hp version_control_repository_manager 7.6
hp system_management_homepage *
redhat enterprise_linux_desktop 6.0
opensuse opensuse 13.2
redhat enterprise_linux_eus 6.6
hp systems_insight_manager *
redhat enterprise_linux_workstation 6.0
adobe flash_player *
hp virtual_connect_enterprise_manager *
redhat enterprise_linux_server 6.0
hp insight_orchestration *
opensuse evergreen 11.4
hp version_control_repository_manager *
hp version_control_agent *
CVE-2015-3143 MEDIUM

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
haxx libcurl 7.13.2
haxx libcurl 7.15.0
haxx libcurl 7.23.1
haxx curl 7.12.3
haxx curl 7.13.0
haxx curl 7.15.4
haxx libcurl 7.15.1
haxx curl 7.16.4
haxx curl 7.19.2
apple mac_os_x 10.10.4
haxx libcurl 7.15.2
haxx curl 7.21.2
haxx curl 7.18.1
apple mac_os_x 10.10.3
haxx libcurl 7.11.1
haxx libcurl 7.12.0
haxx libcurl 7.24.0
haxx libcurl 7.17.1
haxx curl 7.16.3
haxx curl 7.19.4
haxx libcurl 7.10.6
haxx libcurl 7.40.0
haxx curl 7.12.2
haxx libcurl 7.20.1
haxx libcurl 7.13.1
haxx libcurl 7.30.0
haxx libcurl 7.37.0
haxx curl 7.20.1
canonical ubuntu_linux 14.10
haxx libcurl 7.21.4
haxx curl 7.31.0
haxx libcurl 7.22.0
haxx curl 7.15.3
canonical ubuntu_linux 15.04
haxx libcurl 7.12.2
haxx curl 7.40.0
haxx libcurl 7.27.0
haxx libcurl 7.31.0
haxx curl 7.35.0
haxx libcurl 7.28.1
haxx curl 7.19.0
haxx libcurl 7.21.2
haxx libcurl 7.10.8
haxx libcurl 7.15.4
haxx libcurl 7.19.5
haxx libcurl 7.34.0
hp system_management_homepage *
haxx curl 7.12.0
haxx libcurl 7.35.0
haxx libcurl 7.19.4
haxx curl 7.21.6
haxx libcurl 7.15.5
haxx libcurl 7.10.7
haxx curl 7.21.5
haxx curl 7.16.1
haxx curl 7.33.0
haxx curl 7.30.0
haxx libcurl 7.16.1
haxx libcurl 7.29.0
haxx curl 7.27.0
haxx libcurl 7.18.0
haxx libcurl 7.16.4
haxx curl 7.11.0
haxx curl 7.19.1
haxx libcurl 7.19.0
haxx libcurl 7.19.6
haxx libcurl 7.14.0
haxx libcurl 7.25.0
haxx libcurl 7.36.0
haxx curl 7.18.0
haxx libcurl 7.20.0
haxx libcurl 7.39
haxx curl 7.11.2
haxx libcurl 7.19.3
haxx curl 7.16.0
haxx libcurl 7.18.1
haxx libcurl 7.21.5
haxx libcurl 7.23.0
canonical ubuntu_linux 14.04
apple mac_os_x 10.10.2
haxx libcurl 7.16.3
haxx curl 7.15.0
haxx curl 7.41.0
haxx curl 7.29.0
haxx curl 7.10.6
haxx curl 7.15.2
haxx curl 7.25.0
haxx libcurl 7.13.0
haxx curl 7.10.8
haxx curl 7.21.3
haxx libcurl 7.18.2
haxx curl 7.18.2
canonical ubuntu_linux 12.04
haxx curl 7.24.0
haxx curl 7.10.7
haxx curl 7.17.1
haxx curl 7.23.1
haxx curl 7.15.1
haxx curl 7.28.1
haxx libcurl 7.16.2
haxx curl 7.36.0
haxx libcurl 7.17.0
haxx libcurl 7.21.7
haxx curl 7.39.0
apple mac_os_x *
haxx libcurl 7.21.3
haxx libcurl 7.11.2
haxx curl 7.21.7
haxx libcurl 7.21.0
haxx curl 7.14.0
haxx curl 7.19.6
haxx libcurl 7.15.3
haxx curl 7.34.0
haxx curl 7.38.0
apple mac_os_x 10.10.1
haxx curl 7.11.1
haxx curl 7.19.5
haxx curl 7.22.0
haxx libcurl 7.14.1
haxx libcurl 7.38.0
haxx curl 7.12.1
haxx curl 7.26.0
haxx libcurl 7.19.1
haxx curl 7.13.2
haxx curl 7.21.1
haxx libcurl 7.12.1
haxx curl 7.17.0
haxx libcurl 7.19.2
haxx libcurl 7.33.0
haxx curl 7.15.5
haxx curl 7.21.0
haxx curl 7.28.0
haxx libcurl 7.16.0
haxx libcurl 7.41.0
haxx curl 7.19.3
apple mac_os_x 10.10.0
haxx curl 7.13.1
haxx curl 7.14.1
haxx libcurl 7.32.0
haxx curl 7.16.2
haxx libcurl 7.21.1
debian debian_linux 7.0
haxx libcurl 7.37.1
haxx curl 7.32.0
haxx libcurl 7.21.6
haxx curl 7.21.4
haxx libcurl 7.26.0
haxx libcurl 7.28.0
haxx curl 7.20.0
haxx libcurl 7.11.0
haxx libcurl 7.12.3
haxx curl 7.23.0
haxx curl 7.37.1
haxx curl 7.19.7
haxx libcurl 7.19.7
CVE-2015-3145 HIGH

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
haxx libcurl 7.38.0
canonical ubuntu_linux 14.04
apple mac_os_x 10.10.2
haxx libcurl 7.34.0
hp system_management_homepage *
haxx curl 7.41.0
haxx libcurl 7.35.0
apple mac_os_x 10.10.4
haxx libcurl 7.33.0
apple mac_os_x 10.10.3
canonical ubuntu_linux 12.04
haxx curl 7.33.0
haxx libcurl 7.41.0
haxx libcurl 7.40.0
apple mac_os_x 10.10.0
haxx curl 7.36.0
haxx libcurl 7.32.0
haxx curl 7.37.0
haxx curl 7.39.0
haxx libcurl 7.30.0
haxx libcurl 7.37.0
debian debian_linux 7.0
opensuse opensuse 13.2
canonical ubuntu_linux 14.10
haxx libcurl 7.37.1
haxx curl 7.32.0
haxx curl 7.31.0
fedoraproject fedora 21
haxx libcurl 7.36.0
oracle solaris 11.3
haxx libcurl 7.39
canonical ubuntu_linux 15.04
haxx curl 7.40.0
fedoraproject fedora 22
haxx curl 7.34.0
haxx curl 7.38.0
apple mac_os_x 10.10.1
haxx libcurl 7.31.0
haxx curl 7.35.0
haxx curl 7.37.1
CVE-2015-3148 MEDIUM

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
haxx libcurl 7.13.2
haxx libcurl 7.15.0
haxx libcurl 7.23.1
haxx curl 7.12.3
haxx curl 7.13.0
haxx curl 7.15.4
haxx libcurl 7.15.1
haxx curl 7.16.4
haxx curl 7.19.2
apple mac_os_x 10.10.4
haxx libcurl 7.15.2
haxx curl 7.21.2
haxx curl 7.18.1
apple mac_os_x 10.10.3
haxx libcurl 7.11.1
haxx libcurl 7.12.0
haxx libcurl 7.24.0
haxx libcurl 7.17.1
haxx curl 7.16.3
haxx curl 7.19.4
haxx libcurl 7.10.6
haxx libcurl 7.40.0
haxx curl 7.12.2
haxx libcurl 7.20.1
haxx libcurl 7.13.1
haxx libcurl 7.30.0
haxx libcurl 7.37.0
haxx curl 7.20.1
canonical ubuntu_linux 14.10
haxx libcurl 7.21.4
haxx curl 7.31.0
haxx libcurl 7.22.0
haxx curl 7.15.3
canonical ubuntu_linux 15.04
haxx libcurl 7.12.2
haxx curl 7.40.0
haxx libcurl 7.27.0
haxx libcurl 7.31.0
haxx curl 7.35.0
haxx libcurl 7.28.1
haxx curl 7.19.0
haxx libcurl 7.21.2
haxx libcurl 7.10.8
haxx libcurl 7.15.4
haxx libcurl 7.19.5
haxx libcurl 7.34.0
hp system_management_homepage *
haxx curl 7.12.0
haxx libcurl 7.35.0
haxx libcurl 7.19.4
haxx curl 7.21.6
haxx libcurl 7.15.5
haxx libcurl 7.10.7
haxx curl 7.21.5
haxx curl 7.16.1
haxx curl 7.33.0
haxx curl 7.30.0
haxx libcurl 7.16.1
haxx libcurl 7.29.0
haxx curl 7.27.0
haxx libcurl 7.18.0
opensuse opensuse 13.2
haxx libcurl 7.16.4
haxx curl 7.11.0
haxx curl 7.19.1
haxx libcurl 7.19.0
haxx libcurl 7.19.6
haxx libcurl 7.14.0
haxx libcurl 7.25.0
haxx libcurl 7.36.0
haxx curl 7.18.0
haxx libcurl 7.20.0
haxx libcurl 7.39
fedoraproject fedora 22
haxx curl 7.11.2
haxx libcurl 7.19.3
haxx curl 7.16.0
haxx libcurl 7.18.1
haxx libcurl 7.21.5
haxx libcurl 7.23.0
canonical ubuntu_linux 14.04
apple mac_os_x 10.10.2
haxx libcurl 7.16.3
haxx curl 7.15.0
haxx curl 7.41.0
haxx curl 7.29.0
haxx curl 7.10.6
haxx curl 7.15.2
haxx curl 7.25.0
haxx libcurl 7.13.0
haxx curl 7.10.8
haxx curl 7.21.3
haxx libcurl 7.18.2
haxx curl 7.18.2
canonical ubuntu_linux 12.04
haxx curl 7.24.0
haxx curl 7.10.7
haxx curl 7.17.1
haxx curl 7.23.1
haxx curl 7.15.1
haxx curl 7.28.1
haxx libcurl 7.16.2
haxx curl 7.36.0
haxx libcurl 7.17.0
haxx libcurl 7.21.7
haxx curl 7.39.0
fedoraproject fedora 21
haxx libcurl 7.21.3
haxx libcurl 7.11.2
haxx curl 7.21.7
haxx libcurl 7.21.0
haxx curl 7.14.0
haxx curl 7.19.6
haxx libcurl 7.15.3
haxx curl 7.34.0
haxx curl 7.38.0
apple mac_os_x 10.10.1
haxx curl 7.11.1
haxx curl 7.19.5
haxx curl 7.22.0
haxx libcurl 7.14.1
opensuse opensuse 13.1
haxx libcurl 7.38.0
haxx curl 7.12.1
haxx curl 7.26.0
haxx libcurl 7.19.1
haxx curl 7.13.2
haxx curl 7.21.1
haxx libcurl 7.12.1
haxx curl 7.17.0
haxx libcurl 7.19.2
haxx libcurl 7.33.0
haxx curl 7.15.5
haxx curl 7.21.0
haxx curl 7.28.0
haxx libcurl 7.16.0
haxx libcurl 7.41.0
haxx curl 7.19.3
apple mac_os_x 10.10.0
haxx curl 7.13.1
haxx curl 7.14.1
haxx libcurl 7.32.0
haxx curl 7.37.0
haxx curl 7.16.2
haxx libcurl 7.21.1
debian debian_linux 7.0
haxx libcurl 7.37.1
haxx curl 7.32.0
haxx libcurl 7.21.6
haxx curl 7.21.4
haxx libcurl 7.26.0
haxx libcurl 7.28.0
haxx curl 7.20.0
haxx libcurl 7.11.0
haxx libcurl 7.12.3
haxx curl 7.23.0
haxx curl 7.37.1
haxx curl 7.19.7
haxx libcurl 7.19.7
CVE-2015-3196 MEDIUM

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
openssl openssl 1.0.0j
canonical ubuntu_linux 14.04
openssl openssl 1.0.1c
openssl openssl 1.0.1b
canonical ubuntu_linux 15.10
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.4
openssl openssl 1.0.0i
openssl openssl 1.0.1g
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.3
openssl openssl 1.0.0l
redhat enterprise_linux_server_eus 6.7
openssl openssl 1.0.0g
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
canonical ubuntu_linux 12.04
openssl openssl 1.0.1j
debian debian_linux 8.0
hp icewall_sso 10.0
openssl openssl 1.0.1m
openssl openssl 1.0.0o
openssl openssl 1.0.0b
openssl openssl 1.0.0n
canonical ubuntu_linux 15.04
openssl openssl 1.0.1h
openssl openssl 1.0.1o
openssl openssl 1.0.0s
oracle vm_virtualbox *
hp icewall_sso_agent_option 10.0
redhat enterprise_linux_server 7.0
openssl openssl 1.0.0d
openssl openssl 1.0.0h
redhat enterprise_linux_desktop 6.0
openssl openssl 1.0.1k
openssl openssl 1.0.0k
openssl openssl 1.0.0p
redhat enterprise_linux_workstation 6.0
openssl openssl 1.0.0f
openssl openssl 1.0.1l
redhat enterprise_linux_server 6.0
openssl openssl 1.0.1a
openssl openssl 1.0.1i
openssl openssl 1.0.0m
openssl openssl 1.0.1f
openssl openssl 1.0.0e
openssl openssl 1.0.0r
openssl openssl 1.0.1d
redhat enterprise_linux_server_aus 7.3
debian debian_linux 7.0
openssl openssl 1.0.0
openssl openssl 1.0.1
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.3
openssl openssl 1.0.1e
redhat enterprise_linux_desktop 7.0
openssl openssl 1.0.1n
redhat enterprise_linux_server_aus 7.2
openssl openssl 1.0.0a
fedoraproject fedora 22
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
openssl openssl 1.0.0c
openssl openssl 1.0.0q
CVE-2015-3200 MEDIUM

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
oracle solaris 11.3
hp virtual_customer_access_system *
lighttpd lighttpd *
CVE-2015-3237 MEDIUM

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
haxx curl 7.42.0
hp system_management_homepage *
haxx curl 7.41.0
haxx libcurl 7.42.1
oracle enterprise_manager_ops_center 12.3.2
oracle enterprise_manager_ops_center 12.1.4
oracle glassfish_server 3.0.1
oracle glassfish_server 3.1.2
haxx curl 7.40.0
haxx libcurl 7.42.0
oracle enterprise_manager_ops_center 12.2.2
haxx curl 7.42.1
haxx libcurl 7.41.0
haxx libcurl 7.40.0
CVE-2015-3269 MEDIUM

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp business_service_management *
adobe livecycle_data_services 4.6
adobe livecycle_data_services 4.7
adobe livecycle_data_services 4.5
adobe livecycle_data_services 3.0
CVE-2015-4000 MEDIUM

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
google chrome -
oracle jre 1.7.0
suse linux_enterprise_desktop 12
suse suse_linux_enterprise_server 12
opera opera_browser -
canonical ubuntu_linux 14.04
oracle jre 1.6.0
ibm content_manager 8.5
mozilla firefox 38.1.0
canonical ubuntu_linux 12.04
mozilla firefox_os 2.2
mozilla firefox 39.0
microsoft internet_explorer -
openssl openssl *
oracle jdk 1.7.0
debian debian_linux 8.0
mozilla firefox_esr 31.8
mozilla firefox -
mozilla seamonkey 2.35
oracle jdk 1.6.0
debian debian_linux 7.0
suse linux_enterprise_server 11.0
canonical ubuntu_linux 14.10
apple mac_os_x *
mozilla network_security_services 3.19
apple safari -
oracle jdk 1.8.0
suse linux_enterprise_software_development_kit 12
hp hp-ux b.11.31
oracle jre 1.8.0
oracle sparc-opl_service_processor *
canonical ubuntu_linux 15.04
oracle jrockit r28.3.6
apple iphone_os *
mozilla firefox_esr 38.1.0
mozilla thunderbird 31.8
mozilla thunderbird 38.1
CVE-2015-4024 MEDIUM

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
php php 5.5.5
php php 5.5.19
hp system_management_homepage *
php php 5.5.14
php php 5.5.21
php php 5.5.7
php php 5.5.24
php php 5.5.9
redhat enterprise_linux 6.0
php php 5.6.6
php php 5.6.4
php php 5.5.18
php php 5.5.4
redhat enterprise_linux_server_eus 7.1
php php *
php php 5.6.5
php php 5.5.23
oracle linux 6
redhat enterprise_linux_hpc_node_eus 7.1
php php 5.5.11
oracle solaris 11.2
php php 5.5.0
php php 5.5.12
php php 5.5.13
php php 5.5.6
php php 5.4.39
php php 5.5.10
php php 5.6.7
apple mac_os_x *
redhat enterprise_linux 7.0
php php 5.5.22
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_desktop 7.0
php php 5.5.2
php php 5.5.20
php php 5.6.2
php php 5.6.8
oracle linux 7
php php 5.5.1
redhat enterprise_linux_workstation 7.0
php php 5.6.3
php php 5.5.8
php php 5.5.3
php php 5.6.0
CVE-2015-5255 MEDIUM

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp xp_p9000_command_view_advanced_edition -
adobe livecycle_data_services 4.6
adobe livecycle_data_services 4.7
hp xp7_command_view_advanced_edition -
adobe livecycle_data_services 4.5
adobe livecycle_data_services 3.0
adobe coldfusion *
CVE-2015-5312 HIGH

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
apple mac_os_x *
xmlsoft libxml2 *
apple watchos *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
apple tvos *
apple iphone_os *
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-5367 MEDIUM

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp probook_440_g1 *
hp zbook_17_g2 *
hp elitepad_1000_g2 *
hp probook_450_g2 *
hp elitebook_1040_g1 *
hp hspa+_gobi_4g 12.500.00.15.1802
hp elitebook_revolve_810_g1 *
hp probook_440_g0 *
hp probook_645_g1 *
hp probook_x2_620_g1 *
hp zbook_15 *
hp mt41_thin_client *
hp probook_640_g1 *
hp probook_440_g2 *
hp probook_430_g2 *
hp elite_x2_1010_g2 *
hp zbook_15u *
hp elitebook_840_g2 *
hp elitebook_845_g1 *
hp elitebook_1040_g2 *
hp zbook_15_g2 *
hp elitebook_revolve_810_g2 *
hp probook_655_g1 *
hp elitebook_850_g2 *
hp zbook_14_g2 *
hp elitebook_825_g2 *
hp elitebook_820_g1 *
hp probook_450_g1 *
hp elitebook_820_g2 *
hp probook_650_g1 *
hp elitebook_folio_9470m *
hp elitebook_840_g1 *
hp elitebook_850_g1 *
hp probook_430_g1 *
hp lt4112_lte 12.500.00.15.1802
hp probook_450_g0 *
hp zbook_14 *
hp elitebook_855_g1 *
hp spectre_x2_13-smb_pro *
CVE-2015-5368 HIGH

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp probook_440_g1 *
hp zbook_17_g2 *
hp elitepad_1000_g2 *
hp probook_450_g2 *
hp elitebook_1040_g1 *
hp hspa+_gobi_4g 12.500.00.15.1802
hp elitebook_revolve_810_g1 *
hp probook_440_g0 *
hp probook_645_g1 *
hp probook_x2_620_g1 *
hp zbook_15 *
hp mt41_thin_client *
hp probook_640_g1 *
hp probook_440_g2 *
hp probook_430_g2 *
hp elite_x2_1010_g2 *
hp zbook_15u *
hp elitebook_840_g2 *
hp elitebook_845_g1 *
hp elitebook_1040_g2 *
hp zbook_15_g2 *
hp elitebook_revolve_810_g2 *
hp probook_655_g1 *
hp elitebook_850_g2 *
hp zbook_14_g2 *
hp elitebook_825_g2 *
hp elitebook_820_g1 *
hp probook_450_g1 *
hp elitebook_820_g2 *
hp probook_650_g1 *
hp elitebook_folio_9470m *
hp elitebook_840_g1 *
hp elitebook_850_g1 *
hp probook_430_g1 *
hp lt4112_lte 12.500.00.15.1802
hp probook_450_g0 *
hp zbook_14 *
hp elitebook_855_g1 *
hp spectre_x2_13-smb_pro *
CVE-2015-5402 HIGH

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2015-5403 MEDIUM

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2015-5404 HIGH

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2015-5405 MEDIUM

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2015-5406 HIGH

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management 11.2
hp centralview_dealer_performance_audit 2.0
hp centralview_fraud_risk_management 11.1
hp centralview_subscription_fraud_prevention 2.0
hp centralview_revenue_leakage_control 4.2
hp centralview_roaming_fraud_control 2.1
hp centralview_roaming_fraud_control 2.2
hp centralview_roaming_fraud_control 2.3
hp centralview_credit_risk_control 2.1
hp centralview_subscription_fraud_prevention 2.1
hp centralview_dealer_performance_audit 2.1
hp centralview_fraud_risk_management 11.3
hp centralview_credit_risk_control 2.2
hp centralview_revenue_leakage_control 4.1
hp centralview_credit_risk_control 2.3
hp centralview_revenue_leakage_control 4.3
CVE-2015-5407 MEDIUM

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management 11.2
hp centralview_dealer_performance_audit 2.0
hp centralview_fraud_risk_management 11.1
hp centralview_subscription_fraud_prevention 2.0
hp centralview_revenue_leakage_control 4.2
hp centralview_roaming_fraud_control 2.1
hp centralview_roaming_fraud_control 2.2
hp centralview_roaming_fraud_control 2.3
hp centralview_credit_risk_control 2.1
hp centralview_subscription_fraud_prevention 2.1
hp centralview_dealer_performance_audit 2.1
hp centralview_fraud_risk_management 11.3
hp centralview_credit_risk_control 2.2
hp centralview_revenue_leakage_control 4.1
hp centralview_credit_risk_control 2.3
hp centralview_revenue_leakage_control 4.3
CVE-2015-5408 MEDIUM

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management 11.2
hp centralview_dealer_performance_audit 2.0
hp centralview_fraud_risk_management 11.1
hp centralview_subscription_fraud_prevention 2.0
hp centralview_revenue_leakage_control 4.2
hp centralview_roaming_fraud_control 2.1
hp centralview_roaming_fraud_control 2.2
hp centralview_roaming_fraud_control 2.3
hp centralview_credit_risk_control 2.1
hp centralview_subscription_fraud_prevention 2.1
hp centralview_dealer_performance_audit 2.1
hp centralview_fraud_risk_management 11.3
hp centralview_credit_risk_control 2.2
hp centralview_revenue_leakage_control 4.1
hp centralview_credit_risk_control 2.3
hp centralview_revenue_leakage_control 4.3
CVE-2015-5409 HIGH

Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2015-5410 MEDIUM

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2015-5411 MEDIUM

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2015-5412 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2015-5413 MEDIUM

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2015-5416 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5417 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5418 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5419 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5420 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5421 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5422 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5423 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5424 HIGH

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview *
CVE-2015-5426 MEDIUM

Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner *
CVE-2015-5427 HIGH

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
CVE-2015-5428 HIGH

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
CVE-2015-5429 HIGH

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
CVE-2015-5430 MEDIUM

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
CVE-2015-5431 MEDIUM

HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
CVE-2015-5432 HIGH

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp virtual_connect_enterprise_manager_sdk *
CVE-2015-5433 MEDIUM

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp virtual_connect_enterprise_manager_sdk *
CVE-2015-5434 MEDIUM

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp jc072b_hp_12500_main_processing_unit -
hp jg354a_hp_hsr6602-xg_router -
hp jg735a)_hp_msr2004-48_router -
hp jc124a_hp_a9508_switch_chassis -
hp jf430b_hp_12518_switch_chassis -
hp jg777a_hp_hsr6602-xg_taa-compliant_router -
hp jg785a_hp_ff_12518e_dc_switch_chassis -
hp jc748a_hp_10512_switch_chassis -
hp jc613a_hp_10504_switch_chassis -
hp jc474a_hp_a9508-v_switch_chassis -
hp jg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassis -
hp jg821a_hp_10508_taa_switch_chassis -
hp jg409a_hp_msr3012_ac_router -
hp jc653a_hp_12518_dc_switch_chassis -
hp jg861a_hp_msr3024_taa-compliant_ac_router -
hp jh060a_hp_msr1003-8s_ac_router -
hp jh192a_hp_10500_48-port_gig-t_(rj45)_se -
hp jg361b_hp_hsr6802_router_chassis -
hp jg497a_hp_12500_mpu_w/comware 7.0
hp jh075a)_hp_hsr6800_rse-x3_router_main_processing_unit -
hp jf431c_hp_12508_ac_switch_chassis -
hp jg363b_hp_hsr6808_router_chassis -
hp jc125b_hp_9512_switch_chassis -
hp jg410a_hp_msr3012_dc_router -
hp jg820a_hp_10504_taa_switch_chassis -
hp jh196a_hp_10500_2-port_100gbe_cfp_ec -
hp jg408a_hp_msr3024_poe_router -
hp jg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unit -
hp jg823a_hp_10512_taa_switch_chassis -
hp jg364a_hp_hsr6800_rse-x2_router_main_processing_unit -
hp jg784a_hp_ff_12518e_ac_switch_chassis -
hp jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation -
hp jc654a_hp_12504_ac_switch_chassis -
hp jg802a_hp_ff_12500e_mpu -
hp jg411a_hp_msr2003_ac_router -
hp jg405a_hp_msr3044_router -
hp jf431a_hp_a12508_switch_chassis -
hp jg403a_hp_msr4060_router_chassis -
hp jg783a_hp_ff_12508e_dc_switch_chassis -
hp jf431b_hp_12508_switch_chassis -
hp jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa -
hp jf430c_hp_12518_ac_switch_chassis -
hp jg362b_hp_hsr6804_router_chassis -
hp jh198a_hp_10500_type_d_main_processing_unit_with_comware 7.0
hp jc612a_hp_10508_switch_chassis -
hp jg296a_hp_5920af-24xg_switch -
hp jg361a_hp_hsr6802_router_chassis -
hp jc652a_hp_12508_dc_switch_chassis -
hp jc655a_hp_12504_dc_switch_chassis -
hp jg782a_hp_ff_12508e_ac_switch_chassis -
hp jg813aae_hp_vsr1008_comware_7_virtual_services_router -
hp jg402a_hp_msr4080_router_chassis -
hp jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd -
hp jg412a_hp_msr4000_mpu-100_main_processing_unit -
hp jg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassis -
hp jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg -
hp jh179a_hp_flexfabric_5930_4-slot_switch -
hp jh188a_hp_flexfabric_5930_4-slot_taa-compliant_switch -
hp jg406a_hp_msr3024_ac_router -
hp jg811aae_hp_vsr1001_comware_7_virtual_services_router -
hp jg875a_hp_msr1002-4_ac_router -
hp jg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassis -
hp jg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassis -
hp jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa -
hp jg798a_hp_flexfabric_12508e_fabric -
hp jc474b_hp_9508-v_switch_chassis -
hp jg866a_hp_msr2003_taa-compliant_ac_router -
hp jg496a_hp_10500_type_a_mpu_with_comware 7.0
hp jg812aae_hp_vsr1004_comware_7_virtual_services_router -
hp jg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unit -
hp jc124b_hp_9505_switch_chassis -
hp jg407a_hp_msr3024_dc_router -
hp jc086a_hp_a12508_switch_chassis -
hp jg363a_hp_hsr6808_router_chassis -
hp jg734a_hp_msr2004-24_ac_router -
hp jc085a_hp_a12518_switch_chassis -
hp jg776a_hp_hsr6602-g_taa-compliant_router -
hp jf430a_hp_a12518_switch_chassis -
hp jg362a_hp_hsr6804_router_chassis -
hp jg404a_hp_msr3064_router -
hp jc611a_hp_10508-v_switch_chassis -
hp jg822a_hp_10508-v_taa_switch_chassis -
hp jc125a_hp_a9512_switch_chassis -
hp jg353a_hp_hsr6602-g_router -
hp jc808a_hp_12500_taa_main_processing_unit -
hp jg555a_hp_5920af-24xg_taa_switch -
hp jg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unit -
CVE-2015-5435 MEDIUM

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_3_firmware *
CVE-2015-5436 HIGH

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_firmware *
CVE-2015-5440 MEDIUM

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp universal_configuration_management_database 10.21
hp universal_configuration_management_database 10.11
hp universal_configuration_management_database 10.00
hp universal_configuration_management_database 10.10
hp universal_configuration_management_database 10.01
CVE-2015-5441 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp archsight_management_center *
hp arcsight_logger *
CVE-2015-5442 MEDIUM

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp software_update *
CVE-2015-5443 MEDIUM

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp 3par_service_processor_sp 4.3.0.ga-24_(mu1)_spocc
hp 3par_service_processor_sp 4.3.0.ga-17_(ga)_spocc
hp 3par_service_processor_sp 4.2.0.ga-29_(ga)_spocc
CVE-2015-5444 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp smart_profile_server_data_analytics_layer 2.3
CVE-2015-5445 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp storeonce_backup_system_software *
CVE-2015-5446 MEDIUM

HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storeonce_backup_system_software *
CVE-2015-5447 LOW

Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp storeonce_backup_system_software *
CVE-2015-5451 MEDIUM

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp operations_orchestration *
CVE-2015-6029 MEDIUM

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
hp arcsight_logger 6.0.0.7307.1
CVE-2015-6030 HIGH

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp arcsight_connector_appliance *
hp arcsight_logger 6.0.0.7307.1
hp arcsight_management_center *
hp arcsight_command_center 6.8.0.1896.0
hp arcsight_connectors *
microfocus arcsight_enterprise_security_manager *
hp arcsight_express 4.0
CVE-2015-6857 HIGH

Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.52
hp performance_center 12.00
hp loadrunner 12.50
hp performance_center 12.20
hp performance_center 12.01
hp loadrunner 12.01
hp performance_center 12.50
hp loadrunner 12.02
hp loadrunner 12.00
hp performance_center 11.52
CVE-2015-6858 MEDIUM

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp insight_management *
CVE-2015-6859 MEDIUM

HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp network_switch_software *
CVE-2015-6860 HIGH

HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp j9532a *
hp j9574a *
hp j9091a *
hp j9264a *
hp j9448a *
hp j9584a *
hp j9638a *
hp j8693a *
hp j8697a *
hp j8992a *
hp j9639a *
hp j9826a *
hp j9866a *
hp j9533a *
hp j9641a *
hp j9825a *
hp j9585a *
hp j9447a *
hp j9824a *
hp j9587a *
hp j9850a *
hp j8700a *
hp j8692a *
hp j9451a *
hp j9539a *
hp j9472a *
hp j9573a *
hp j9851a *
hp j9265a *
hp j9821a *
hp j9470a *
hp j9643a *
hp j9823a *
hp j9822a *
hp j9475a *
hp j9311a *
hp j9588a *
hp j8699a *
hp j9575a *
hp j9576a *
hp j9473a *
hp j9586a *
hp j8715a *
hp j9540a *
hp network_switch_software *
hp j9471a *
hp j8698a *
hp j9263a *
hp j8715b *
hp j9640a *
hp j9452a *
hp j9310a *
hp j9868a *
hp j9642a *
CVE-2015-6862 HIGH

HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-284,

Products Affected

Vendor Product Version
hp ucmdb_browser 4.0.1
CVE-2015-6863 HIGH

HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2015-6864 MEDIUM

HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2015-6867 HIGH

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp vertica 7.1.1
CVE-2015-7497 MEDIUM

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
xmlsoft libxml2 *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-7498 MEDIUM

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
xmlsoft libxml2 *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-7499 MEDIUM

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
opensuse opensuse 13.2
redhat enterprise_linux_hpc_node 6.0
apple mac_os_x *
xmlsoft libxml2 *
apple watchos *
opensuse leap 42.1
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
apple tvos *
apple iphone_os *
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-7500 MEDIUM

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
apple mac_os_x *
xmlsoft libxml2 *
apple watchos *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
apple tvos *
apple iphone_os *
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-7547 MEDIUM

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_desktop 12
canonical ubuntu_linux 14.04
gnu glibc 2.12.2
canonical ubuntu_linux 15.10
suse linux_enterprise_server 12
gnu glibc 2.15
oracle exalogic_infrastructure 1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_analytics 12.0.0
hp server_migration_pack 7.5
gnu glibc 2.20
canonical ubuntu_linux 12.04
sophos unified_threat_management_software 9.319
f5 big-ip_link_controller 12.0.0
gnu glibc 2.17
debian debian_linux 8.0
gnu glibc 2.16
sophos unified_threat_management_software 9.355
gnu glibc 2.19
hp helion_openstack 2.1.0
redhat enterprise_linux_hpc_node 7.0
suse linux_enterprise_software_development_kit 12
f5 big-ip_domain_name_system 12.0.0
gnu glibc 2.18
hp helion_openstack 2.0.0
f5 big-ip_application_security_manager 12.0.0
oracle fujitsu_m10_firmware *
gnu glibc 2.11.1
suse linux_enterprise_software_development_kit 11.0
redhat enterprise_linux_server 7.0
suse suse_linux_enterprise_server 12
gnu glibc 2.11.3
suse linux_enterprise_debuginfo 11.0
gnu glibc 2.10.1
gnu glibc 2.10
gnu glibc 2.12
gnu glibc 2.22
gnu glibc 2.21
f5 big-ip_access_policy_manager 12.0.0
gnu glibc 2.9
gnu glibc 2.11
f5 big-ip_policy_enforcement_manager 12.0.0
suse linux_enterprise_desktop 11.0
suse linux_enterprise_server 11.0
gnu glibc 2.11.2
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
gnu glibc 2.13
redhat enterprise_linux_desktop 7.0
hp helion_openstack 1.1.1
redhat enterprise_linux_server_aus 7.2
gnu glibc 2.12.1
f5 big-ip_application_acceleration_manager 12.0.0
gnu glibc 2.14.1
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_workstation 7.0
gnu glibc 2.14
oracle exalogic_infrastructure 2.0
f5 big-ip_local_traffic_manager 12.0.0
CVE-2015-7942 MEDIUM

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
debian debian_linux 7.0
canonical ubuntu_linux 15.10
apple mac_os_x *
apple watchos *
hp icewall_file_manager 3.0
xmlsoft libxml2 2.9.2
canonical ubuntu_linux 15.04
canonical ubuntu_linux 12.04
apple tvos *
apple iphone_os *
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-8241 MEDIUM

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
xmlsoft libxml2 *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-8242 MEDIUM

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
apple mac_os_x *
xmlsoft libxml2 *
apple watchos *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
apple tvos *
apple iphone_os *
hp icewall_federation_agent 3.0
CVE-2015-8317 MEDIUM

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_hpc_node 6.0
xmlsoft libxml2 *
hp icewall_file_manager 3.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
hp icewall_federation_agent 3.0
debian debian_linux 8.0
CVE-2015-8651 HIGH

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
adobe air *
suse linux_enterprise_desktop 12
suse linux_enterprise_workstation_extension 12
opensuse opensuse 13.1
suse linux_enterprise_desktop 11
hp system_management_homepage *
redhat enterprise_linux_desktop 6.0
opensuse opensuse 13.2
redhat enterprise_linux_desktop 5.0
adobe air_sdk *
hp systems_insight_manager *
hp matrix_operating_environment 7.6
redhat enterprise_linux_workstation 6.0
adobe flash_player *
redhat enterprise_linux_server 6.0
hp insight_control *
opensuse evergreen 11.4
hp insight_control_server_provisioning *
hp version_control_repository_manager *
redhat enterprise_linux_server 5.0
redhat enterprise_linux_workstation 5.0
adobe air_sdk_&_compiler *
CVE-2016-0728 HIGH

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
google android 4.2.2
google android 5.1.1
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
google android 5.0.1
google android 5.0.2
google android 4.4
google android 4.2
google android 4.0
google android 5.0
google android 4.4.1
canonical ubuntu_linux 12.04
google android 4.0.4
google android 4.0.2
hp server_migration_pack *
google android 4.0.1
debian debian_linux 8.0
google android 4.3.1
google android 6.0
google android 4.1.2
google android 4.4.2
google android 5.1.0
google android 4.0.3
google android 6.0.1
canonical ubuntu_linux 15.04
google android 4.2.1
google android 4.3
google android 5.1
linux linux_kernel *
google android 4.4.3
google android 4.1
CVE-2016-0777 MEDIUM

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sophos unified_threat_management_software 9.318
hp remote_device_access_virtual_customer_access_system *
sophos unified_threat_management_software 9.353
openbsd openssh 5.1
openbsd openssh 5.5
openbsd openssh 5.4
openbsd openssh 5.3
openbsd openssh 6.2
openbsd openssh 5.6
openbsd openssh 6.5
openbsd openssh 6.3
openbsd openssh 5.9
openbsd openssh 5.2
openbsd openssh 5.0
openbsd openssh 6.0
apple mac_os_x *
openbsd openssh 6.4
openbsd openssh 7.1
oracle solaris 11.3
openbsd openssh 6.8
openbsd openssh 6.1
openbsd openssh 5.8
oracle linux 7
openbsd openssh 6.9
openbsd openssh 7.0
openbsd openssh 6.6
openbsd openssh 6.7
openbsd openssh 5.7
CVE-2016-0778 MEDIUM

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openssh 6.0
sophos unified_threat_management_software 9.353
apple mac_os_x *
openbsd openssh 5.5
openbsd openssh 6.4
openbsd openssh 7.1
openbsd openssh 5.4
openbsd openssh 6.2
openbsd openssh 5.6
openbsd openssh 6.5
oracle solaris 11.3
hp virtual_customer_access_system *
openbsd openssh 6.8
openbsd openssh 6.1
openbsd openssh 6.3
openbsd openssh 5.8
openbsd openssh 5.9
oracle linux 7
openbsd openssh 6.9
openbsd openssh 7.0
openbsd openssh 6.6
openbsd openssh 6.7
openbsd openssh 5.7
CVE-2016-1985 HIGH

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp operations_manager 8.16
hp operations_manager 8.1
hp operations_manager 8.10
hp operations_manager 9.0
CVE-2016-1986 HIGH

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp continuous_delivery_automation 1.3.0
CVE-2016-1987 LOW

HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp hp-ux_ipfilter a.11.31.18.21
CVE-2016-1988 HIGH

HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.00.01
CVE-2016-1989 HIGH

HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.00.01
CVE-2016-1992 MEDIUM

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp enterprise_security_manager_express *
hp enterprise_security_manager *
CVE-2016-1993 MEDIUM

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-1994 MEDIUM

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-1995 HIGH

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-1996 LOW

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-1997 HIGH

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp operations_orchestration 10.22
hp operations_orchestration 10.50
hp operations_orchestration 10.02
hp operations_orchestration 10.0
hp operations_orchestration 10.01
hp operations_orchestration 10.21
hp operations_orchestration 10.22.1
hp operations_orchestration 10.10
hp operations_orchestration 10.20
hp operations_orchestration_content *
CVE-2016-1998 HIGH

HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.35
hp service_manager 9.31
hp service_manager 9.40
hp service_manager 9.30
hp service_manager 9.33
hp service_manager 9.34
hp service_manager 9.41
CVE-2016-1999 HIGH

The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp release_control 9.21
hp release_control 9.20
hp release_control 9.13
CVE-2016-2000 HIGH

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
hp asset_manager_cloudsystem_chargeback 9.40
hp asset_manager 9.40
hp asset_manager 9.41
hp asset_manager 9.50
CVE-2016-2001 MEDIUM

HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp universal_cmbd_foundation 10.20
hp universal_cmbd_foundation 10.0
hp universal_cmbd_foundation 10.01
hp universal_cmbd_foundation 10.10
hp universal_cmbd_foundation 10.11
CVE-2016-2002 HIGH

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
hp vertica *
CVE-2016-2003 HIGH

HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp xp7_command_view_advanced_edition_suite -
hp p9000_command_view_advanced_edition_software -
CVE-2016-2004 HIGH

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2016-2005 HIGH

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2016-2006 HIGH

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2016-2007 HIGH

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2016-2008 HIGH

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp data_protector *
CVE-2016-2009 MEDIUM

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.23
hp network_node_manager_i 9.20
hp network_node_manager_i 9.24
hp network_node_manager_i 10.01
hp network_node_manager_i 9.25
hp network_node_manager_i 10.00
CVE-2016-2010 LOW

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.23
hp network_node_manager_i 9.20
hp network_node_manager_i 9.24
hp network_node_manager_i 10.01
hp network_node_manager_i 9.25
hp network_node_manager_i 10.00
CVE-2016-2011 LOW

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.23
hp network_node_manager_i 9.20
hp network_node_manager_i 9.24
hp network_node_manager_i 10.01
hp network_node_manager_i 9.25
hp network_node_manager_i 10.00
CVE-2016-2012 HIGH

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.23
hp network_node_manager_i 9.20
hp network_node_manager_i 9.24
hp network_node_manager_i 10.01
hp network_node_manager_i 9.25
hp network_node_manager_i 10.00
CVE-2016-2013 MEDIUM

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.23
hp network_node_manager_i 9.20
hp network_node_manager_i 9.24
hp network_node_manager_i 10.01
hp network_node_manager_i 9.25
hp network_node_manager_i 10.00
CVE-2016-2014 HIGH

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp network_node_manager_i 9.23
hp network_node_manager_i 9.20
hp network_node_manager_i 9.24
hp network_node_manager_i 10.01
hp network_node_manager_i 9.25
hp network_node_manager_i 10.00
CVE-2016-2015 MEDIUM

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-2016 LOW

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp base-vxfs-51 b.05.10.02
hp base-vxfs-501 b.05.01.0
hp base-vxfs-501 b.05.01.01
hp base-vxfs-501 b.05.01.03
hp base-vxfs-51 b.05.10.00
hp base-vxfs-50 b.05.00.01
hp base-vxfs-50 b.05.00.02
CVE-2016-2017 MEDIUM

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2018 MEDIUM

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2019 HIGH

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2020 HIGH

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2021 HIGH

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2022 MEDIUM

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2023 LOW

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp restful_interface_tool 1.40
CVE-2016-2024 HIGH

HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_contol *
hp server_migration_package *
CVE-2016-2025 MEDIUM

HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp service_manager 9.32
hp service_manager 9.35
hp service_manager 9.31
hp service_manager 9.40
hp service_manager 9.30
hp service_manager 9.33
hp service_manager 9.34
hp service_manager 9.41
CVE-2016-2026 MEDIUM

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2027 MEDIUM

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2028 MEDIUM

HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2029 MEDIUM

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2030 MEDIUM

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-2107 LOW

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-310,

Products Affected

Vendor Product Version
google android 4.2.2
canonical ubuntu_linux 14.04
hp helion_openstack 2.1
canonical ubuntu_linux 15.10
google android 5.0.1
redhat enterprise_linux_hpc_node 6.0
google android 4.4
openssl openssl 1.0.2f
google android 4.4.1
canonical ubuntu_linux 12.04
google android 4.0.4
google android 4.0.2
openssl openssl *
google android 4.0.1
openssl openssl 1.0.2g
debian debian_linux 8.0
hp helion_openstack 2.1.0
google android 4.3.1
hp helion_openstack 2.1.4
google android 4.4.2
google android 5.1.0
nodejs node.js *
redhat enterprise_linux_hpc_node 7.0
openssl openssl 1.0.2
google android 4.0.3
nodejs node.js 6.0.0
hp helion_openstack 2.0
hp helion_openstack 2.0.0
openssl openssl 1.0.2c
google android 4.3
google android 4.4.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
google android 4.2
redhat enterprise_linux_workstation 6.0
google android 4.0
google android 5.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
openssl openssl 1.0.2a
openssl openssl 1.0.2d
google android 4.1.2
opensuse opensuse 13.2
hp helion_openstack 2.1.2
redhat enterprise_linux_server_eus 7.2
opensuse leap 42.1
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.2
google android 4.2.1
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_workstation 7.0
google android 5.1
openssl openssl 1.0.2b
google android 4.1
openssl openssl 1.0.2e
CVE-2016-2177 HIGH

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
openssl openssl 1.0.1t
openssl openssl 1.0.1c
openssl openssl 1.0.1s
oracle solaris 10
openssl openssl 1.0.1b
openssl openssl 1.0.1k
openssl openssl 1.0.1g
openssl openssl 1.0.1p
openssl openssl 1.0.2f
openssl openssl 1.0.1l
openssl openssl 1.0.1a
openssl openssl 1.0.1i
openssl openssl 1.0.1f
oracle linux 6
openssl openssl 1.0.1j
openssl openssl 1.0.2g
hp icewall_sso 10.0
openssl openssl 1.0.1m
openssl openssl 1.0.2a
openssl openssl 1.0.1r
openssl openssl 1.0.2d
openssl openssl 1.0.1d
openssl openssl 1.0.1
openssl openssl 1.0.2h
openssl openssl 1.0.1e
oracle linux 5
openssl openssl 1.0.2
openssl openssl 1.0.1q
oracle solaris 11.3
openssl openssl 1.0.1n
openssl openssl 1.0.1h
openssl openssl 1.0.1o
hp icewall_mcrp 3.0
oracle linux 7
openssl openssl 1.0.2c
openssl openssl 1.0.2b
hp icewall_sso_agent_option 10.0
openssl openssl 1.0.2e
CVE-2016-2182 HIGH

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
openssl openssl 1.0.1t
openssl openssl 1.0.1c
openssl openssl 1.0.1s
openssl openssl 1.0.1b
openssl openssl 1.0.1k
openssl openssl 1.0.1g
openssl openssl 1.0.1p
openssl openssl 1.0.2f
openssl openssl 1.0.1l
openssl openssl 1.0.1a
openssl openssl 1.0.1i
openssl openssl 1.0.1f
oracle linux 6
openssl openssl 1.0.1j
openssl openssl 1.0.2g
hp icewall_sso 10.0
openssl openssl 1.0.1m
openssl openssl 1.0.2a
openssl openssl 1.0.1r
openssl openssl 1.0.2d
openssl openssl 1.0.1d
openssl openssl 1.0.1
openssl openssl 1.0.2h
openssl openssl 1.0.1e
oracle linux 5
openssl openssl 1.0.2
openssl openssl 1.0.1q
openssl openssl 1.0.1n
openssl openssl 1.0.1h
openssl openssl 1.0.1o
hp icewall_mcrp 3.0
oracle linux 7
openssl openssl 1.0.2c
hp icewall_federation_agent 3.0
openssl openssl 1.0.2b
hp icewall_sso_agent_option 10.0
openssl openssl 1.0.2e
CVE-2016-2243 MEDIUM

Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp zbook_firmware 1.03
hp z240_firmware 1.11
hp 700_series_firmware 2.05
hp 1000_series_firmware 1.1
hp z238_firmware 1.11
hp 1000_series_firmware 1.04
hp 800_series_firmware 2.09
hp 700_series_firmware 2.09
hp 800_series_firmware 2.1
hp elitebook_folio_1012_x2_g2 -
hp 700_series_firmware 2.07
hp 1000_series_firmware 1.01
hp zbook_firmware 1.04
hp 700_series_firmware 1.08
hp 700_series_firmware 1.05
CVE-2016-2244 MEDIUM

HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp futuresmart_firmware *
CVE-2016-2245 HIGH

HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2016-2246 HIGH

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp thinpro 4.4
hp thinpro 5.2
hp thinpro 5.1
hp thinpro 6.1
hp thinpro 5.0
hp thinpro 5.2.1
hp thinpro 6.0
CVE-2016-2775 MEDIUM

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
isc bind 9.10.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.2
fedoraproject fedora 24
isc bind 9.11.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.6
isc bind *
redhat enterprise_linux_workstation 6.0
isc bind 9.9.9
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.3
fedoraproject fedora 23
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.7
hp hp-ux b.11.31
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
CVE-2016-2776 HIGH

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.10.4
oracle vm_server 3.4
oracle vm_server 3.3
isc bind 9.11.0
isc bind 9.10.0
isc bind *
oracle vm_server 3.2
oracle solaris 10.0
oracle solaris 11.3
isc bind 9.10.1
isc bind 9.10.3
oracle linux 7
isc bind 9.10.2
oracle linux 5.0
hp hp-ux 11.31
oracle linux 6
CVE-2016-3092 HIGH

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
apache tomcat 7.0.56
canonical ubuntu_linux 15.10
apache tomcat 7.0.14
apache tomcat 7.0.37
apache tomcat 7.0.42
apache tomcat 7.0.69
apache tomcat 7.0.40
apache tomcat 8.0.11
apache tomcat 7.0.20
apache tomcat 7.0.4
apache tomcat 7.0.57
apache tomcat 7.0.34
apache commons_fileupload *
canonical ubuntu_linux 12.04
apache tomcat 7.0.2
apache tomcat 7.0.21
apache tomcat 7.0.30
apache tomcat 7.0.52
hp icewall_identity_manager 5.0
debian debian_linux 8.0
apache tomcat 8.5.0
apache tomcat 7.0.22
apache tomcat 8.0.5
apache tomcat 7.0.23
apache tomcat 7.0.47
apache tomcat 7.0.39
apache tomcat 7.0.59
apache tomcat 7.0.19
apache tomcat 8.0.33
apache tomcat 8.0.14
apache tomcat 7.0.0
apache tomcat 7.0.54
apache tomcat 8.0.8
apache tomcat 8.0.26
apache tomcat 7.0.16
apache tomcat 7.0.26
hp icewall_sso_agent_option 10.0
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 8.0.35
apache tomcat 7.0.11
apache tomcat 7.0.25
apache tomcat 8.0.20
apache tomcat 8.0.27
apache tomcat 7.0.27
apache tomcat 8.0.15
apache tomcat 7.0.33
apache tomcat 7.0.35
apache tomcat 8.0.1
apache tomcat 7.0.67
apache tomcat 9.0.0
apache tomcat 7.0.29
apache tomcat 7.0.41
apache tomcat 8.0.32
apache tomcat 7.0.63
apache tomcat 7.0.28
apache tomcat 7.0.6
apache tomcat 8.0.12
apache tomcat 7.0.32
apache tomcat 8.0.23
apache tomcat 7.0.50
apache tomcat 7.0.62
canonical ubuntu_linux 16.04
apache tomcat 8.5.2
apache tomcat 7.0.53
apache tomcat 7.0.1
apache tomcat 7.0.55
apache tomcat 8.0.29
apache tomcat 8.0.28
apache tomcat 8.0.0
apache tomcat 7.0.61
apache tomcat 7.0.64
apache tomcat 7.0.5
apache tomcat 7.0.65
apache tomcat 8.0.21
apache tomcat 8.0.22
apache tomcat 8.0.24
apache tomcat 8.0.18
apache tomcat 8.0.17
apache tomcat 7.0.8
apache tomcat 8.0.30
apache tomcat 7.0.10
apache tomcat 7.0.68
CVE-2016-3627 MEDIUM

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 15.10
oracle vm_server 3.4
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.6
hp icewall_file_manager 3.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
debian debian_linux 8.0
oracle vm_server 3.3
xmlsoft libxml2 *
opensuse leap 42.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 7.0
oracle solaris 11.3
redhat enterprise_linux_server_aus 7.2
redhat jboss_core_services -
redhat enterprise_linux_workstation 7.0
hp icewall_federation_agent 3.0
redhat enterprise_linux_eus 7.4
CVE-2016-3705 MEDIUM

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
xmlsoft libxml2 2.9.3
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
opensuse leap 42.1
hp icewall_file_manager 3.0
hp icewall_federation_agent 3.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
CVE-2016-3710 HIGH

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat openstack 7.0
citrix xenserver *
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_server_tus 7.6
oracle vm_server 3.4
redhat enterprise_linux_server_eus 7.4
redhat virtualization 3.0
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
qemu qemu 2.6.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
redhat openstack 8
redhat enterprise_linux_server_eus 7.7
oracle linux 6
canonical ubuntu_linux 16.04
debian debian_linux 8.0
redhat openstack 5.0
hp helion_openstack 2.1.0
redhat enterprise_linux_server_aus 7.3
hp helion_openstack 2.1.4
oracle vm_server 3.3
hp helion_openstack 2.1.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.3
oracle linux 5
redhat enterprise_linux_server_tus 7.7
oracle vm_server 3.2
redhat enterprise_linux_desktop 7.0
hp helion_openstack 2.0.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_eus 7.5
qemu qemu *
redhat openstack 6.0
oracle linux 7
redhat enterprise_linux_workstation 7.0
CVE-2016-4357 HIGH

HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-4358 MEDIUM

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp matrix_operating_environment *
hp systems_insight_manager *
CVE-2016-4359 HIGH

Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp loadrunner 11.52
hp performance_center 12.00
hp loadrunner 12.50
hp performance_center 12.20
hp performance_center 12.01
hp loadrunner 12.01
hp performance_center 12.50
hp loadrunner 12.02
hp loadrunner 12.00
hp performance_center 11.52
CVE-2016-4360 MEDIUM

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.52
hp performance_center 12.00
hp loadrunner 12.50
hp performance_center 12.20
hp performance_center 12.01
hp loadrunner 12.01
hp performance_center 12.50
hp loadrunner 12.02
hp loadrunner 12.00
hp performance_center 11.52
CVE-2016-4361 MEDIUM

HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner 11.52
hp performance_center 12.00
hp loadrunner 12.50
hp performance_center 12.20
hp performance_center 12.01
hp loadrunner 12.01
hp performance_center 12.50
hp loadrunner 12.02
hp loadrunner 12.00
hp performance_center 11.52
CVE-2016-4362 MEDIUM

HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
CVE-2016-4363 MEDIUM

HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
CVE-2016-4364 HIGH

HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
CVE-2016-4365 MEDIUM

HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp insight_control_server_deployment -
CVE-2016-4366 HIGH

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2016-4367 MEDIUM

The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp universal_cmbd_foundation 10.20
hp universal_cmbd_foundation 10.0
hp universal_cmbd_foundation 10.01
hp universal_cmbd_foundation 10.10
hp universal_cmbd_foundation 10.11
hp universal_cmbd_foundation 10.21
CVE-2016-4368 HIGH

HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp universal_discovery 10.01
hp universal_discovery 10.10
hp universal_cmbd_configuration_manager 10.11
hp universal_discovery 10.20
hp universal_discovery 10.11
hp universal_cmbd_foundation 10.01
hp universal_cmbd_foundation 10.11
hp universal_cmbd_configuration_manager 10.01
hp universal_cmbd_foundation 10.21
hp universal_cmbd_foundation 10.20
hp universal_cmbd_foundation 10.0
hp universal_cmbd_configuration_manager 10.0
hp universal_cmbd_configuration_manager 10.10
hp universal_discovery 10.0
hp universal_cmbd_foundation 10.10
hp universal_cmbd_configuration_manager 10.21
hp universal_cmbd_configuration_manager 10.20
hp universal_discovery 10.21
CVE-2016-4369 MEDIUM

HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp discovery_and_dependency_mapping_inventory 9.31
hp discovery_and_dependency_mapping_inventory 9.30
hp discovery_and_dependency_mapping_inventory 9.32
CVE-2016-4371 MEDIUM

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp service_manager 9.31
hp service_manager_mobility 9.33
hp service_manager_server 9.41
hp service_manager_web_client 9.34
hp service_manager 9.41
hp service_manager_web_client 9.33
hp service_manager_service_request_catalog 9.35
hp service_manager_mobility 9.41
hp service_manager 9.32
hp service_manager_mobility 9.40
hp service_manager_mobility 9.34
hp service_manager_windows_client 9.41
hp service_manager 9.40
hp service_manager_windows_client 9.34
hp service_manager_web_client 9.41
hp service_manager_windows_client 9.40
hp service_manager_service_request_catalog 9.31
hp service_manager_web_client 9.30
hp service_manager 9.34
hp service_manager_windows_client 9.35
hp service_manager_server 9.33
hp service_manager_windows_client 9.30
hp service_manager_service_request_catalog 9.40
hp service_manager_windows_client 9.33
hp service_manager_mobility 9.31
hp service_manager_windows_client 9.32
hp service_manager_mobility 9.32
hp service_manager_mobility 9.35
hp service_manager_windows_client 9.31
hp service_manager_service_request_catalog 9.30
hp service_manager_server 9.32
hp service_manager_server 9.40
hp service_manager_service_request_catalog 9.34
hp service_manager_web_client 9.35
hp service_manager 9.30
hp service_manager_server 9.35
hp service_manager_server 9.31
hp service_manager_service_request_catalog 9.32
hp service_manager_server 9.30
hp service_manager_service_request_catalog 9.41
hp service_manager 9.35
hp service_manager_service_request_catalog 9.33
hp service_manager_mobility 9.30
hp service_manager_server 9.34
hp service_manager_web_client 9.32
hp service_manager 9.33
hp service_manager_web_client 9.40
hp service_manager_web_client 9.31
CVE-2016-4372 HIGH

HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center_application_performance_manager *
hp intelligent_management_center_network_traffic_analyzer *
hp intelligent_management_center_user_access_management *
hp intelligent_management_center_endpoint_admission_defense *
hp intelligent_management_center_platform *
hp intelligent_management_center_branch_intelligent_management_system *
CVE-2016-4373 HIGH

The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp operations_manager 9.20.0
hp operations_manager *
CVE-2016-4374 MEDIUM

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
hp release_control 9.21
hp release_control 9.20
hp release_control 9.13
CVE-2016-4375 HIGH

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_mrca_firmware 2.31
hp integrated_lights-out_3_firmware 1.87
hp integrated_lights-out_4_firmware 2.43
CVE-2016-4377 HIGH

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sizer_for_microsoft_exchange_server_2013 *
hp sizer_for_microsoft_exchange_server_2016 *
hp sizer_for_microsoft_skype_for_business_server_2015 *
hp storage_sizing_tool *
hp insight_management_sizer *
hp sizer_for_microsoft_sharepoint_2010 *
hp power_advisor *
hp sizer_for_microsoft_exchange_server_2010 *
hp synergy_planning_tool *
hp sizer_for_converged_systems_virtualization *
hp sap_sizing_tool *
hp sizer_for_microsoft_lync_server_2013 *
hp sizer_for_microsoft_sharepoint_2013 *
hp converged_infrastructure_solution_sizer_suite *
hp sizing_tool_for_sap_business_suite_powered_by_hana *
CVE-2016-4378 MEDIUM

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp xp_9000_command_view *
hp xp7_command_view *
CVE-2016-4379 MEDIUM

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
hp integrated_lights-out_3_firmware *
CVE-2016-4380 LOW

Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp operations_manager *
CVE-2016-4381 MEDIUM

HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp xp7_command_view *
CVE-2016-4382 MEDIUM

HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp performance_center 12.00
hp performance_center 12.20
hp performance_center 12.01
hp performance_center 12.50
hp performance_center 11.52
CVE-2016-4383 HIGH

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp helion_openstack_glance -
CVE-2016-4384 HIGH

HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp loadrunner *
hp performance_center *
CVE-2016-4385 HIGH

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.10
hp network_automation 10.00.02
hp network_automation 9.10
hp network_automation 9.20
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.00.01
CVE-2016-4386 MEDIUM

HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_automation 10.10
CVE-2016-4387 MEDIUM

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview 10.21.0.0
hp keyview 10.23.0.0
hp keyview 10.19.0.0
hp keyview 10.24.0.0
hp keyview 10.18.0.0
hp keyview 10.22.0.0
hp keyview 10.20.0.0
CVE-2016-4388 MEDIUM

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview 10.21.0.0
hp keyview 10.23.0.0
hp keyview 10.19.0.0
hp keyview 10.24.0.0
hp keyview 10.18.0.0
hp keyview 10.22.0.0
hp keyview 10.20.0.0
CVE-2016-4389 MEDIUM

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview 10.21.0.0
hp keyview 10.23.0.0
hp keyview 10.19.0.0
hp keyview 10.24.0.0
hp keyview 10.18.0.0
hp keyview 10.22.0.0
hp keyview 10.20.0.0
CVE-2016-4390 MEDIUM

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp keyview 10.21.0.0
hp keyview 10.23.0.0
hp keyview 10.19.0.0
hp keyview 10.24.0.0
hp keyview 10.18.0.0
hp keyview 10.22.0.0
hp keyview 10.20.0.0
CVE-2016-4391 HIGH

A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp arcsight_winc_connector *
CVE-2016-4392 LOW

A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp business_service_management 9.10
hp business_service_management *
hp business_service_management 9.25
CVE-2016-4393 LOW

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-4394 MEDIUM

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-4395 HIGH

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-4396 HIGH

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2016-4397 MEDIUM

A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp network_node_manager_i 10.20
hp network_node_manager_i 10.10
hp network_node_manager_i 10.00
CVE-2016-4398 MEDIUM

A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp network_node_manager_i 10.01
hp network_node_manager_i 10.10
hp network_node_manager_i 10.00
CVE-2016-4399 LOW

A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 10.01
hp network_node_manager_i 10.10
hp network_node_manager_i 10.00
CVE-2016-4400 LOW

A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_node_manager_i 10.01
hp network_node_manager_i 10.10
hp network_node_manager_i 10.00
CVE-2016-4402 HIGH

A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp keyview *
CVE-2016-4403 HIGH

A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp keyview *
CVE-2016-4404 HIGH

A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp keyview *
CVE-2016-4405 MEDIUM

A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp business_service_management *
CVE-2016-4406 MEDIUM

A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_3_firmware *
CVE-2016-4447 MEDIUM

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mcafee web_gateway *
apple itunes 12.4.1
canonical ubuntu_linux 14.04
debian debian_linux 7.0
canonical ubuntu_linux 15.10
oracle vm_server 3.4
oracle vm_server 3.3
apple mac_os_x *
xmlsoft libxml2 *
apple watchos *
canonical ubuntu_linux 12.04
apple tvos *
apple iphone_os *
hp icewall_federation_agent 3.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
CVE-2016-4448 HIGH

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
oracle vm_server 3.4
apple icloud *
redhat enterprise_linux_server_eus 7.4
apple watchos *
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
apple itunes *
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
slackware slackware_linux 14.1
redhat enterprise_linux_server 6.0
tenable log_correlation_engine 4.8.0
apple tvos *
slackware slackware_linux 14.0
redhat enterprise_linux_server_eus 7.7
oracle linux 6
mcafee web_gateway *
redhat enterprise_linux_server_aus 7.3
oracle vm_server 3.3
apple mac_os_x *
xmlsoft libxml2 *
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_eus 7.5
oracle linux 7
redhat enterprise_linux_workstation 7.0
apple iphone_os *
hp icewall_federation_agent 3.0
CVE-2016-4543 HIGH

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
php php 5.6.12
php php 5.6.13
hp system_management_homepage *
php php 5.6.15
php php 7.0.0
php php 7.0.1
fedoraproject fedora 24
php php 7.0.3
php php 5.6.1
php php 5.6.6
php php 5.6.17
php php 5.6.4
php php 5.6.19
php php *
php php 5.6.5
php php 7.0.4
php php 5.6.10
php php 7.0.5
php php 5.6.11
php php 5.6.9
php php 5.6.7
php php 5.6.14
php php 5.6.16
php php 7.0.2
opensuse leap 42.1
php php 5.6.18
php php 5.6.2
php php 5.6.8
php php 5.6.3
php php 5.6.20
php php 5.6.0
CVE-2016-5385 MEDIUM

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
drupal drupal *
oracle communications_user_data_repository 10.0.1
hp system_management_homepage *
redhat enterprise_linux_desktop 6.0
fedoraproject fedora 24
fedoraproject fedora 23
opensuse leap 42.1
oracle communications_user_data_repository 10.0.0
oracle communications_user_data_repository 12.0.0
oracle enterprise_manager_ops_center 12.3.2
redhat enterprise_linux_workstation 6.0
hp storeever_msl6480_tape_library_firmware *
redhat enterprise_linux_server 6.0
oracle enterprise_manager_ops_center 12.2.2
oracle linux 7
php php *
oracle linux 6
debian debian_linux 8.0
CVE-2016-5387 MEDIUM

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 14.04
redhat jboss_enterprise_web_server 2.0.0
redhat jboss_core_services 1.0
hp system_management_homepage *
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.2
fedoraproject fedora 24
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.6
oracle communications_user_data_repository *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 12.04
oracle enterprise_manager_ops_center 12.2.2
redhat jboss_enterprise_web_server 3.0.0
oracle linux 6
canonical ubuntu_linux 16.04
debian debian_linux 8.0
redhat jboss_web_server 2.1.0
redhat enterprise_linux_server_aus 7.3
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server_tus 7.3
oracle linux 5
opensuse leap 42.1
redhat enterprise_linux_eus 7.7
oracle enterprise_manager_ops_center 12.3.2
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 7.0
oracle solaris 11.3
redhat enterprise_linux_server_aus 7.2
oracle linux 7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
CVE-2016-5388 MEDIUM

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
hp system_management_homepage *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server 6.0
redhat enterprise_linux_hpc_node_eus 7.2
apache tomcat *
oracle linux 7
redhat enterprise_linux_workstation 7.0
oracle linux 6
CVE-2016-6306 MEDIUM

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
openssl openssl 1.0.1t
canonical ubuntu_linux 14.04
openssl openssl 1.0.1c
openssl openssl 1.0.1s
openssl openssl 1.0.1b
openssl openssl 1.0.1k
openssl openssl 1.0.1g
novell suse_linux_enterprise_module_for_web_scripting 12.0
openssl openssl 1.0.1p
openssl openssl 1.0.2f
openssl openssl 1.0.1l
canonical ubuntu_linux 12.04
openssl openssl 1.0.1a
openssl openssl 1.0.1i
openssl openssl 1.0.1f
canonical ubuntu_linux 16.04
openssl openssl 1.0.1j
debian debian_linux 8.0
hp icewall_sso 10.0
openssl openssl 1.0.1m
openssl openssl 1.0.2a
openssl openssl 1.0.1r
openssl openssl 1.0.2d
openssl openssl 1.0.1d
openssl openssl 1.0.1
openssl openssl 1.0.2h
openssl openssl 1.0.1e
nodejs node.js *
openssl openssl 1.0.2
openssl openssl 1.0.1q
openssl openssl 1.0.1n
openssl openssl 1.0.1h
openssl openssl 1.0.1o
hp icewall_mcrp 3.0
openssl openssl 1.0.2c
hp icewall_federation_agent 3.0
openssl openssl 1.0.2b
hp icewall_sso_agent_option 10.0
openssl openssl 1.0.2e
CVE-2016-8106 MEDIUM

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo converged_hx7510_appliance 5.05
hp ethernet_10gb_2-port_562sfp+ *
lenovo nextscale_nx360_m5 5.05
lenovo thinkserver_rd450 5.05
lenovo system_x3250_m5 5.05
lenovo system_x3500_m5 5.05
lenovo system_x3850_x6 5.05
intel ethernet_controller_x710_firmware *
lenovo system_x3550_m5 5.05
lenovo converged_hx5500_appliance 5.05
lenovo thinkserver_td350 5.05
hp ethernet_10gb_2-port_562flr-sfp+ *
hp ethernet_10gb_4-port_563sfp+ *
lenovo thinkagile_cx4200 5.05
lenovo thinkserver_rd650 5.05
lenovo thinkagile_cx2200 5.05
lenovo system_x3750_m4 5.05
lenovo thinkagile_cx4600 5.05
lenovo thinkserver_sd350 5.05
lenovo thinkserver_rd350 5.05
lenovo converged_hx_series 5.05
intel ethernet_controller_xl710_firmware *
hp proliant_xl260a_g9_server *
lenovo system_x3650_m5 5.05
lenovo converged_hx7500_appliance 5.05
lenovo thinkserver_rd550 5.05
lenovo system_x3950_x6 5.05
lenovo converged_hx5510_appliance 5.05
CVE-2016-8511 HIGH

A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.00.02
hp network_automation 9.20
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.10
hp network_automation 10.11.01
hp network_automation 9.10
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 10.20
hp network_automation 10.00.01
CVE-2016-8512 HIGH

A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp performance_center -
hp loadrunner -
CVE-2016-8513 MEDIUM

A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2016-8514 MEDIUM

A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2016-8515 MEDIUM

A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2016-8516 MEDIUM

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2016-8517 MEDIUM

A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2016-8518 MEDIUM

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager *
CVE-2016-8519 HIGH

A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp operations_orchestration *
CVE-2016-8521 MEDIUM

A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp diagnostics 9.26
hp diagnostics 9.24
CVE-2016-8522 LOW

A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp diagnostics 9.26
hp diagnostics 9.24
CVE-2016-8523 HIGH

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
hp smart_storage_administrator *
CVE-2016-8525 MEDIUM

A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
hp intelligent_management_center *
CVE-2016-8526 MEDIUM

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
hp airwave *
CVE-2016-8527 MEDIUM

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp airwave *
CVE-2016-8529 HIGH

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
hp lefthand *
CVE-2016-8530 MEDIUM

A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
hp intelligent_management_center *
CVE-2016-8531 MEDIUM

A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2016-8532 LOW

A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2016-8533 MEDIUM

A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2016-8534 MEDIUM

A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2016-8535 LOW

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2016-9597 MEDIUM

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-119,

Products Affected

Vendor Product Version
xmlsoft libxml2 2.9.3
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
opensuse leap 42.1
hp icewall_file_manager 3.0
hp icewall_federation_agent 3.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
CVE-2017-10992 HIGH

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp storage_essentials 9.5.0.142
CVE-2017-12151 MEDIUM

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,CWE-310,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
hp cifs_server b.04.05.11.00
redhat enterprise_linux_workstation 7.0
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux 7.0
samba samba *
debian debian_linux 8.0
CVE-2017-12487 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12488 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12489 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12490 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12491 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12492 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12493 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12494 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12495 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12496 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12497 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12498 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12499 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12500 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12501 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12502 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12503 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12504 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12505 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12506 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12507 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12508 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12509 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12510 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12511 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12512 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12513 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12514 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12515 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12516 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12517 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12518 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12519 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12520 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-12521 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12522 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12523 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12524 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12525 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12526 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12527 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12528 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12529 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12530 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12531 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12532 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12533 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12534 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12535 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12536 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12537 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12538 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12539 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12540 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12541 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12542 HIGH

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
CVE-2017-12543 MEDIUM

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp moonshot_remote_console_administrator *
hp integrated_lights-out_3_firmware *
hp integrated_lights-out_2_firmware *
CVE-2017-12544 LOW

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12545 HIGH

A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12546 MEDIUM

A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12547 MEDIUM

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12548 MEDIUM

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12549 MEDIUM

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12550 MEDIUM

A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12551 MEDIUM

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12552 MEDIUM

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12553 MEDIUM

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2017-12554 HIGH

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-12555 MEDIUM

A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12556 HIGH

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-12557 HIGH

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-12558 HIGH

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-12559 MEDIUM

A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12560 MEDIUM

A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-12561 HIGH

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-824,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-13982 HIGH

A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-434,

Products Affected

Vendor Product Version
hp bsm_platform_application_performance_management_system_health 9.40
hp bsm_platform_application_performance_management_system_health 9.30
hp bsm_platform_application_performance_management_system_health 9.26
CVE-2017-13983 HIGH

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp bsm_platform_application_performance_management_system_health 9.40
hp bsm_platform_application_performance_management_system_health 9.30
hp bsm_platform_application_performance_management_system_health 9.26
CVE-2017-13984 MEDIUM

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp bsm_platform_application_performance_management_system_health 9.40
hp bsm_platform_application_performance_management_system_health 9.30
hp bsm_platform_application_performance_management_system_health 9.26
CVE-2017-13985 MEDIUM

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp bsm_platform_application_performance_management_system_health 9.40
hp bsm_platform_application_performance_management_system_health 9.30
hp bsm_platform_application_performance_management_system_health 9.26
CVE-2017-13986 MEDIUM

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-13987 MEDIUM

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-13988 MEDIUM

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-13989 MEDIUM

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-13990 MEDIUM

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-13991 MEDIUM

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-14349 HIGH

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
hp sitescope 11.30.521
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.33
hp sitescope 11.23
hp sitescope 11.30
hp sitescope 11.31
hp sitescope 11.20
hp sitescope 11.32
hp sitescope 11.21
hp sitescope 11.24.391
CVE-2017-14350 HIGH

A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
hp application_performance_management 9.30
hp application_performance_management 9.26
hp application_performance_management 9.40
CVE-2017-14351 HIGH

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ucmdb_configuration_manager 10.10
hp ucmdb_configuration_manager 10.23
hp ucmdb_configuration_manager 10.11
hp ucmdb_configuration_manager 10.20
hp ucmdb_configuration_manager 10.22
hp ucmdb_configuration_manager 10.21
CVE-2017-14352 MEDIUM

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp ucmdb_configuration_manager 10.10
hp ucmdb_configuration_manager 10.23
hp ucmdb_configuration_manager 10.11
hp ucmdb_configuration_manager 10.20
hp ucmdb_configuration_manager 10.22
hp ucmdb_configuration_manager 10.21
CVE-2017-14353 MEDIUM

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
hp ucmdb_foundation_software 10.30
hp ucmdb_foundation_software 10.32
hp ucmdb_foundation_software 10.33
hp ucmdb_foundation_software 10.22
hp ucmdb_foundation_software 10.20
hp ucmdb_foundation_software 10.21
hp ucmdb_foundation_software 10.31
hp ucmdb_foundation_software 10.10
hp ucmdb_foundation_software 10.11
CVE-2017-14354 MEDIUM

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp ucmdb_foundation_software 10.30
hp ucmdb_foundation_software 10.32
hp ucmdb_foundation_software 10.33
hp ucmdb_foundation_software 10.22
hp ucmdb_foundation_software 10.20
hp ucmdb_foundation_software 10.21
hp ucmdb_foundation_software 10.31
hp ucmdb_foundation_software 10.10
hp ucmdb_foundation_software 10.11
CVE-2017-14356 HIGH

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager_express 6.9.0c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-14357 MEDIUM

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.9.0
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager_express 6.9.0c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-14358 MEDIUM

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
hp arcsight_enterprise_security_manager_express 6.9.1c
hp arcsight_enterprise_security_manager_express 6.0c
hp arcsight_enterprise_security_manager_express 6.5
hp arcsight_enterprise_security_manager_express 6.11.0
hp arcsight_enterprise_security_manager 6.11.0
hp arcsight_enterprise_security_manager 6.0c
hp arcsight_enterprise_security_manager 6.8
hp arcsight_enterprise_security_manager_express 6.0
hp arcsight_enterprise_security_manager_express 6.8c
hp arcsight_enterprise_security_manager 6.5
hp arcsight_enterprise_security_manager_express 6.5c
hp arcsight_enterprise_security_manager 6.0
hp arcsight_enterprise_security_manager_express 6.8
hp arcsight_enterprise_security_manager 6.9.0c
hp arcsight_enterprise_security_manager 6.5c
hp arcsight_enterprise_security_manager_express 6.9.0c
hp arcsight_enterprise_security_manager 6.8c
hp arcsight_enterprise_security_manager 6.9.1c
CVE-2017-14359 LOW

A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp performance_center 12.20
CVE-2017-14360 MEDIUM

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
hp content_manager 9.0
CVE-2017-17482 MEDIUM

An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp openvms *
CVE-2017-17556 LOW

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp synaptics_touchpad_driver -
CVE-2017-2740 HIGH

A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp thinpro 4.4
hp thinpro 5.2
hp thinpro 5.1
hp thinpro 6.1
hp thinpro 5.0
hp thinpro 5.2.1
CVE-2017-2741 HIGH

A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp k9z76d_firmware *
hp d3q21a_firmware *
hp d3q15a_firmware *
hp d3q17c_firmware *
hp j9v82b_firmware *
hp j9v82d_firmware *
hp d9l20a_firmware *
hp d3q20c_firmware *
hp j9v80a_firmware *
hp d9l64a_firmware *
hp t0g70a_firmware *
hp j6u55a_firmware *
hp j9v82a_firmware *
hp k9z76a_firmware *
hp d3q20b_firmware *
hp j3p68a_firmware *
hp d3q19a_firmware *
hp j9v82c_firmware *
hp d9l21a_firmware *
hp d3q21c_firmware *
hp d3q20a_firmware *
hp d3q19d_firmware *
hp j6u55c_firmware *
hp j6u57b_firmware *
hp d3q16b_firmware *
hp d3q17a_firmware *
hp d3q16d_firmware *
hp d3q20d_firmware *
hp d3q15d_firmware *
hp d3q15b_firmware *
hp d9l63a_firmware *
hp j6u55b_firmware *
hp j9v80b_firmware *
hp j6u55d_firmware *
hp d3q17d_firmware *
hp d3q21d_firmware *
hp d3q16c_firmware *
hp d3q16a_firmware *
CVE-2017-2742 HIGH

A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp web_jetadmin *
hp web_jetadmin 10.4
CVE-2017-2743 MEDIUM

HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp ce503a_firmware *
hp b3g85a_firmware *
hp g1w47a_firmware *
hp cc522a_firmware *
hp a2w75a_firmware *
hp b5l25a_firmware *
hp b5l07a_firmware *
hp f2a76a_firmware *
hp c2s11a_firmware *
hp l3u43a_firmware *
hp ce709a_firmware *
hp a2w77a_firmware *
hp a2w79a_firmware *
hp e6b70a_firmware *
hp cc421a_firmware *
hp cf068a_firmware *
hp cd646a_firmware *
hp b5l48a_firmware *
hp cf236a_firmware *
hp cf083a_firmware *
hp 2a68a_firmware *
hp g1w40a_firmware *
hp cf118a_firmware *
hp e6b67a_firmware *
hp ce738a_firmware *
hp a2w78a_firmware *
hp 2a71a_firmware *
hp cf238a_firmware *
hp f2a77a_firmware *
hp g1w41a_firmware *
hp ce993a_firmware *
hp ce994a_firmware *
hp a2w76a_firmware *
hp e6b68a_firmware *
hp g1w39a_firmware *
hp cc419a_firmware *
hp e6b71a_firmware *
hp ce504a_firmware *
hp cd645a_firmware *
hp d3l09a_firmware *
hp ce990a_firmware *
hp cf081a_firmware *
hp g1w46a_firmware *
hp g1w47v_firmware *
hp cc420a_firmware *
hp b5l05a_firmware *
hp 2a70a_firmware *
hp e6b69a_firmware *
hp j7x28a_firmware *
hp cc524a_firmware *
hp b5l46a_firmware *
hp e6b73a_firmware *
hp l3u44a_firmware *
hp cf367a_firmware *
hp b5l24a_firmware *
hp cf067a_firmware *
hp cz245a_firmware *
hp e6b72a_firmware *
hp l2717a_firmware *
hp b5l04a_firmware *
hp cf117a_firmware *
hp cc523a_firmware *
hp cf069a_firmware *
hp d7p71a_firmware *
hp cf082a_firmware *
hp g1w46v_firmware *
hp d7p70a_firmware *
hp d3l10a_firmware *
hp cf116a_firmware *
hp b5l23a_firmware *
hp b5l26a_firmware *
hp ce992a_firmware *
hp 2a69a_firmware *
hp cf235a_firmware *
hp d3l08a_firmware *
hp l3u42a_firmware *
hp ce991a_firmware *
hp cf066a_firmware *
hp c2s12a_firmware *
hp ce995a_firmware *
hp cz244a_firmware *
hp ce989a_firmware *
hp b5l47a_firmware *
hp ce996a_firmware *
hp ce708a_firmware *
hp f2a81a_firmware *
hp cd644a_firmware *
hp ce707a_firmware *
CVE-2017-2744 LOW

The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2017-2745 MEDIUM

Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp jetadvantage_security_manager *
CVE-2017-2746 MEDIUM

Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp jetadvantage_security_manager *
CVE-2017-2747 LOW

HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp t1500_firmware *
hp t1530_firmware *
hp 330_firmware *
hp t2300_firmware *
hp 360_firmware *
hp 315_firmware *
hp 365_firmware *
hp t930_firmware *
hp 375_firmware *
hp 570_firmware *
hp 110_firmware *
hp t1300_firmware *
hp 560_firmware *
hp t2530_firmware *
hp 310_firmware *
hp t790_firmware *
hp t920_firmware *
hp 335_firmware *
hp t3500_firmware *
hp 370_firmware *
hp t795_firmware *
hp t2500_firmware *
CVE-2017-2748 MEDIUM

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
hp isaac_mizrahi_smartwatch 1.3.7
hp isaac_mizrahi_smartwatch 1.2.2016040820
hp isaac_mizrahi_smartwatch 1.0.201601214
hp isaac_mizrahi_smartwatch 1.3.2016052319
hp isaac_mizrahi_smartwatch 1.0.2.10
hp isaac_mizrahi_smartwatch 1.2.2.12
hp isaac_mizrahi_smartwatch 1.4.2016072601
hp isaac_mizrahi_smartwatch 1.4.8
CVE-2017-2750 HIGH

Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp ce503a_firmware *
hp b3g85a_firmware *
hp g1w47a_firmware *
hp j7z10a_firmware *
hp k0q14a_firmware *
hp j8a13a_firmware *
hp a2w75a_firmware *
hp cz258a_firmware *
hp j8a04a_firmware *
hp l3u43a_firmware *
hp a2w79a_firmware *
hp e6b70a_firmware *
hp cc421a_firmware *
hp cd646a_firmware *
hp cf236a_firmware *
hp cf083a_firmware *
hp k0q19a_firmware *
hp j7z13a_firmware *
hp m0p33a_firmware *
hp g1w40a_firmware *
hp b3g84a_firmware *
hp m0p35a_firmware *
hp j7z98a_firmware *
hp l3u59a_firmware *
hp ce738a_firmware *
hp a2w78a_firmware *
hp k0q22a_firmware *
hp l3u52a_firmware *
hp f2a77a_firmware *
hp j8j78a_firmware *
hp g1w41a_firmware *
hp j7z04a_firmware *
hp ce993a_firmware *
hp a2w76a_firmware *
hp e6b68a_firmware *
hp j7z09a_firmware *
hp k0q21a_firmware *
hp b5l05v_firmware *
hp cc419a_firmware *
hp e6b71a_firmware *
hp ce504a_firmware *
hp cd645a_firmware *
hp j8j80a_firmware *
hp m0p36a_firmware *
hp cz255a_firmware *
hp cf081a_firmware *
hp k0q17a_firmware *
hp g1w46a_firmware *
hp b5l04v_firmware *
hp b5l49a_firmware *
hp e6b73a_firmware *
hp j7z06a_firmware *
hp l1h45a_firmware *
hp j8j79a_firmware *
hp f2a69a_firmware *
hp l3u44a_firmware *
hp j8j73a_firmware *
hp cz245a_firmware *
hp e6b72a_firmware *
hp cz249a_firmware *
hp j8j70a_firmware *
hp f2a71a_firmware *
hp l2717a_firmware *
hp f2a70a_firmware *
hp cf117a_firmware *
hp cf069a_firmware *
hp d7p71a_firmware *
hp m0p40a_firmware *
hp b5l06v_firmware *
hp l3u41a_firmware *
hp cf116a_firmware *
hp b5l26a_firmware *
hp j8a10a_firmware *
hp j8a17a_firmware *
hp d3l08a_firmware *
hp l3u42a_firmware *
hp j8j71a_firmware *
hp l2762a_firmware *
hp j8j66a_firmware *
hp j8j65a_firmware *
hp l3u56a_firmware *
hp ce995a_firmware *
hp cz244a_firmware *
hp j7z12a_firmware *
hp l3u66a_firmware *
hp ce996a_firmware *
hp j8a06a_firmware *
hp ce708a_firmware *
hp f2a81a_firmware *
hp l3u55a_firmware *
hp z5g77a_firmware *
hp k0q15a_firmware *
hp z5g79a_firmware *
hp b5l25a_firmware *
hp b5l07a_firmware *
hp j8a12a_firmware *
hp f2a76a_firmware *
hp c2s11a_firmware *
hp ce709a_firmware *
hp cz248a_firmware *
hp a2w77a_firmware *
hp j8j74a_firmware *
hp j8j63a_firmware *
hp cf068a_firmware *
hp j7z03a_firmware *
hp b5l48a_firmware *
hp c2s11v_firmware *
hp cf118a_firmware *
hp e6b67a_firmware *
hp k0q20a_firmware *
hp l3u60a_firmware *
hp cf238a_firmware *
hp ce994a_firmware *
hp g1w39a_firmware *
hp c2s12v_firmware *
hp d7p73a_firmware *
hp cz250a_firmware *
hp j7z05a_firmware *
hp d3l09a_firmware *
hp j8j76a_firmware *
hp j8j64a_firmware *
hp ce990a_firmware *
hp j7z99a_firmware *
hp g1w40v_firmware *
hp d7p68a_firmware *
hp g1w47v_firmware *
hp cc420a_firmware *
hp b5l05a_firmware *
hp j7z07a_firmware *
hp e6b69a_firmware *
hp cz256a_firmware *
hp j7x28a_firmware *
hp j7z08a_firmware *
hp f2a68a_firmware *
hp l3u70a_firmware *
hp b5l46a_firmware *
hp j8a11a_firmware *
hp b5l50a_firmware *
hp j8j72a_firmware *
hp cf367a_firmware *
hp b5l24a_firmware *
hp b5l06a_firmware *
hp b5l54a_firmware *
hp cf067a_firmware *
hp cz251a_firmware *
hp j8a05a_firmware *
hp b5l04a_firmware *
hp l3u51a_firmware *
hp m0p39a_firmware *
hp cf082a_firmware *
hp g1w46v_firmware *
hp d3l10a_firmware *
hp l3u65a_firmware *
hp k0q18a_firmware *
hp g1w39v_firmware *
hp b5l23a_firmware *
hp ce992a_firmware *
hp cf235a_firmware *
hp ce991a_firmware *
hp cf066a_firmware *
hp b3g86a_firmware *
hp c2s12a_firmware *
hp j7z11a_firmware *
hp g1w41v_firmware *
hp cz257a_firmware *
hp ce989a_firmware *
hp b5l47a_firmware *
hp d7p71v_firmware *
hp cd644a_firmware *
hp l2683a_firmware *
hp ce707a_firmware *
hp j7z14a_firmware *
hp l3u40a_firmware *
CVE-2017-2751 LOW

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
hp hp_240_g3_firmware *
hp compaq_14-h000_firmware -
hp hp_250_g1_notebook_pc_firmware *
hp hp_255_g1_notebook_pc_firmware *
hp hp_envy_14-k100_firmware *
hp hp_14-g000_firmware *
hp compaq_cq45-900_firmware -
hp hp_pavilion_11-n000_firmware *
hp hp_pavilion_15-n000_firmware *
hp hp_255_g3_firmware *
hp hp_240_g1_firmware *
hp hp_envy_15-j100_firmware *
hp hp_455_firmware *
hp hp_246_g3_firmware *
hp compaq_14-s000_firmware -
hp hp_split_13-g200_firmware *
hp hp_envy_100_firmware *
hp hp_pavilion_15-n200_firmware *
hp hp_15-r000_firmware *
hp hp_g14-a000_firmware *
hp hp_envy_15-j000_firmware *
hp hp_pavilion_15-n300_firmware *
hp hp_14-r000_firmware *
hp hp_1000-1300_firmware *
hp hp_spectre_x2_13-smb_pro_firmware *
hp hp_245_g1_firmware *
hp hp_spectre_13-h200_firmware *
hp hp_15-r500_firmware *
hp hp_envy_m6-n000_firmware *
hp hp_246_firmware *
hp hp_envy_17-j100_leap_motion_se_firmware *
hp hp_envy_17_j100_firmware *
hp hp_pavilion_10-f000_firmware *
hp hp_pavilion_14-n000_firmware *
CVE-2017-2752 LOW

A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-254,

Products Affected

Vendor Product Version
hp tommy_hilfiger_th24/7 2.0.0.11
hp tommy_hilfiger_th24/7 2.0.1.14
hp tommy_hilfiger_th24/7 2.1.0.16
hp tommy_hilfiger_th24/7 2.2.0.19
CVE-2017-3210 HIGH

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-16,

Products Affected

Vendor Product Version
fujitsu displayview_click 6.01
fujitsu displayview_click_suite 5.0
hp display_assistant 2.1
philips smart_control_premium 2.23
philips smart_control_premium 2.25
portrait portrait_display_sdk *
fujitsu displayview_click 6.0
hp my_display 2.0
CVE-2017-3733 MEDIUM

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp operations_agent 11.15
openssl openssl 1.1.0b
hp operations_agent 11.14
openssl openssl 1.1.0c
openssl openssl 1.1.0
openssl openssl 1.1.0a
openssl openssl 1.1.0d
CVE-2017-5638 HIGH

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
lenovo storage_v5030_firmware 7.7.1.6
apache struts 2.3.30
apache struts 2.5.2
apache struts 2.3.20.1
apache struts 2.3.22
apache struts 2.5.8
apache struts 2.3.10
oracle weblogic_server 12.1.3.0.0
apache struts 2.3.20.3
apache struts 2.3.24
ibm storwize_v7000_firmware 7.7.1.6
apache struts 2.3.31
apache struts 2.5
apache struts 2.3.20
hp server_automation 10.5.0
apache struts 2.3.28.1
arubanetworks clearpass_policy_manager *
apache struts 2.5.9
apache struts 2.3.19
ibm storwize_v7000_firmware 7.8.1.0
apache struts 2.5.6
hp server_automation 10.2.0
apache struts 2.5.3
apache struts 2.5.1
apache struts 2.3.12
hp server_automation 10.1.0
apache struts 2.3.14.2
apache struts 2.5.10
oracle weblogic_server 12.2.1.2.0
apache struts 2.3.16.3
apache struts 2.3.20.2
apache struts 2.3.29
apache struts 2.3.15.2
apache struts 2.3.17
apache struts 2.3.24.2
apache struts 2.3.6
hp server_automation 9.1.0
ibm storwize_v5000_firmware 7.8.1.0
oracle weblogic_server 10.3.6.0.0
ibm storwize_v5000_firmware 7.7.1.6
apache struts 2.3.21
apache struts 2.3.25
apache struts 2.3.14.1
apache struts 2.3.7
lenovo storage_v5030_firmware 7.8.1.0
apache struts 2.5.4
apache struts 2.3.15.3
apache struts 2.3.9
apache struts 2.3.16
apache struts 2.3.26
apache struts 2.5.7
apache struts 2.3.14.3
apache struts 2.3.27
apache struts 2.3.23
hp server_automation 10.0.0
apache struts 2.3.28
netapp oncommand_balance -
apache struts 2.3.14
apache struts 2.3.15
oracle weblogic_server 12.2.1.1.0
apache struts 2.3.16.2
apache struts 2.3.24.3
apache struts 2.3.16.1
apache struts *
apache struts 2.3.15.1
apache struts 2.3.5
apache struts 2.3.11
apache struts 2.3.8
ibm storwize_v3500_firmware 7.8.1.0
apache struts 2.3.24.1
apache struts 2.5.5
ibm storwize_v3500_firmware 7.7.1.6
apache struts 2.3.13
CVE-2017-5641 HIGH

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache flex_blazeds *
hp xp_command_view_advanced_edition *
CVE-2017-5780 MEDIUM

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-5781 MEDIUM

A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-5782 MEDIUM

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-5783 MEDIUM

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-5784 MEDIUM

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-5785 MEDIUM

A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-5786 LOW

A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp officeconnect_1820_24g_switch_j9980a_firmware *
hp officeconnect_1820_24g_poe+_(185w)_switch_j9983a_firmware *
hp officeconnect_1820_48g_switch_j9981a_firmware pt.02.01
hp officeconnect_1820_8g_poe+_(65w)_switch_j9982a_firmware *
hp officeconnect_1820_8g_switch_j9979a_firmware *
hp officeconnect_1820_48g_switch_j9981a_firmware *
hp officeconnect_1820_24g_switch_j9980a_firmware pt.02.01
hp officeconnect_1820_24g_poe+_(185w)_switch_j9983a_firmware pt.02.01
hp officeconnect_1820_48g_poe+_(370w)_switch_j9984a_firmware pt.02.01
hp officeconnect_1820_8g_switch_j9979a_firmware pt.02.01
hp officeconnect_1820_8g_poe+_(65w)_switch_j9982a_firmware pt.02.01
hp officeconnect_1820_48g_poe+_(370w)_switch_j9984a_firmware *
CVE-2017-5787 MEDIUM

A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp version_control_repository_manager *
CVE-2017-5788 MEDIUM

A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp nonstop_server_software *
CVE-2017-5789 HIGH

HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp loadrunner *
hp performance_center *
CVE-2017-5790 HIGH

A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5791 HIGH

The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp intelligent_management_center_plat 7.2
CVE-2017-5792 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-5793 HIGH

A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5794 HIGH

A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5795 HIGH

A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5796 HIGH

A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp j9625a_firmware *
hp j9626a_firmware *
hp j9623a_firmware *
hp j9627a_firmware *
hp j9624a_firmware *
CVE-2017-5797 HIGH

A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-5798 MEDIUM

A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp opencall_media_platform *
CVE-2017-5799 MEDIUM

A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
hp opencall_media_platform *
CVE-2017-5800 LOW

A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp operations_bridge_analytics 3.0
CVE-2017-5801 MEDIUM

A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp business_process_monitor 09.26
hp business_process_monitor 09.21
hp business_process_monitor 09.25
hp business_process_monitor 09.20
hp business_process_monitor 09.22
hp business_process_monitor 09.24
hp business_process_monitor 09.30
hp business_process_monitor 09.23
CVE-2017-5802 HIGH

A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp vertica *
CVE-2017-5803 HIGH

A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp nonstop_server_software *
CVE-2017-5804 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5805 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5806 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-5807 HIGH

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp data_protector *
hp data_protector 9.09
CVE-2017-5808 HIGH

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp data_protector *
hp data_protector 9.09
CVE-2017-5809 MEDIUM

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,

Products Affected

Vendor Product Version
hp data_protector *
hp data_protector 9.09
CVE-2017-5810 HIGH

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.10
hp network_automation 10.00.02
hp network_automation 10.21
hp network_automation 9.10
hp network_automation 9.20
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.00.01
CVE-2017-5811 HIGH

A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.10
hp network_automation 10.00.02
hp network_automation 10.21
hp network_automation 9.10
hp network_automation 9.20
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.00.01
CVE-2017-5812 MEDIUM

A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.10
hp network_automation 10.00.02
hp network_automation 10.21
hp network_automation 9.10
hp network_automation 9.20
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.00.01
CVE-2017-5813 MEDIUM

A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.10
hp network_automation 10.00.02
hp network_automation 10.21
hp network_automation 9.10
hp network_automation 9.20
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.00.01
CVE-2017-5814 HIGH

A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp network_automation 9.22.02
hp network_automation 10.10
hp network_automation 10.00.02
hp network_automation 10.21
hp network_automation 9.10
hp network_automation 9.20
hp network_automation 9.22.01
hp network_automation 10.00
hp network_automation 9.22
hp network_automation 10.11
hp network_automation 10.00.01
CVE-2017-5815 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5816 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5817 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5818 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5819 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5820 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5821 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5822 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5823 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-5824 HIGH

An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-5825 MEDIUM

A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-5826 MEDIUM

An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-5827 LOW

A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-5828 MEDIUM

An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-5829 MEDIUM

An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-7657 HIGH

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,CWE-190,CWE-444,

Products Affected

Vendor Product Version
oracle retail_xstore_point_of_service 7.1
netapp hci_storage_nodes -
oracle retail_xstore_point_of_service 16.0
oracle rest_data_services 11.2.0.4
oracle retail_xstore_point_of_service 15.0
debian debian_linux 9.0
oracle rest_data_services 12.1.0.2
netapp element_software -
oracle rest_data_services 12.2.0.1
netapp snapcenter *
hp xp_p9000_command_view *
netapp element_software_management_node -
eclipse jetty *
netapp oncommand_system_manager 3.x
netapp e-series_santricity_management -
netapp oncommand_unified_manager *
netapp e-series_santricity_web_services -
oracle retail_xstore_point_of_service 17.0
oracle rest_data_services 18c
netapp santricity_cloud_connector -
netapp e-series_santricity_os_controller *
netapp snap_creator_framework *
netapp snapmanager *
CVE-2017-7658 HIGH

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle rest_data_services 11.2.0.4
oracle retail_xstore_point_of_service 15.0
debian debian_linux 9.0
oracle rest_data_services 12.1.0.2
netapp oncommand_unified_manager_for_7-mode -
netapp hci_management_node -
eclipse jetty *
netapp snap_creator_framework -
netapp santricity_cloud_connector -
netapp snapcenter -
netapp e-series_santricity_os_controller *
oracle retail_xstore_point_of_service 7.1
oracle retail_xstore_point_of_service 16.0
oracle rest_data_services 12.2.0.1
hp xp_p9000_command_view *
netapp solidfire -
netapp hci_storage_node -
netapp e-series_santricity_management -
netapp e-series_santricity_web_services -
oracle retail_xstore_point_of_service 17.0
netapp oncommand_system_manager *
oracle rest_data_services 18c
oracle retail_xstore_payment 3.3
netapp storage_services_connector -
CVE-2017-8944 HIGH

A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp cloud_optimizer *
CVE-2017-8945 MEDIUM

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
hp icewall_federation_agent 3.0
CVE-2017-8946 HIGH

A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp aruba_airwave_glass 1.0.0
hp aruba_airwave_glass 1.0.1
CVE-2017-8947 HIGH

A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp ucmdb_configuration_manager 10.10
hp ucmdb_configuration_manager 10.11
hp ucmdb_configuration_manager 10.20
hp ucmdb_configuration_manager 10.31
hp ucmdb_configuration_manager 10.30
hp ucmdb_configuration_manager 10.22
hp ucmdb_configuration_manager 10.21
CVE-2017-8948 HIGH

A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp network_node_manager_i 10.21
hp network_node_manager_i 10.20
hp network_node_manager_i 10.01
hp network_node_manager_i 10.10
hp network_node_manager_i 10.00
CVE-2017-8949 LOW

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp sitescope 11.30.521
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.33
hp sitescope 11.23
hp sitescope 11.30
hp sitescope 11.31
hp sitescope 11.20
hp sitescope 11.32
hp sitescope 11.21
hp sitescope 11.24.391
CVE-2017-8950 LOW

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp sitescope 11.30.521
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.33
hp sitescope 11.23
hp sitescope 11.30
hp sitescope 11.31
hp sitescope 11.20
hp sitescope 11.32
hp sitescope 11.21
hp sitescope 11.24.391
CVE-2017-8951 MEDIUM

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp sitescope 11.30.521
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.33
hp sitescope 11.23
hp sitescope 11.30
hp sitescope 11.31
hp sitescope 11.20
hp sitescope 11.32
hp sitescope 11.21
hp sitescope 11.24.391
CVE-2017-8952 MEDIUM

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp sitescope 11.30.521
hp sitescope 11.22
hp sitescope 11.24
hp sitescope 11.33
hp sitescope 11.23
hp sitescope 11.30
hp sitescope 11.31
hp sitescope 11.20
hp sitescope 11.32
hp sitescope 11.21
hp sitescope 11.24.391
CVE-2017-8953 LOW

A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp loadrunner *
hp performance_center *
CVE-2017-8954 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-8955 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-8956 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8957 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.2
CVE-2017-8958 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2017-8959 MEDIUM

An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp msa_1040_san_storage_firmware *
hp msa_2040_san_storage_firmware *
CVE-2017-8960 HIGH

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp msa_1040_san_storage_firmware *
hp msa_2040_san_storage_firmware *
CVE-2017-8961 HIGH

A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8962 HIGH

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8963 HIGH

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8964 HIGH

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8965 HIGH

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8966 HIGH

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8967 HIGH

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8968 HIGH

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp restful_interface_tool 2.0
hp restful_interface_tool 1.5
CVE-2017-8969 LOW

An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp insight_control 7.6
CVE-2017-8970 MEDIUM

A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-8971 MEDIUM

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-8972 MEDIUM

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-8973 MEDIUM

An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp matrix_operating_environment 7.6
CVE-2017-8974 LOW

A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nonstop_server_software *
CVE-2017-8975 HIGH

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp moonshot_provisioning_manager_appliance 1.20
CVE-2017-8976 HIGH

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp moonshot_provisioning_manager_appliance 1.20
CVE-2017-8977 HIGH

A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp moonshot_provisioning_manager_appliance 1.20
CVE-2017-8978 MEDIUM

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp icewall_sso 10.0
hp icewall_sso 11.0
hp icewall_mfa 4.0
hp icewall_mcrp 4.0
CVE-2017-8979 HIGH

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_2_firmware 2.29
CVE-2017-8980 MEDIUM

A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8981 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8982 MEDIUM

A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8983 HIGH

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8984 HIGH

A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2017-8985 MEDIUM

HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp xp_storage_hitachi_global_link_manager *
CVE-2017-8987 HIGH

A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_3_firmware 1.88
CVE-2017-8988 HIGH

A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp xp_command_view *
CVE-2017-8989 MEDIUM

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
hp icewall_sso 10.0
hp icewall_sso 11.0
CVE-2017-8990 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp imc_wireless_service_manager *
hp imc_wireless_service_manager 7.3
CVE-2017-8991 LOW

HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management *
CVE-2017-8992 HIGH

HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management *
CVE-2017-8994 HIGH

A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp operations_orchestration *
CVE-2017-9000 MEDIUM

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp arubaos *
hp arubaos 6.5.2
CVE-2017-9001 HIGH

Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-9002 MEDIUM

All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2017-9003 HIGH

Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp arubaos -
CVE-2018-12463 HIGH

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
hp fortify_software_security_center 17.2
hp fortify_software_security_center 17.1
hp fortify_software_security_center 18.1
CVE-2018-15532 LOW

SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp synaptics_touchpad_driver *
CVE-2018-18593 MEDIUM

Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp ucmdb_configuration_manager 2018.05
hp ucmdb_configuration_manager 2018.02
hp ucmdb_configuration_manager 2018.08
hp ucmdb_configuration_manager 2018.11
hp ucmdb_configuration_manager 10.22
hp ucmdb_configuration_manager 10.33
CVE-2018-2579 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2582 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
debian debian_linux 9.0
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jdk 9.0.1
oracle jre 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
CVE-2018-2588 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2599 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2602 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.0 3.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2603 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2618 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2629 LOW

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2633 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2634 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 2.2 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2637 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2641 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2657 MEDIUM

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
hp xp_command_view *
hp xp_p9000_command_view *
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
oracle jrockit r28.3.16
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
hp xp7_command_view *
redhat satellite 5.6
oracle jdk 1.7.0
CVE-2018-2663 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2677 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2678 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
oracle jdk 9.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
debian debian_linux 7.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
hp xp_command_view *
hp xp_p9000_command_view *
redhat enterprise_linux_server_tus 7.4
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2783 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.6.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
CVE-2018-2790 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2794 LOW

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2795 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2796 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2797 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2798 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2799 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
apache xerces-j *
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2800 MEDIUM

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
redhat satellite 5.8
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
redhat satellite 5.6
CVE-2018-2814 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
oracle jdk 1.8.0
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 17.10
CVE-2018-2815 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
hp xp7_command_view -
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jre 10
oracle jdk 1.6.0
schneider-electric struxureware_data_center_expert *
oracle jdk 1.8.0
oracle jrockit r28.3.17
oracle jre 1.8.0
oracle jdk 10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 17.10
CVE-2018-2940 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat satellite 5.7
netapp virtual_storage_console *
redhat enterprise_linux_desktop 6.0
netapp snapmanager -
oracle jdk 10.0.1
netapp cloud_backup -
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
netapp plug-in_for_symantec_netbackup -
redhat enterprise_linux_server 6.0
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
oracle jdk 1.7.0
netapp steelstore_cloud_integrated_storage -
oracle jdk 1.6.0
redhat satellite 5.8
oracle jre 10.0.1
oracle jdk 1.8.0
netapp active_iq_unified_manager -
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
netapp e-series_santricity_storage_manager -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp oncommand_unified_manager -
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
netapp oncommand_insight -
CVE-2018-2952 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 14.04
redhat satellite 5.7
netapp virtual_storage_console *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
netapp snapmanager -
oracle jdk 10.0.1
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
netapp cloud_backup -
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
netapp plug-in_for_symantec_netbackup -
redhat enterprise_linux_server 6.0
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle jdk 1.6.0
redhat satellite 5.8
oracle jre 10.0.1
oracle jdk 1.8.0
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager -
oracle jre 1.8.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 7.0
netapp e-series_santricity_storage_manager -
oracle jrockit r28.3.18
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp oncommand_unified_manager -
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
netapp oncommand_insight -
CVE-2018-2973 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat satellite 5.7
netapp virtual_storage_console *
redhat enterprise_linux_desktop 6.0
netapp snapmanager -
oracle jdk 10.0.1
netapp cloud_backup -
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
netapp plug-in_for_symantec_netbackup -
redhat enterprise_linux_server 6.0
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
oracle jdk 1.7.0
netapp steelstore_cloud_integrated_storage -
oracle jdk 1.6.0
redhat satellite 5.8
oracle jre 10.0.1
oracle jdk 1.8.0
netapp active_iq_unified_manager -
oracle jre 1.8.0
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
redhat enterprise_linux_desktop 7.0
netapp e-series_santricity_storage_manager -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp oncommand_unified_manager -
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
netapp oncommand_insight -
CVE-2018-3136 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.4 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
oracle jdk 11.0.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
oracle jre 11.0.0
debian debian_linux 8.0
oracle jdk 1.6.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
CVE-2018-3139 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
oracle jdk 11.0.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
oracle jre 11.0.0
debian debian_linux 8.0
oracle jdk 1.6.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
CVE-2018-3149 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
oracle jdk 11.0.0
hp xp7_command_view 8.6.4-00
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
oracle jre 11.0.0
debian debian_linux 8.0
oracle jdk 1.6.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
oracle jrockit r28.3.19
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
CVE-2018-3169 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
oracle jdk 11.0.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
oracle jre 11.0.0
debian debian_linux 8.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
CVE-2018-3180 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
oracle jdk 11.0.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
oracle jre 11.0.0
debian debian_linux 8.0
oracle jdk 1.6.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
oracle jrockit r28.3.19
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
CVE-2018-3183 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
debian debian_linux 9.0
oracle jdk 1.8.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
oracle jdk 11.0.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
oracle jrockit r28.3.19
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jre 11.0.0
CVE-2018-3214 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat satellite 5.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.6
oracle jre 1.6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
oracle jdk 1.6.0
redhat satellite 5.8
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
oracle jrockit r28.3.19
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
redhat satellite 5.6
CVE-2018-5390 HIGH

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway *
cisco threat_grid-cloud -
canonical ubuntu_linux 14.04
f5 big-ip_application_acceleration_manager 14.0.0
hp aruba_clearpass_policy_manager *
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_eus 7.4
f5 big-ip_fraud_protection_service *
cisco telepresence_video_communication_server_firmware x8.10
f5 traffix_systems_signaling_delivery_controller *
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.3
cisco expressway x8.10.1
redhat enterprise_linux_server_eus 6.7
cisco expressway x8.10
linux linux_kernel 4.18
f5 big-ip_link_controller *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 6.4
cisco telepresence_conductor_firmware xc4.3.3
canonical ubuntu_linux 12.04
cisco telepresence_conductor_firmware xc4.3.1
cisco expressway x8.10.2
cisco telepresence_video_communication_server_firmware x8.10.4
cisco telepresence_conductor_firmware xc4.3
f5 big-ip_advanced_firewall_manager 14.0.0
cisco network_assurance_engine 2.1(1a)
cisco telepresence_conductor_firmware xc4.3.4
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_domain_name_system 14.0.0
hp aruba_airwave_amp *
debian debian_linux 8.0
cisco expressway x8.11
cisco collaboration_meeting_rooms 1.0
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_server_tus 7.4
a10networks advanced_core_operating_system 4.1.4
f5 big-ip_webaccelerator 14.0.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_edge_gateway 14.0.0
canonical ubuntu_linux 18.04
linux linux_kernel *
cisco digital_network_architecture_center 1.2
cisco meeting_management 1.0
redhat enterprise_linux_server 7.0
f5 traffix_systems_signaling_delivery_controller 4.4.0
redhat enterprise_linux_server_aus 6.6
a10networks advanced_core_operating_system 4.1.0
cisco meeting_management 1.0.1
f5 big-ip_advanced_firewall_manager *
cisco telepresence_video_communication_server_firmware x8.11
debian debian_linux 9.0
f5 big-ip_local_traffic_manager 14.0.0
cisco telepresence_video_communication_server_firmware x8.10.2
cisco expressway x8.10.3
cisco webex_hybrid_data_security -
cisco webex_video_mesh -
a10networks advanced_core_operating_system 4.1.1
cisco telepresence_video_communication_server_firmware x8.10.1
redhat enterprise_linux_server_tus 6.6
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager *
cisco telepresence_video_communication_server_firmware x8.10.3
canonical ubuntu_linux 16.04
a10networks advanced_core_operating_system 4.1.2
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_application_security_manager *
redhat enterprise_linux_server_aus 7.3
cisco expressway x8.10.4
cisco telepresence_conductor_firmware xc4.3.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.3
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 14.0.0
f5 big-ip_global_traffic_manager *
redhat virtualization 4.0
redhat enterprise_linux_desktop 7.0
a10networks advanced_core_operating_system 3.2.2
redhat enterprise_linux_server_aus 7.2
f5 big-ip_fraud_protection_service 14.0.0
redhat enterprise_linux_server_eus 7.5
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_workstation 7.0
f5 big-ip_analytics 14.0.0
cisco expressway_series -
CVE-2018-5740 MEDIUM

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
isc bind *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
opensuse leap 15.1
canonical ubuntu_linux 12.04
opensuse leap 15.0
canonical ubuntu_linux 18.04
opensuse leap 42.3
redhat enterprise_linux_workstation 7.0
netapp data_ontap_edge -
canonical ubuntu_linux 16.04
hp hp-ux -
debian debian_linux 8.0
CVE-2018-5921 MEDIUM

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp b3g85a_firmware *
hp g1w47a_firmware *
hp k0q14a_firmware *
hp x3a78a_firmware *
hp a2w75a_firmware *
hp l3u43a_firmware *
hp a2w79a_firmware *
hp cd646a_firmware *
hp g1w40a_firmware *
hp b3g84a_firmware *
hp m0p35a_firmware *
hp j7z98a_firmware *
hp l3u59a_firmware *
hp a2w78a_firmware *
hp k0q22a_firmware *
hp l3u52a_firmware *
hp f2a77a_firmware *
hp j7z04a_firmware *
hp x3a65a_firmware *
hp k0q21a_firmware *
hp l3u46a_firmware *
hp z8z21a_firmware *
hp e6b71a_firmware *
hp cd645a_firmware *
hp m0p36a_firmware *
hp x3a89a_firmware *
hp l8z07a_firmware *
hp cc524a_firmware *
hp z8z19a_firmware *
hp j7z06a_firmware *
hp l1h45a_firmware *
hp j8j79a_firmware *
hp l3u44a_firmware *
hp z8z03a_firmware *
hp cz245a_firmware *
hp cz249a_firmware *
hp j8j70a_firmware *
hp z8z12a_firmware *
hp cf117a_firmware *
hp cc523a_firmware *
hp cf069a_firmware *
hp z8z17a_firmware *
hp m0p40a_firmware *
hp d7p70a_firmware *
hp l3u41a_firmware *
hp z8z15a_firmware *
hp x3a66a_firmware *
hp b5l26a_firmware *
hp j8a10a_firmware *
hp j8a17a_firmware *
hp l2762a_firmware *
hp j8j66a_firmware *
hp x3a68a_firmware *
hp j8j65a_firmware *
hp l3u66a_firmware *
hp l3u62a_firmware *
hp ca251a_firmware *
hp z8z07a_firmware *
hp f2a81a_firmware *
hp z8z16a_firmware *
hp l3u55a_firmware *
hp x3a75a_firmware *
hp k0q15a_firmware *
hp z8z10a_firmware *
hp f2a78v_firmware *
hp cc522a_firmware *
hp b5l07a_firmware *
hp l3u50a_firmware *
hp f2a76a_firmware *
hp p7z48a_firmware *
hp x3a77a_firmware *
hp j8j74a_firmware *
hp c2s11v_firmware *
hp z8z00a_firmware *
hp x3a80a_firmware *
hp l3u57a_firmware *
hp k0q20a_firmware *
hp l3u60a *
hp g1w39a_firmware *
hp c2s12v_firmware *
hp cz250a_firmware *
hp z8z08a_firmware *
hp j8j76a_firmware *
hp x3a83a_firmware *
hp j7z99a_firmware *
hp g1w40v_firmware *
hp d7p68a_firmware *
hp p7z47a_firmware *
hp j8j67a_firmware *
hp h0dc9a_firmware *
hp l3u70a_firmware *
hp j8a11a_firmware *
hp z8z11a_firmware *
hp b5l50a_firmware *
hp j8j72a_firmware *
hp cf367a_firmware *
hp b5l06a_firmware *
hp b5l54a_firmware *
hp x3a90a_firmware *
hp cf067a_firmware *
hp j8a05a_firmware *
hp m0p32a_firmware *
hp g1w46v_firmware *
hp l3u65a_firmware *
hp x3a86a_firmware *
hp cf066a_firmware *
hp x3a59a_firmware *
hp x3a69a_firmware *
hp f2a67a_firmware *
hp l3u47a_firmware *
hp l3u40a_firmware *
hp l3u49a_firmware *
hp j8a13a_firmware *
hp j8a04a_firmware *
hp x3a87a_firmware *
hp l3u67a_firmware *
hp k0q19a_firmware *
hp m0p33a_firmware *
hp z8z09a_firmware *
hp x3a60a_firmware *
hp j8j78a_firmware *
hp g1w41a_firmware *
hp a2w76a_firmware *
hp f2a80a_firmware *
hp j8j80a_firmware *
hp k0q17a_firmware *
hp g1w46a_firmware *
hp j8a16a_firmware *
hp x3a93a_firmware *
hp b5l49a_firmware *
hp e6b73a_firmware *
hp j8j73a_firmware *
hp z8z01a_firmware *
hp f2a71a_firmware *
hp l3u61a_firmware *
hp z8z13a_firmware *
hp f2a70a_firmware *
hp d7p71a_firmware *
hp z8z18a_firmware *
hp cf116a_firmware *
hp l3u42a_firmware *
hp j8j71a_firmware *
hp l3u69a_firmware *
hp x3a84a_firmware *
hp z8z20a_firmware *
hp l3u56a_firmware *
hp cz244a_firmware *
hp l3u45a_firmware *
hp j8a06a_firmware *
hp z8z14a_firmware *
hp l3u63a_firmware *
hp b5l39a_firmware *
hp x3a92a_firmware *
hp j8a12a_firmware *
hp c2s11a_firmware *
hp cz248a_firmware *
hp a2w77a_firmware *
hp x3a63a_firmware *
hp j8j63a_firmware *
hp cf068a_firmware *
hp b5l48a_firmware *
hp x3a72a_firmware *
hp z8z23a_firmware *
hp z8z22a_firmware *
hp z8z04a_firmware *
hp cf118a_firmware *
hp x3a71a_firmware *
hp d7p73a_firmware *
hp j8j64a_firmware *
hp g1w47v_firmware *
hp z8z02a_firmware *
hp b5l05a_firmware *
hp l3u64a_firmware *
hp j7x28a_firmware *
hp f2a79a_firmware *
hp b5l46a_firmware *
hp z8z05a_firmware *
hp z8z06a_firmware *
hp x3a81a_firmware *
hp b5l04a_firmware *
hp l3u51a_firmware *
hp x3a79a_firmware *
hp m0p39a_firmware *
hp k0q18a_firmware *
hp g1w39v_firmware *
hp x3a62a_firmware *
hp b3g86a_firmware *
hp c2s12a_firmware *
hp l3u48a_firmware *
hp g1w41v_firmware *
hp b5l47a_firmware *
hp x3a74a_firmware *
hp cd644a_firmware *
hp l2683a_firmware *
CVE-2018-5923 HIGH

In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,

Products Affected

Vendor Product Version
hp laserjet_enterprise_m609dh_firmware *
hp laserjet_enterprise_flow_m830z_mfp_firmware *
hp color_laserjet_enterprise_mfp_m681dh_firmware *
hp color_laserjet_enterprise_flow_mfp_m681z_firmware *
hp color_laserjet_enterprise_m552_firmware *
hp color_laserjet_enterprise_m653dh_firmware *
hp laserjet_enterprise_flow_mfp_m525c_firmware *
hp color_laserjet_enterprise_flow_mfp_m681f_firmware *
hp laserjet_enterprise_mfp_m632fht_firmware *
hp color_laserjet_enterprise_m651_firmware *
hp pagewide_managed_color_flow_mfp_e58650z_firmware *
hp laserjet_enterprise_m4555_mfp_firmware *
hp color_laserjet_managed_flow_mfp_e77830z_firmware *
hp pagewide_managed_color_flow_mfp_e77650zs_firmware *
hp laserjet_enterprise_500_mfp_m525f_firmware *
hp laserjet_enterprise_m606_firmware *
hp scanjet_enterprise_flow_n9120_document_flatbed_scanner_firmware *
hp pagewide_enterprise_color_x556xh_firmware *
hp laserjet_managed_e60075x_firmware *
hp laserjet_enterprise_color_500_m551_firmware *
hp laserjet_managed_e50045dw_firmware *
hp pagewide_managed_color_flow_mfp_e77650z_firmware *
hp color_laserjet_enterprise_m553_firmware *
hp laserjet_enterprise_mfp_m633fh_firmware *
hp laserjet_managed_flow_mfp_e82550_firmware *
hp color_laserjet_enterprise_m653dn_firmware *
hp laserjet_enterprise_700_m712xh_firmware *
hp pagewide_enterprise_color_mpf_785f_firmware *
hp laserjet_enterprise_mfp_m632h_firmware *
hp laserjet_enterprise_m607n_firmware *
hp laserjet_enterprise_600_m603xh_firmware *
hp pagewide_managed_color_e55650dn_firmware *
hp color_laserjet_enterprise_mfp_m682dh_firmware *
hp laserjet_enterprise_flow_mfp_m631h_firmware *
hp laserjet_enterprise_flow_mfp_m630z_firmware *
hp color_laserjet_managed_mfp_e87640dn_firmware *
hp pagewide_managed_color_flow_mfp_e77660zts_firmware *
hp laserjet_enterprise_flow_mfp_m632z_firmware *
hp laserjet_enterprise_mfp_m527_firmware *
hp laserjet_enterprise_m609dn_firmware *
hp pagewide_enterprise_color_mfp_586dn_firmware *
hp pagewide_managed_color_mfp_e77650dn_firmware *
hp officejet_enterprise_color_x555xh_firmware *
hp pagewide_managed_color_e75160dn_firmware *
hp officejet_enterprise_color_mfp_x585_firmware *
hp laserjet_managed_flow_mfp_e72530_firmware *
hp laserjet_managed_flow_mfp_e72535z_firmware *
hp pagewide_managed_color_flow_mfp_e77660zs_firmware *
hp color_laserjet_enterprise_m652dn_firmware *
hp laserjet_managed_e60075dn_firmware *
hp color_laserjet_managed_mfp_e67550dh_firmware *
hp color_laserjet_enterprise_m750_firmware *
hp color_laserjet_enterprise_flow_mfp_m682z_firmware *
hp laserjet_enterprise_m607dn_firmware *
hp laserjet_managed_mfp_e62555dn_firmware *
hp color_laserjet_managed_flow_mfp_e67550f_firmware *
hp laserjet_managed_mfp_e82550_firmware *
hp color_laserjet_managed_mfp_e67560dh_firmware *
hp pagewide_managed_color_flow_mfp_e77660z_firmware *
hp laserjet_enterprise_800_color_mfp_m880_firmware *
hp pagewide_managed_color_flow_mfp_e77660dn_firmware *
hp laserjet_enterprise_500_color_mfp_m575dn_firmware *
hp color_laserjet_managed_flow_mfp_e87660z_firmware *
hp color_laserjet_managed_e65060x_firmware *
hp color_laserjet_managed_flow_mfp_e77822_firmware *
hp laserjet_managed_mfp_e72525_firmware *
hp officejet_enterprise_color_flow_mfp_x585_firmware *
hp pagewide_enterprise_color_x556dn_firmware *
hp pagewide_enterprise_color_mpf_780dn_firmware *
hp color_laserjet_managed_flow_mfp_e87650_firmware *
hp laserjet_enterprise_color_flow_mfp_m575c_firmware *
hp laserjet_managed_e60065dn_firmware *
hp color_laserjet_managed_e55040dw_firmware *
hp pagewide_enterprise_color_flow_mfp_586z_firmware *
hp digital_sender_flow_8500_fn2_document_capture_workstation_firmware *
hp color_laserjet_enterprise_m652n_firmware *
hp laserjet_enterprise_m604_firmware *
hp pagewide_enterprise_color_765dn_firmware *
hp laserjet_enterprise_m608dn_firmware *
hp officejet_enterprise_color_x555dn_firmware *
hp laserjet_enterprise_700_color_mfp_m775_firmware *
hp color_laserjet_managed_e65050dn_firmware *
hp laserjet_enterprise_800_color_m855_firmware *
hp color_laserjet_enterprise_mfp_m577_firmware *
hp pagewide_managed_color_mfp_e58650dn_firmware *
hp laserjet_managed_flow_mfp_e72525_firmware *
hp color_laserjet_enterprise_m653x_firmware *
hp laserjet_enterprise_m506_firmware *
hp laserjet_enterprise_mfp_m630_firmware *
hp pagewide_managed_color_mfp_e77650dns_firmware *
hp color_laserjet_cm4540_mfp_firmware *
hp color_laserjet_m680_firmware *
hp color_laserjet_managed_flow_mfp_e77825_firmware *
hp laserjet_enterprise_mfp_m631dn_firmware *
hp laserjet_enterprise_600_m602_firmware *
hp laserjet_managed_flow_mfp_e82560z_firmware *
hp laserjet_enterprise_m608dh_firmware *
hp color_laserjet_cp5525_firmware *
hp pagewide_enterprise_color_mpf_785zs_firmware *
hp color_laserjet_managed_mfp_e87650_firmware *
hp laserjet_managed_flow_mfp_e62565h_firmware *
hp color_laserjet_managed_e65060dn_firmware *
hp laserjet_enterprise_mfp_m631z_firmware *
hp laserjet_managed_mfp_e52545dn_firmware *
hp laserjet_managed_mfp_e82540_firmware *
hp laserjet_managed_e60065x_firmware *
hp laserjet_managed_flow_mfp_e82540_firmware *
hp laserjet_enterprise_mfp_m725_firmware *
hp color_laserjet_enterprise_mfp_m681f_firmware *
hp color_laserjet_managed_flow_mfp_e87640_firmware *
hp color_laserjet_managed_flow_mfp_e87640z_firmware *
hp pagewide_enterprise_color_mfp_586f_firmware *
hp laserjet_enterprise_m608x_firmware *
hp color_laserjet_managed_mfp_e57540dn_firmware *
hp color_laserjet_managed_mfp_e77825_firmware *
hp laserjet_managed_flow_mfp_e62565z_firmware *
hp laserjet_enterprise_flow_mfp_m633z_firmware *
hp laserjet_managed_mfp_e62565hs_firmware *
hp color_laserjet_managed_mfp_e77830dn_firmware *
hp color_laserjet_managed_mfp_e77822_firmware *
hp color_laserjet_managed_mfp_e87660dn_firmware *
hp laserjet_managed_mfp_e72530_firmware *
hp scanjet_enterprise_8500_document_capture_workstation_firmware *
hp pagewide_enterprise_color_mpf_780f_firmware *
hp laserjet_managed_flow_mfp_e62575z_firmware *
hp laserjet_managed_flow_mfp_e52545c_firmware *
hp laserjet_enterprise_m605_firmware *
hp color_laserjet_managed_flow_mfp_e57540c_firmware *
hp laserjet_enterprise_m806_firmware *
hp color_laserjet_managed_mfp_e87640_firmware *
hp laserjet_managed_mfp_e82560dn_firmware *
hp laserjet_enterprise_m609x_firmware *
hp laserjet_managed_e60055dn_firmware *
hp laserjet_managed_flow_mfp_e62555dn_firmware *
hp laserjet_enterprise_600_m601_firmware *
hp laserjet_managed_mfp_e72535dn_firmware *
hp laserjet_enterprise_m608n_firmware *
hp color_laserjet_managed_flow_mfp_e67560z_firmware *
CVE-2018-5924 HIGH

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hp cr769a_firmware 1829a
hp d3q19a_firmware 001.1829a
hp t0g56a_firmware 1827b
hp w1b37_firmware 005.1828a
hp 3aw51a_firmware 1828a
hp t6t77a_firmware 1827b
hp f0v63_firmware 1827b
hp t0g50a_firmware 1828a
hp 1jl02a_firmware 1829a
hp a9j41_firmware 1828b
hp cq891c_firmware 1829b
hp cn460a_firmware 1829b
hp l9d57a_firmware 1828a
hp f0v67_firmware 1827b
hp y0s19a_firmware 1828a
hp d3q20d_firmware 001.1829a
hp w1b31_firmware 005.1828a
hp cn463a_firmware 1829b
hp cr768a_firmware 1829a
hp cn459a_firmware 1829b
hp g0v47_firmware 1831a
hp k9z76a_firmware 001.1829a
hp j9v80b_firmware 001.1829a
hp t0f29a_firmware 1830a
hp t1p36_firmware 1827a
hp z4b56a_firmware 1805j
hp cq893ar_firmware 1829b
hp t3p04a_firmware 1828a
hp cz293a_firmware 1828a
hp j7a28a_firmware 1828a
hp f5s57a_firmware 1829a
hp 2nd31a_firmware 1828b
hp d4h21a_firmware 1826a
hp t0g45a_firmware 1828a
hp b9s58a_firmware 1830b
hp e3e03a_firmware 1827a
hp y3z45_firmware 005.1828a
hp g5j38a_firmware 1828a
hp b9s57c_firmware 1829a
hp d3q17d_firmware 001.1829a
hp j9v82b_firmware 001.1829a
hp w3u23_firmware 1827b
hp y3z57_firmware 005.1828a
hp f1h97_firmware 1828b
hp y5h80a_firmware 1828a
hp d7z37a_firmware 1828a
hp n4k99c_firmware 1828a
hp t0g70a_firmware 1827b
hp cn598a_firmware 1829b
hp m9l65a_firmware 1828a
hp j6u63_firmware 1827b
hp z4a54_firmware 1828b
hp k4t99b_firmware 1829a
hp e2d42a_firmware 1828a
hp k7s42a_firmware 1832a
hp g0v48b_firmware 1831a
hp t0g25a_firmware 1827a
hp d3p93a_firmware 1827b
hp 4sc29a_firmware 1828a
hp d4h25a_firmware 1830a
hp cz152a_firmware 1829a
hp m2u81_firmware 1828a
hp t8w35a_firmware 1830a
hp l9b95a_firmware 1827a
hp p4c78a_firmware 1828a
hp m2u91_firmware 1828a
hp t8x44_firmware 1828a
hp cz284a_firmware 1830a
hp t8x39_firmware 1828a
hp k7s37a_firmware 1828a
hp a9u23_firmware 1828a
hp d3q15a_firmware 001.1829a
hp k9z76d_firmware 001.1829a
hp j6u55a_firmware 001.1829a
hp cx017a_firmware 1828b
hp y3z54_firmware 005.1828a
hp cq890d_firmware 1829b
hp cq890a_firmware 1829b
hp cq893c_firmware 1829b
hp n9m07a_firmware 1829a
hp f8b09_firmware 1830a
hp 3yz74a_firmware 1828a
hp cq761a_firmware 1829b
hp m2u86_firmware 1828a
hp j7a31a_firmware 1828a
hp z4b07a_firmware 1737j
hp d3q21c_firmware 001.1829a
hp j9v87a_firmware 1828a
hp g0v48c_firmware 1828b
hp k7v42c_firmware 1829a
hp x3b09a_firmware 1829a
hp t5d66a_firmware 1829a
hp k7s34a_firmware 1828a
hp t0a23a_firmware 1829a
hp j9v82d_firmware 001.1829a
hp j6x80a_firmware 1828a
hp j6u55b_firmware 001.1829a
hp m2q28a_firmware 1829a
hp f0v64_firmware 1827b
hp cq890ar_firmware 1829b
hp cm750a_firmware 1829a
hp cz025a_firmware 1830a
hp d3q17a_firmware 001.1829a
hp z4b53a_firmware 1737j
hp cq890c_firmware 1829b
hp cq891ar_firmware 1829b
hp n4l18c_firmware 1826a
hp cn583a_firmware 1828a
hp g3j47a_firmware 1828b
hp a7f64a_firmware 1828a
hp k9h48_firmware 1827b
hp f5s43_firmware 1829a
hp k7g86_firmware 1830b
hp d3q20b_firmware 001.1829a
hp a9j40a_firmware 1828b
hp t0k98a_firmware 1828a
hp 4uj28b_firmware 1828a
hp t8w51a_firmware 1828a
hp f8b05a_firmware 1830b
hp f5s00_firmware 1830a
hp m2u76_firmware 1831a
hp cz992a_firmware 1828a
hp d3q16a_firmware 001.1829a
hp k9u05b_firmware 1828a
hp n4l14c_firmware 1827a
hp e3e02a_firmware 1828a
hp n4l17a_firmware 1828a
hp cm749a_firmware 1829a
hp f9a28b_firmware 1829a
hp v1n02a_firmware 1828a
hp y5z00a_firmware 1829a
hp k9h57_firmware 1827b
hp cq176a_firmware 1829b
hp v6d27_firmware 1828a
hp d3a82a_firmware 1828b
hp f8b12a_firmware 1830a
hp y3z44_firmware 005.1828a
hp k7c84_firmware 1831a
hp w1b39_firmware 005.1828a
hp d3q15d_firmware 001.1829a
hp d3q21d_firmware 001.1829a
hp t1q00_firmware 1827b
hp f8b04a_firmware 1830b
hp j2d37a_firmware 1828a
hp f5r95_firmware 1830a
hp d3q16b_firmware 001.1829a
hp l8l91a_firmware 1828a
hp d4h24b_firmware 1826a
hp f8b13a_firmware 1830b
hp a7f65a_firmware 1828a
hp k9v76_firmware 1830a
hp cv136a_firmware 1829a
hp d9l63a_firmware 1827b
hp cz282a_firmware 1831a
hp y3z47_firmware 005.1828a
hp j9v86a_firmware 1828a
hp j6u69_firmware 1827b
hp y0s18a_firmware 1830a
hp 3aw44a_firmware 1828a
hp j9v82c_firmware 001.1829a
hp w1b33_firmware 005.1828a
hp f5s60a_firmware 1829a
hp cz292a_firmware 1828a
hp e1d36a_firmware 1828a
hp g1w52a_firmware 1828a
hp j6u55d_firmware 001.1829a
hp m9l81a_firmware 1828a
hp b9s56a_firmware 1830b
hp cz283a_firmware 1829a
hp z6z97a_firmware 1805j
hp k7v35_firmware 1829a
hp t0g54a_firmware 1828a
hp cz294a_firmware 1830a
hp j6u57b_firmware 001.1829a
hp j7k34a_firmware 1828a
hp j6u59_firmware 1827b
hp cx042_firmware 1828b
hp m9l80a_firmware 1828a
hp cn461a_firmware 1829b
hp cq176_firmware 1828a
hp a9u19a_firmware 1828b
hp j6u55c_firmware 001.1829a
hp d3q19d_firmware 001.1829a
hp y3z46_firmware 005.1828a
hp b4l03_firmware 1830a
hp g1x85a_firmware 1828a
hp d4h22a_firmware 1826a
hp cq183a_firmware 1828b
hp g0450_firmware 1831a
hp j6x76a_firmware 1828a
hp f9d36_firmware 1830a
hp a9t80b_firmware 1828a
hp c9s13a_firmware 1827d
hp m9l73a_firmware 1828a
hp 1dt61a_firmware 1828a
hp f5r96a_firmware 1830a
hp k4u04b_firmware 1829a
hp v1n01a_firmware 1828a
hp w1b38_firmware 005.1828a
hp j3p68a_firmware 1829a
hp cq891b_firmware 1829b
hp cq893a_firmware 1829b
hp cq893b_firmware 1829b
hp z4b12_firmware 1830a
hp 1sh08_firmware 1828a
hp y5h60a_firmware 1828a
hp f8b06a_firmware 1830b
hp b4l08a_firmware 1830a
hp a9u28b_firmware 1828b
hp d3q21a_firmware 001.1829a
hp z6z11a_firmware 1805j
hp cq890e_firmware 1829b
hp d3q16d_firmware 001.1829a
hp cq891a_firmware 1829b
hp d9l20a_firmware 1827a
hp d3q17c_firmware 001.1829a
hp d7z36a_firmware 1828a
hp k7g93a_firmware 1737j
hp w3u25_firmware 1828a
hp k9t01_firmware 1827b
hp j7k33a_firmware 1828a
hp d9l19a_firmware 1828a
hp t0f28a_firmware 1828a
hp f9a29b_firmware 1829a
hp e4w43_firmware 1829d
hp cz045a_firmware 1830a
hp d9l64a_firmware 1827b
hp cz276a_firmware 1827a
hp p0r21a_firmware 1829a
hp t5d67a_firmware 1829a
hp cq890b_firmware 1829b
hp a7f66a_firmware 1828b
hp b9s76_firmware 1830a
hp j9v82a_firmware 001.1829a
hp cn216a_firmware 1829a
hp d3q20c_firmware 001.1829a
hp z6z95a_firmware 1805j
hp d9l18a_firmware 1828a
hp cq893e_firmware 1829b
hp m2u75_firmware 1828a
hp j5t77a_firmware 1828a
hp d3q15b_firmware 001.1829a
hp t3p03a_firmware 1828a
hp f9a29a_firmware 1829a
hp d4j74_firmware 1830a
hp v1n08a_firmware 1828a
hp f1h96_firmware 1830a
hp cv037a_firmware 1829b
hp a9t89a_firmware 1828a
hp cz993a_firmware 1827a
hp f9a28a_firmware 1829a
hp f5s65a_firmware 1829a
hp d3q16c_firmware 001.1829a
hp d3q20a_firmware 001.1829a
hp d4j85b_firmware 1831a
hp f1j00_firmware 1830a
hp cr7770a_firmware 1828a
hp j9v80a_firmware 001.1829a
hp m9l70a_firmware 1828a
hp f0m65a_firmware 1828a
hp 1jl02b_firmware 1829a
hp a9t80a_firmware 1828a
hp cn577a_firmware 1828a
hp d3a78b_firmware 1828b
hp cr771a_firmware 1829a
hp m2u85_firmware 1828a
hp cn581a_firmware 1827d
hp k7g18a_firmware 1829d
hp t1p99_firmware 1828a
hp e1d34a_firmware 1828a
CVE-2018-5925 HIGH

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp cr769a_firmware 1829a
hp d3q19a_firmware 001.1829a
hp t0g56a_firmware 1827b
hp w1b37_firmware 005.1828a
hp 3aw51a_firmware 1828a
hp t6t77a_firmware 1827b
hp f0v63_firmware 1827b
hp t0g50a_firmware 1828a
hp 1jl02a_firmware 1829a
hp a9j41_firmware 1828b
hp cq891c_firmware 1829b
hp cn460a_firmware 1829b
hp l9d57a_firmware 1828a
hp f0v67_firmware 1827b
hp y0s19a_firmware 1828a
hp d3q20d_firmware 001.1829a
hp w1b31_firmware 005.1828a
hp cn463a_firmware 1829b
hp cr768a_firmware 1829a
hp cn459a_firmware 1829b
hp g0v47_firmware 1831a
hp k9z76a_firmware 001.1829a
hp j9v80b_firmware 001.1829a
hp t0f29a_firmware 1830a
hp t1p36_firmware 1827a
hp z4b56a_firmware 1805j
hp cq893ar_firmware 1829b
hp t3p04a_firmware 1828a
hp cz293a_firmware 1828a
hp j7a28a_firmware 1828a
hp f5s57a_firmware 1829a
hp 2nd31a_firmware 1828b
hp d4h21a_firmware 1826a
hp t0g45a_firmware 1828a
hp b9s58a_firmware 1830b
hp e3e03a_firmware 1827a
hp y3z45_firmware 005.1828a
hp g5j38a_firmware 1828a
hp b9s57c_firmware 1829a
hp d3q17d_firmware 001.1829a
hp j9v82b_firmware 001.1829a
hp w3u23_firmware 1827b
hp y3z57_firmware 005.1828a
hp f1h97_firmware 1828b
hp y5h80a_firmware 1828a
hp d7z37a_firmware 1828a
hp n4k99c_firmware 1828a
hp t0g70a_firmware 1827b
hp cn598a_firmware 1829b
hp m9l65a_firmware 1828a
hp j6u63_firmware 1827b
hp z4a54_firmware 1828b
hp k4t99b_firmware 1829a
hp e2d42a_firmware 1828a
hp k7s42a_firmware 1832a
hp g0v48b_firmware 1831a
hp t0g25a_firmware 1827a
hp d3p93a_firmware 1827b
hp 4sc29a_firmware 1828a
hp d4h25a_firmware 1830a
hp cz152a_firmware 1829a
hp m2u81_firmware 1828a
hp t8w35a_firmware 1830a
hp l9b95a_firmware 1827a
hp p4c78a_firmware 1828a
hp m2u91_firmware 1828a
hp t8x44_firmware 1828a
hp cz284a_firmware 1830a
hp t8x39_firmware 1828a
hp k7s37a_firmware 1828a
hp a9u23_firmware 1828a
hp d3q15a_firmware 001.1829a
hp k9z76d_firmware 001.1829a
hp j6u55a_firmware 001.1829a
hp cx017a_firmware 1828b
hp y3z54_firmware 005.1828a
hp cq890d_firmware 1829b
hp cq890a_firmware 1829b
hp cq893c_firmware 1829b
hp n9m07a_firmware 1829a
hp f8b09_firmware 1830a
hp 3yz74a_firmware 1828a
hp cq761a_firmware 1829b
hp m2u86_firmware 1828a
hp j7a31a_firmware 1828a
hp z4b07a_firmware 1737j
hp d3q21c_firmware 001.1829a
hp j9v87a_firmware 1828a
hp g0v48c_firmware 1828b
hp k7v42c_firmware 1829a
hp x3b09a_firmware 1829a
hp t5d66a_firmware 1829a
hp k7s34a_firmware 1828a
hp t0a23a_firmware 1829a
hp j9v82d_firmware 001.1829a
hp j6x80a_firmware 1828a
hp j6u55b_firmware 001.1829a
hp m2q28a_firmware 1829a
hp f0v64_firmware 1827b
hp cq890ar_firmware 1829b
hp cm750a_firmware 1829a
hp cz025a_firmware 1830a
hp d3q17a_firmware 001.1829a
hp z4b53a_firmware 1737j
hp cq890c_firmware 1829b
hp cq891ar_firmware 1829b
hp n4l18c_firmware 1826a
hp cn583a_firmware 1828a
hp g3j47a_firmware 1828b
hp a7f64a_firmware 1828a
hp k9h48_firmware 1827b
hp f5s43_firmware 1829a
hp k7g86_firmware 1830b
hp d3q20b_firmware 001.1829a
hp a9j40a_firmware 1828b
hp t0k98a_firmware 1828a
hp 4uj28b_firmware 1828a
hp t8w51a_firmware 1828a
hp f8b05a_firmware 1830b
hp f5s00_firmware 1830a
hp m2u76_firmware 1831a
hp cz992a_firmware 1828a
hp d3q16a_firmware 001.1829a
hp k9u05b_firmware 1828a
hp n4l14c_firmware 1827a
hp e3e02a_firmware 1828a
hp n4l17a_firmware 1828a
hp cm749a_firmware 1829a
hp f9a28b_firmware 1829a
hp v1n02a_firmware 1828a
hp y5z00a_firmware 1829a
hp k9h57_firmware 1827b
hp cq176a_firmware 1829b
hp v6d27_firmware 1828a
hp d3a82a_firmware 1828b
hp f8b12a_firmware 1830a
hp y3z44_firmware 005.1828a
hp k7c84_firmware 1831a
hp w1b39_firmware 005.1828a
hp d3q15d_firmware 001.1829a
hp d3q21d_firmware 001.1829a
hp t1q00_firmware 1827b
hp f8b04a_firmware 1830b
hp j2d37a_firmware 1828a
hp f5r95_firmware 1830a
hp d3q16b_firmware 001.1829a
hp l8l91a_firmware 1828a
hp d4h24b_firmware 1826a
hp f8b13a_firmware 1830b
hp a7f65a_firmware 1828a
hp k9v76_firmware 1830a
hp cv136a_firmware 1829a
hp d9l63a_firmware 1827b
hp cz282a_firmware 1831a
hp y3z47_firmware 005.1828a
hp j9v86a_firmware 1828a
hp j6u69_firmware 1827b
hp y0s18a_firmware 1830a
hp 3aw44a_firmware 1828a
hp j9v82c_firmware 001.1829a
hp w1b33_firmware 005.1828a
hp f5s60a_firmware 1829a
hp cz292a_firmware 1828a
hp e1d36a_firmware 1828a
hp g1w52a_firmware 1828a
hp j6u55d_firmware 001.1829a
hp m9l81a_firmware 1828a
hp b9s56a_firmware 1830b
hp cz283a_firmware 1829a
hp z6z97a_firmware 1805j
hp k7v35_firmware 1829a
hp t0g54a_firmware 1828a
hp cz294a_firmware 1830a
hp j6u57b_firmware 001.1829a
hp j7k34a_firmware 1828a
hp j6u59_firmware 1827b
hp cx042_firmware 1828b
hp m9l80a_firmware 1828a
hp cn461a_firmware 1829b
hp cq176_firmware 1828a
hp a9u19a_firmware 1828b
hp j6u55c_firmware 001.1829a
hp d3q19d_firmware 001.1829a
hp y3z46_firmware 005.1828a
hp b4l03_firmware 1830a
hp g1x85a_firmware 1828a
hp d4h22a_firmware 1826a
hp cq183a_firmware 1828b
hp g0450_firmware 1831a
hp j6x76a_firmware 1828a
hp f9d36_firmware 1830a
hp a9t80b_firmware 1828a
hp c9s13a_firmware 1827d
hp m9l73a_firmware 1828a
hp 1dt61a_firmware 1828a
hp f5r96a_firmware 1830a
hp k4u04b_firmware 1829a
hp v1n01a_firmware 1828a
hp w1b38_firmware 005.1828a
hp j3p68a_firmware 1829a
hp cq891b_firmware 1829b
hp cq893a_firmware 1829b
hp cq893b_firmware 1829b
hp z4b12_firmware 1830a
hp 1sh08_firmware 1828a
hp y5h60a_firmware 1828a
hp f8b06a_firmware 1830b
hp b4l08a_firmware 1830a
hp a9u28b_firmware 1828b
hp d3q21a_firmware 001.1829a
hp z6z11a_firmware 1805j
hp cq890e_firmware 1829b
hp d3q16d_firmware 001.1829a
hp cq891a_firmware 1829b
hp d9l20a_firmware 1827a
hp d3q17c_firmware 001.1829a
hp d7z36a_firmware 1828a
hp k7g93a_firmware 1737j
hp w3u25_firmware 1828a
hp k9t01_firmware 1827b
hp j7k33a_firmware 1828a
hp d9l19a_firmware 1828a
hp t0f28a_firmware 1828a
hp f9a29b_firmware 1829a
hp e4w43_firmware 1829d
hp cz045a_firmware 1830a
hp d9l64a_firmware 1827b
hp cz276a_firmware 1827a
hp p0r21a_firmware 1829a
hp t5d67a_firmware 1829a
hp cq890b_firmware 1829b
hp a7f66a_firmware 1828b
hp b9s76_firmware 1830a
hp j9v82a_firmware 001.1829a
hp cn216a_firmware 1829a
hp d3q20c_firmware 001.1829a
hp z6z95a_firmware 1805j
hp d9l18a_firmware 1828a
hp cq893e_firmware 1829b
hp m2u75_firmware 1828a
hp j5t77a_firmware 1828a
hp d3q15b_firmware 001.1829a
hp t3p03a_firmware 1828a
hp f9a29a_firmware 1829a
hp d4j74_firmware 1830a
hp v1n08a_firmware 1828a
hp f1h96_firmware 1830a
hp cv037a_firmware 1829b
hp a9t89a_firmware 1828a
hp cz993a_firmware 1827a
hp f9a28a_firmware 1829a
hp f5s65a_firmware 1829a
hp d3q16c_firmware 001.1829a
hp d3q20a_firmware 001.1829a
hp d4j85b_firmware 1831a
hp f1j00_firmware 1830a
hp cr7770a_firmware 1828a
hp j9v80a_firmware 001.1829a
hp m9l70a_firmware 1828a
hp f0m65a_firmware 1828a
hp 1jl02b_firmware 1829a
hp a9t80a_firmware 1828a
hp cn577a_firmware 1828a
hp d3a78b_firmware 1828b
hp cr771a_firmware 1829a
hp m2u85_firmware 1828a
hp cn581a_firmware 1827d
hp k7g18a_firmware 1829d
hp t1p99_firmware 1828a
hp e1d34a_firmware 1828a
CVE-2018-5926 MEDIUM

A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
hp remote_graphics_software *
CVE-2018-5927 MEDIUM

HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2018-6490 HIGH

Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp operations_orchestration 10.0
CVE-2018-6492 MEDIUM

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp network_automation 10.50
hp network_operations_management_ultimate 2017.07
hp network_automation 10.10
hp network_automation 10.30
hp network_operations_management_ultimate 2018.02
hp network_automation 10.00
hp network_operations_management_ultimate 2017.11
hp network_automation 10.20
hp network_automation 10.11
hp network_automation 10.40
CVE-2018-6493 MEDIUM

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp network_automation 10.50
hp network_operations_management_ultimate 2017.07
hp network_automation 10.10
hp network_automation 10.30
hp network_operations_management_ultimate 2018.02
hp network_automation 10.00
hp network_operations_management_ultimate 2017.11
hp network_automation 10.20
hp network_automation 10.11
hp network_automation 10.40
CVE-2018-6500 MEDIUM

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp arcsight_management_center *
CVE-2018-6501 MEDIUM

Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_management_center *
CVE-2018-6502 MEDIUM

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_management_center *
CVE-2018-6503 MEDIUM

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_management_center *
CVE-2018-6505 MEDIUM

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_management_center *
CVE-2018-7058 HIGH

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2018-7059 MEDIUM

Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp aruba_clearpass_policy_manager *
CVE-2018-7068 MEDIUM

HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management *
CVE-2018-7069 MEDIUM

HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management *
CVE-2018-7070 MEDIUM

HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp centralview_fraud_risk_management *
CVE-2018-7071 MEDIUM

HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp network_function_virtualization_director 4.2.1
hp network_function_virtualization_director *
CVE-2018-7072 HIGH

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-668,

Products Affected

Vendor Product Version
hp moonshot_provisioning_manager *
CVE-2018-7073 LOW

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

CVSS 2.0

Severity: LOW

Problem Type: CWE-668,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
hp moonshot_provisioning_manager *
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
CVE-2018-7074 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2018-7075 MEDIUM

A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2018-7076 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7077 MEDIUM

A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp xp_p9000_configuration_manager *
hp xp_p9000_device_manager *
CVE-2018-7078 HIGH

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_5_firmware *
CVE-2018-7090 MEDIUM

HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp xp_9000_command_view *
CVE-2018-7091 MEDIUM

HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
hp xp_9000_command_view *
CVE-2018-7092 MEDIUM

A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
CVE-2018-7093 HIGH

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_5_firmware *
hp moonshot_chassis_manager_firmware *
hp integrated_lights-out_3_firmware *
hp moonshot_component_pack_firmware *
CVE-2018-7095 HIGH

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_service_provider sp-4.2.0
hp 3par_service_provider sp-4.4.0
hp 3par_service_provider sp-4.3.0
CVE-2018-7096 HIGH

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_service_provider sp-4.2.0
hp 3par_service_provider sp-4.4.0
hp 3par_service_provider sp-4.3.0
CVE-2018-7097 MEDIUM

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp 3par_service_provider sp-4.2.0
hp 3par_service_provider sp-4.4.0
hp 3par_service_provider sp-4.3.0
CVE-2018-7098 LOW

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp 3par_service_provider sp-4.2.0
hp 3par_service_provider sp-4.4.0
hp 3par_service_provider sp-4.3.0
CVE-2018-7099 LOW

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_service_provider sp-4.2.0
hp 3par_service_provider sp-4.4.0
hp 3par_service_provider sp-4.3.0
CVE-2018-7100 LOW

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp officeconnect_1810-48g_switch_firmware *
hp officeconnect_1810-24g_switch_firmware *
hp officeconnect_1810-8_v2_switch_firmware *
CVE-2018-7101 MEDIUM

A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_5_firmware *
CVE-2018-7102 MEDIUM

A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7103 HIGH

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center_wireless_services_manager_software 7.3
hp intelligent_management_center_wireless_services_manager_software *
CVE-2018-7104 HIGH

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center_wireless_services_manager_software 7.3
hp intelligent_management_center_wireless_services_manager_software *
CVE-2018-7105 HIGH

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_5_firmware *
hp integrated_lights-out_3_firmware *
CVE-2018-7109 MEDIUM

HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp enhanced_internet_usage_manager 9.0
CVE-2018-7111 MEDIUM

A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_internet_of_things 1.4.0
hp universal_internet_of_things 1.4.1
hp universal_internet_of_things 1.4.2
hp universal_internet_of_things 1.5
hp universal_internet_of_things 1.2.4.2
CVE-2018-7112 MEDIUM

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp proliant_bl490c_g7_server_blade_firmware *
hp proliant_dl380p_gen8_server_firmware *
hp proliant_dl380e_gen8_server_firmware *
hp proliant_dl120_g7_server_firmware *
hp proliant_xl270d_gen9_accelerator_tray_firmware *
hp proliant_dl585_g7_server_(amd)_firmware *
hp proliant_xl450_gen9_server_firmware *
hp proliant_dl60_gen9_server_firmware *
hp proliant_bl465c_gen8_(amd)_firmware *
hp proliant_ml310e_gen8_v2_server_firmware *
hp proliant_ml110_gen9_server_firmware *
hp proliant_dl385_g7_server_firmware *
hp proliant_ml10_gen9_server_firmware *
hp integrated_lights-out_3_firmware *
hp proliant_ml350e_gen8_server_firmware *
hp proliant_thin_micro_tm200_server_firmware *
hp proliant_ml310e_gen8_server_firmware *
hp proliant_dl160_g6_server_firmware *
hp proliant_ml330_g6_server_firmware *
hp proliant_ml350p_gen8_server_firmware *
hp proliant_ml150_g6_server_firmware *
hp proliant_microserver_gen8_firmware *
hp proliant_bl460c_g7_server_blade_firmware *
hp proliant_dl320e_gen8_v2_server_firmware *
hp integrated_lights-out_2_firmware *
hp proliant_ml110_g6_server_firmware *
hp proliant_ml350e_gen8_v2_server_firmware *
hp proliant_dl180_g6_server_firmware *
hp proliant_bl460c_gen9_server_blade_firmware *
hp proliant_ws460c_gen9_workstation_firmware *
hp proliant_dl380_gen9_server_firmware *
hp proliant_dl80_gen9_server_firmware *
hp proliant_xl260a_gen9_server_firmware *
hp proliant_xl230a_gen9_server_firmware *
hp proliant_ml30_gen9_server_firmware *
hp proliant_dl580_g7_server_firmware *
hp proliant_dl560_gen9_server_firmware *
hp proliant_xl270d_gen9_server_firmware *
hp proliant_dl360_g6_server_firmware *
hp proliant_bl460c_g6_server_blade_firmware *
hp proliant_sl4545_g7_server_(amd)_firmware 2018.03.14(a)
hp proliant_dl380_g6_server_firmware *
hp proliant_ml350_gen9_server_firmware *
hp proliant_sl170z_g6_server_firmware *
hp proliant_bl465c_g7_server_blade_firmware *
hp proliant_dl360e_gen8_server_firmware *
hp proliant_dl560_gen8_server_firmware *
hp proliant_m710_server_cartridge_firmware *
hp proliant_m510_server_cartridge_firmware *
hp proliant_xl170r_gen9_server_firmware *
hp proliant_dl160_gen9_server_firmware *
hp proliant_dl20_gen9_server_firmware *
hp proliant_sl4540_gen8_1_node_server_firmware *
hp proliant_bl420c_gen8_server_firmware *
hp proliant_ml370_g6_server_firmware *
hp proliant_dl170e_g6_server_firmware *
hp proliant_dl980_g7_server_firmware *
hp proliant_dl370_g6_server_firmware *
hp proliant_bl2x220c_g6_server_blade_firmware *
hp proliant_xl750f_gen9_server_firmware *
hp proliant_xl730f_gen9_server_firmware *
hp proliant_dl380_g7_server_firmware -
hp proliant_dl360p_gen8_server_firmware *
hp integrated_lights-out_4_firmware *
hp proliant_xl190r_gen9_server_firmware *
hp proliant_ml10_v2_server_firmware *
hp proliant_ml350_g6_server_firmware *
hp proliant_bl620c_g7_server_blade_firmware *
hp proliant_sl390s_g7_server_firmware *
hp proliant_dl180_gen9_server_firmware *
hp proliant_m710p_server_cartridge_firmware *
hp proliant_m300_server_cartridge_firmware *
hp proliant_bl680c_g7_server_blade_firmware *
hp proliant_dl320e_gen8_server_firmware *
hp proliant_m350_server_cartridge_firmware *
hp proliant_bl685c_g7_server_blade_(amd)_firmware *
hp proliant_dl170h_g6_server_firmware *
hp proliant_dl385p_gen8_(amd)_firmware *
hp proliant_bl660c_gen8_server_blade_firmware *
hp proliant_bl280c_g6_server_bladefirmware *
hp proliant_ml150_gen9_server_firmware *
hp proliant_bl460c_gen8_server_blade_firmware *
hp proliant_dl360_g7_server_firmware *
hp proliant_m710x_server_cartridge_firmware *
hp proliant_sl210t_gen8_server_firmware *
hp proliant_dl580_gen8_server_firmware *
hp proliant_bl2x220c_g7_server_blade_firmware *
hp proliant_xl250a_gen9_server_firmware *
hp proliant_ml110_g7_server_firmware *
hp proliant_sl270s_gen8_server_firmware *
hp proliant_dl320_g6_server_firmware *
hp proliant_bl660c_gen9_server_firmware *
hp proliant_bl490c_g6_server_blade_firmware *
hp proliant_xl740f_gen9_server_firmware *
hp proliant_sl160s_g6_server_firmware *
hp proliant_dl120_g6_server_firmware *
hp proliant_sl2x170z_g6_server_firmware *
hp proliant_dl120_gen9_server_firmware *
hp proliant_dl160_gen8_server_firmware *
hp proliant_sl250s_gen8_server_firmware *
hp proliant_dl360_gen9_server_firmware *
CVE-2018-7113 HIGH

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_5_firmware *
CVE-2018-7114 HIGH

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7115 MEDIUM

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7116 MEDIUM

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7117 MEDIUM

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_5_firmware *
CVE-2018-7118 MEDIUM

A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_pack_for_proliant *
CVE-2018-7119 LOW

A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nonstop_standard_security_h_series *
hp nonstop_safeguard_l_series *
hp nonstop_safeguard_j_series *
hp nonstop_standard_security_j_series *
hp nonstop_standard_security_l_series *
hp nonstop_safeguard_h_series *
CVE-2018-7120 HIGH

A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp synergy_firmware 5.00.50
CVE-2018-7121 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7122 MEDIUM

A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7123 HIGH

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7124 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-7125 MEDIUM

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2018-9069 HIGH

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
lenovo v310-14ikb_firmware *
hp lenovo_y520-15ikba_firmware *
hp xiaoxinair13ikbpro_firmware *
hp 310s-14isk_firmware *
hp lenovo_ideapad_320-15ikb(i+n)_firmware -
hp lenovo_ideapad_320-14ikb(i+a)_firmware -
hp lenovo_ideapad_320-14ikb(i+n)_firmware -
lenovo v310-14isk_firmware *
hp 320-15ikbra_firmware *
lenovo e52-80_firmware *
hp yoga_510-14isk_firmware *
hp 520s-14ikb_firmware *
hp lenovo_ideapad_320-15abr_firmware -
hp yoga_310-11iap_firmware *
lenovo v510-14ikb_firmware *
hp b320-14ikb_firmware -
hp 320s-15isk_firmware *
lenovo v510-15ikb_firmware *
hp flex_5-1470_firmware *
hp lenovo_ideapad_y520-15ikbn_firmware -
hp lenovo_tianyi_310-15ikb_firmware -
hp lenovo_ideapad_520s-14ikbr_firmware -
hp lenovo_tianyi_310-14ikb_firmware -
hp 710s_plus_touch-13ikb_firmware *
hp lenovo_ideapad_320s-15ikbr_firmware -
hp lenovo_ideapad_320s-14ikbr_firmware -
hp 710s_plus-13ikb_16g_firmware *
hp nano110-14ikb_firmware -
hp r720-15ikbn_firmware *
hp lenovo_y520-15ikbm_firmware *
lenovo v310-15isk_firmware *
hp 320s-14ikb *
hp r720-15ikba_firmware *
hp 320-15ikbrn_firmware *
hp lenovo_ideapad_720s-14ikb_firmware *
hp ideapad_2in1_14_firmware -
hp y520-15ikba_firmware *
hp yoga_720-15ikb_firmware *
hp 320-15ikbrn_touch_firmware *
hp yoga_720-13ikbr_firmware *
hp miix_720-12ikb *
lenovo e42-80_firmware *
hp flex_4-1470_firmware *
hp lenovo_ideapad_flex_5-1570_firmware *
hp v330-14isk_firmware *
hp lenovo_v720-14_firmware *
hp v330-14ikb_firmware *
hp 7000-15_u42_firmware *
hp y520-15ikbn_firmware *
hp rescuer_y520-15ikbm_firmware *
hp lenovo_y720-15ikb_firmware *
hp lenovo_yoga_520-14ikb_firmware *
hp yoga_720-13ikb_firmware *
hp 510s-14isk_firmware *
hp 320-17ikbrn *
hp y720-15ikb_firmware *
hp lenovo_ideapad_flex_5-1470_firmware *
hp e43-80_kbl_firmware *
hp 720s-13ikb_firmware *
hp rescuer_r720-15ikbm_firmware *
hp 320s-15ikb_firmware *
hp 520-15ikbrn_firmware *
hp nano110-15ikb_firmware *
hp 710s_plus-3ikb_firmware *
hp flex_5-1570_firmware *
lenovo v310-15ikb_firmware *
hp 7000_u42_firmware *
hp lenovo_yoga_520-15ikb_firmware *
CVE-2019-10627 HIGH

Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-131,CWE-190,

Products Affected

Vendor Product Version
hp k9z76d_firmware *
hp j6u51b_firmware *
hp k9z74a_firmware *
hp d3q21a_firmware *
hp d3q15a_firmware *
hp j9v82d_firmware *
hp d3q20c_firmware *
hp j9v80a_firmware *
hp d9l64a_firmware *
hp t0g70a_firmware *
hp j6u55a_firmware *
hp j9v82a_firmware *
hp k9z76a_firmware *
hp d3q20b_firmware *
hp j3p68a_firmware *
hp d3q19a_firmware *
hp k9z74d_firmware *
hp d3q21c_firmware *
hp d3q20a_firmware *
hp d3q19d_firmware *
hp w2z53b_firmware *
hp j6u57b_firmware *
hp w2z52b_firmware *
hp d3q17a_firmware *
hp d3q16d_firmware *
hp d3q20d_firmware *
hp d3q15d_firmware *
hp d3q15b_firmware *
hp j3p65a_firmware *
hp 2dr21d_firmware *
hp d9l63a_firmware *
hp d3q21b_firmware *
hp j9v78b_firmware *
hp d3q19b_firmware *
qualcomm ips *
hp j9v80b_firmware *
hp k9z76b_firmware *
hp j6u55d_firmware *
hp d3q17d_firmware *
hp d3q21d_firmware *
hp d3q16a_firmware *
hp j6u57a_firmware *
CVE-2019-11135 LOW

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
hp proliant_dl20_firmware *
intel pentium_6405u_firmware -
hp proliant_dl180_firmware *
intel xeon_3206r_firmware -
redhat enterprise_linux_server_tus 7.6
hp apollo_4200_firmware *
intel xeon_8260y_firmware -
intel xeon_5215m_firmware -
intel xeon_6238l_firmware -
oracle zfs_storage_appliance_kit 8.8
redhat enterprise_linux_server_aus 7.6
intel xeon_6230n_firmware -
redhat enterprise_linux_server_aus 8.4
intel core_i7-9850h_firmware -
opensuse leap 15.1
intel core_i9-9900k_firmware -
intel core_i5-9600kf_firmware -
intel xeon_4216r_firmware -
hp proliant_ml30_firmware *
debian debian_linux 8.0
intel xeon_6230t_firmware -
intel xeon_6240l_firmware -
intel xeon_5215_firmware -
intel core_i7-9750hf_firmware -
intel xeon_w-3223_firmware -
intel xeon_6244_firmware -
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.6
intel core_i5-8210y_firmware -
intel core_i5-9300h_firmware -
intel xeon_8268_firmware -
redhat enterprise_linux_server_tus 7.7
intel xeon_w-2265_firmware -
intel xeon_8280m_firmware -
intel core_i9-9900kf_firmware -
intel xeon_w-3245_firmware -
hp proliant_bl460c_firmware *
hp proliant_xl190r_firmware *
intel xeon_5218n_firmware -
debian debian_linux 10.0
opensuse leap 15.0
intel core_i5-10210u_firmware -
hp proliant_dl580_firmware *
intel xeon_e-2278ge_firmware -
hp proliant_e910_firmware *
intel core_i9-9880h_firmware -
intel xeon_w-3275m_firmware -
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
intel xeon_5217_firmware -
intel core_i5-8200y_firmware -
intel xeon_6242_firmware -
intel xeon_5220s_firmware -
debian debian_linux 9.0
hp proliant_ml350_firmware *
hp apollo_2000_firmware *
intel xeon_8256_firmware -
intel xeon_e-2288g_firmware -
redhat codeready_linux_builder 8.0
hp proliant_xl230k_firmware *
redhat enterprise_linux_server_tus 8.4
intel core_i7-9700k_firmware -
intel celeron_5305u_firmware -
intel xeon_6240_firmware -
intel core_i5-8365u_firmware -
hp proliant_xl450_firmware *
intel xeon_6246_firmware -
intel core_i7-8500y_firmware -
intel xeon_9220_firmware -
intel xeon_8270_firmware -
redhat enterprise_linux_server_tus 8.2
intel core_i5-10110y_firmware -
redhat codeready_linux_builder_eus 8.6
hp proliant_dl120_firmware *
intel xeon_6230_firmware -
intel xeon_4209t_firmware -
redhat enterprise_linux 8.0
intel xeon_6240m_firmware -
intel xeon_w-2235_firmware -
intel core_i5-10210y_firmware -
redhat enterprise_linux_eus 8.6
intel xeon_w-2295_firmware -
intel xeon_9282_firmware -
fedoraproject fedora 30
intel xeon_8276l_firmware -
intel xeon_8260l_firmware -
intel core_i9-9980hk_firmware -
hp proliant_xl170r_firmware *
redhat enterprise_linux_desktop 7.0
intel xeon_9221_firmware -
intel xeon_5222_firmware -
intel xeon_6254_firmware -
intel xeon_5220_firmware -
intel xeon_8276_firmware -
intel xeon_4210r_firmware -
intel xeon_6252_firmware -
redhat virtualization_manager 4.2
intel xeon_4210_firmware -
canonical ubuntu_linux 14.04
intel xeon_5220r_firmware -
intel xeon_5215r_firmware -
hp proliant_dl380_firmware *
hp synergy_660_firmware *
intel xeon_6252n_firmware -
redhat enterprise_linux_eus 8.2
intel xeon_5218t_firmware -
intel xeon_w-2255_firmware -
intel core_i7-10510u_firmware -
intel core_i7-9700kf_firmware -
intel xeon_6248_firmware -
intel xeon_w-3275_firmware -
intel xeon_9222_firmware -
intel core_i7-8665u_firmware -
intel xeon_w-3265_firmware -
hp proliant_xl270d_firmware *
intel xeon_6238_firmware -
intel xeon_8280l_firmware -
intel xeon_8260m_firmware -
intel xeon_4214r_firmware -
hp proliant_dl160_firmware *
intel xeon_8260_firmware -
intel xeon_6238m_firmware -
intel xeon_w-2223_firmware -
redhat enterprise_linux_server_aus 8.6
intel xeon_8280_firmware -
hp proliant_dl360_firmware *
intel xeon_9242_firmware -
intel xeon_8253_firmware -
intel core_i5-9400_firmware -
intel xeon_e-2278g_firmware -
intel xeon_6262v_firmware -
intel xeon_e-2278gel_firmware -
redhat codeready_linux_builder_eus 8.4
intel xeon_5218_firmware -
intel xeon_6240y_firmware -
intel xeon_3204_firmware -
redhat codeready_linux_builder_eus 8.2
intel core_i5-8310y_firmware -
intel xeon_5218b_firmware -
intel core_i5-8265u_firmware -
redhat enterprise_linux_eus 7.6
intel xeon_e-2286m_firmware -
intel xeon_4208_firmware -
intel core_i5-9400h_firmware -
redhat codeready_linux_builder_eus 8.1
intel core_i5-9400f_firmware -
intel xeon_6226_firmware -
intel xeon_8276m_firmware -
intel core_m3-8100y_firmware -
intel xeon_4214c_firmware -
intel xeon_6222v_firmware -
intel xeon_4216_firmware -
intel core_i5-10310y_firmware -
hp synergy_480_firmware *
intel xeon_5220t_firmware -
intel xeon_4208r_firmware -
intel xeon_w-2225_firmware -
intel xeon_6238t_firmware -
intel xeon_w-2245_firmware -
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.1
intel xeon_5215l_firmware -
intel xeon_6234_firmware -
redhat enterprise_linux_eus 7.7
intel core_i7-8565u_firmware -
intel xeon_w-2275_firmware -
hp proliant_ml110_firmware *
intel xeon_4215_firmware -
hp proliant_dl560_firmware *
intel core_i7-10510y_firmware -
slackware slackware 14.2
intel xeon_w-3225_firmware -
intel xeon_w-3265m_firmware -
intel xeon_4214y_firmware -
intel xeon_4214_firmware -
redhat enterprise_linux_workstation 7.0
intel core_i5-9600k_firmware -
intel xeon_w-3245m_firmware -
intel xeon_w-3235_firmware -
CVE-2019-11655 MEDIUM

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-11656 LOW

Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_logger *
hp arcsight_logger 6.7.1
CVE-2019-11941 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11942 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11943 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11944 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11945 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11946 MEDIUM

A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11947 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11948 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11949 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11950 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11951 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11952 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11953 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11954 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11955 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11956 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11957 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11958 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11959 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11960 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11961 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11962 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11963 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11964 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11965 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11966 HIGH

A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-312,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11967 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11968 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11969 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11970 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11971 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11972 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11973 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11974 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11975 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11976 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11977 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11978 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11979 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11980 HIGH

A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11982 HIGH

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_5_firmware *
CVE-2019-11983 HIGH

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp integrated_lights-out_4_firmware *
hp integrated_lights-out_5_firmware *
CVE-2019-11984 HIGH

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11985 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11986 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-11989 HIGH

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp icewall_sso_agent 11.0
hp mfa_proxy 4.0
hp icewall_sso_agent 10.0
CVE-2019-11990 HIGH

Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_internet_of_things 1.4.0
hp universal_internet_of_things 1.6
hp universal_internet_of_things 1.4.1
hp universal_internet_of_things 1.4.2
hp universal_internet_of_things 1.5
hp universal_internet_of_things 1.2.4.2
CVE-2019-11991 HIGH

HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-11992 MEDIUM

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp oneview_for_vmware_vcenter 9.5
CVE-2019-11993 HIGH

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp simplivity_380_gen9_firmware *
hp simplivity_2600_gen10_firmware *
hp simplivity_omnicube_firmware *
hp simplivity_omnistack_for_dell_firmware *
hp simplivity_380_gen10_firmware *
hp simplivity_omnistack_for_cisco_firmware *
hp simplivity_omnistack_for_lenovo_firmware *
hp simplivity_380_gen10_g_firmware *
CVE-2019-11994 HIGH

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp simplivity_380_gen9_firmware *
hp simplivity_2600_gen10_firmware *
hp simplivity_omnicube_firmware *
hp simplivity_omnistack_for_dell_firmware *
hp simplivity_380_gen10_firmware *
hp simplivity_omnistack_for_cisco_firmware *
hp simplivity_omnistack_for_lenovo_firmware *
hp simplivity_380_gen10_g_firmware *
CVE-2019-11995 MEDIUM

Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_internet_of_things 1.2.4.0
hp universal_internet_of_things 1.2.4.1
hp universal_internet_of_things 1.2.4.2
CVE-2019-11997 MEDIUM

A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp enhanced_internet_usage_manager 9.0
hp enhanced_internet_usage_manager 8.3
CVE-2019-12000 MEDIUM

HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
hp mse_msg_gw_application_e-ltu *
CVE-2019-16240 MEDIUM

A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp pagewide_pro_477dn_d3q19b_firmware *
hp pagewide_pro_477dw_d3q20c_firmware *
hp pagewide_managed_p55250dw_j6u55a_firmware *
hp pagewide_pro_577dw_d3q21b_firmware *
hp pagewide_managed_p55250dw_j6u51b_firmware *
hp pagewide_pro_577dw_d3q21d_firmware *
hp pagewide_pro_552dw_d3q17d_firmware *
hp pagewide_pro_452dn_d3q15d_firmware *
hp pagewide_managed_p57750dw_j9v82a_firmware *
hp pagewide_pro_477dw_d3q20a_firmware *
hp pagewide_pro_452dn_d3q15a_firmware *
hp pagewide_pro_452dw_d3q16a_firmware *
hp pagewide_pro_577dw_d3q21a_firmware *
hp pagewide_377dw_j9v80b_firmware *
hp officejet_pro_8210_d9l63a_firmware *
hp pagewide_pro_577dw_d3q21c_firmware *
hp pagewide_managed_p52750dw_j9v82d_firmware *
hp pagewide_managed_p52750dw_j9v78b_firmware *
hp pagewide_pro_477dw_d3q20b_firmware *
hp pagewide_pro_577z_k9z76a_firmware *
hp pagewide_pro_477dw_w2z53b_firmware *
hp pagewide_pro_552dw_d3q17a_firmware *
hp pagewide_pro_452dw_d3q16d_firmware *
hp pagewide_pro_577z_k9z76d_firmware *
hp pagewide_377dw_j9v80a_firmware *
hp officejet_pro_8210_j3p65a_firmware *
hp pagewide_352dw_j6u57a_firmware *
hp pagewide_pro_552dw_2dr21d_firmware *
hp pagewide_pro_577z_k9z76b_firmware *
hp pagewide_352dw_j6u57b_firmware *
hp pagewide_pro_477dn_d3q19a_firmware *
hp pagewide_pro_452dw_w2z52b_firmware *
hp pagewide_managed_p52750dw_j9v82a_firmware *
hp officejet_pro_8210_d9l64a_firmware *
hp officejet_pro_8210_j3p68a_firmware *
hp pagewide_pro_452dn_d3q15b_firmware *
hp pagewide_managed_p55250dw_j6u55d_firmware *
hp pagewide_pro_477dw_d3q20d_firmware *
hp pagewide_managed_p57750dw_j9v78b_firmware *
hp pagewide_pro_552dw_k9z74a_firmware *
hp officejet_pro_8210_t0g70a_firmware *
hp pagewide_pro_477dn_d3q19d_firmware *
hp pagewide_managed_p57750dw_j9v82d_firmware *
hp pagewide_pro_552dw_k9z74d_firmware *
CVE-2019-16283

A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.

Products Affected

Vendor Product Version
hp softpaq_installer 4.0.100.1189
CVE-2019-16284 HIGH

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp zbook_15_g3_firmware *
hp elitedesk_800_g2_dm_firmware *
hp probook_11_g1_firmware *
hp prodesk_600_g2_sff_firmware *
hp prodesk_405_g2_mt_firmware *
hp 348_g3_firmware *
hp probook_470_g3_firmware *
hp elitedesk_800_g2_sff_firmware *
hp probook_450_g3_firmware *
hp 340_g3_firmware *
hp zbook_15u_g2_firmware *
hp elitebook_1030_g1_firmware *
hp probook_11_g2_firmware *
hp prodesk_400_g3_sff_firmware *
hp rp9_g1_retail_system_9018_firmware *
hp elitebook_820_g3_firmware *
hp prodesk_400_g1_dm_firmware *
hp probook_440_g1_firmware *
hp probook_430_g3_firmware *
hp elitebook_820_g1_firmware *
hp probook_430_g2_firmware *
hp proone_600_g2_aio_firmware *
hp probook_x360_11_g1_firmware *
hp 260_g1_dm_firmware *
hp elitebook_850_g3_firmware *
hp elitebook_folio_g1_firmware *
hp probook_440_g3_firmware *
hp elitebook_750_g1_firmware *
hp z240_tower_firmware *
hp probook_650_g1_firmware *
hp elitedesk_800_g2_twr_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_revolve_810_g3_firmware *
hp prodesk_485_g2_mt_firmware *
hp prodesk_498_g2_mt_firmware *
hp elitebook_folio_1040_g3_firmware *
hp elite_slice_firmware *
hp probook_640_g2_firmware *
hp 346_g3_firmware *
hp prodesk_490_g3_sff_firmware *
hp pro_tablet_10_ee_g1_firmware *
hp prodesk_600_g2_dm_firmware *
hp zbook_17_g3_firmware *
hp sprout_pro_firmware *
hp elitebook_820_g2_firmware *
hp elitebook_848_g3_firmware *
hp elite_x2_1011_g1_firmware *
hp zbook_15_g2_firmware *
hp pro_tablet_608_g1_firmware *
hp elitebook_850_g2_firmware *
hp elitebook_840_g2_firmware *
hp z2_mini_g3_firmware *
hp pro_x2_612_g1_firmware *
hp eliteone_800_g2_aio_firmware *
hp elitebook_850_g1_firmware *
hp 348_g4_firmware *
hp pro_tablet_610_g1_firmware *
hp probook_450_g1_firmware *
hp proone_400_g2_aio_firmware *
hp elitebook_revolve_810_g2_firmware *
hp elitebook_720_g2_firmware *
hp z238_microtower_firmware *
hp zbook_17_firmware *
hp probook_430_g1_firmware *
hp elitebook_840_g3_firmware *
hp 285_g2_firmware *
hp probook_650_g2_firmware *
hp elitebook_folio_9480m_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_15_firmware *
hp probook_640_g1_firmware *
hp probook_450_g2_firmware *
hp prodesk_480_g3_sff_firmware *
hp elitebook_folio_1020_g1_firmware *
hp 280_pro_g1_firmware *
hp elitebook_1040_g2_firmware *
hp zbook_14_firmware *
hp probook_440_g2_firmware *
hp rp2_retail_system_firmware *
hp 340_g4_firmware *
hp elitebook_840_g1_firmware *
hp prodesk_400_g2.5_sff_firmware *
hp 346_g4_firmware *
hp prodesk_490_g2_mt_firmware *
hp prodesk_498_g3_sff_firmware *
hp elitebook_750_g2_firmware *
hp zbook_17_g2_firmware *
hp rp9_g1_retail_system_9015_firmware *
hp mp9_g2_retail_system_firmware *
hp prodesk_400_g2_dm_firmware *
hp elitebook_folio_1040_g1_firmware *
hp elitebook_828_g3_firmware *
hp zbook_14_g2_firmware *
hp z1_g3_firmware *
hp elitebook_740_g1_firmware *
hp elitepad_1000_g2_firmware *
hp probook_470_g2_firmware *
hp elitebook_740_g2_firmware *
hp z240_sff_firmware *
hp elitebook_720_g1__firmware *
hp probook_470_g1_firmware *
hp zbook_15u_g3_firmware *
CVE-2019-16285 LOW

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp thinpro_linux 6.2
hp thinpro_linux 7.1
hp thinpro_linux 7.0
hp thinpro_linux 6.2.1
CVE-2019-16286 MEDIUM

An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp thinpro_linux 6.2
hp thinpro_linux 7.1
hp thinpro_linux 7.0
hp thinpro_linux 6.2.1
CVE-2019-16287 HIGH

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp thinpro 6.2.1
hp thinpro 6.2
hp thinpro 7.1
hp thinpro 7.0
CVE-2019-18567 LOW

Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,CWE-125,

Products Affected

Vendor Product Version
hp bromium *
CVE-2019-18618 LOW

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_t25_(20k7)_firmware *
synaptics vfs75xx_firmware 5.5.2810.1050
lenovo thinkpad_p51_firmware *
lenovo thinkpad_x380_yoga_firmware *
synaptics vfs75xx_firmware 5.5.2734.1050
hp zbook_14u_g5_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thankpad_a475_firmware *
hp elitebook_x360_1030_g4_firmware *
synaptics vfs75xx_firmware 5.1.3507.26
hp elitebook_x360_1030_g2_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_t570(20jx)_firmware *
lenovo thankpad_a485_firmware *
hp elitebook_846_g5_firmware *
lenovo thinkpad_p1_gen_2_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x390_yoga_firmware *
synaptics vfs75xx_firmware 5.2.5024.26
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_x1_carbon_(20hx)_firmware *
hp zbook_14u_g6_firmware *
synaptics vfs75xx_firmware 5.5.512.1051
synaptics vfs75xx_firmware 5.5.4.1116
hp elitebook_x360_1020_g2_firmware *
hp pavilion_x360_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_846_g6_firmware *
hp elitebook_745_g5_firmware *
lenovo thinkpad_e585_firmware *
hp elitebook_1040_g4_firmware *
lenovo thinkpad_t490s_firmware *
synaptics vfs75xx_firmware 5.3.3541.26
lenovo thinkpad_p73_firmware *
hp probook_440_g6_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp elite_x2_1012_g2_firmware *
synaptics vfs75xx_firmware 5.2.3109.26
hp zbook_studio_x360_g5_firmware *
lenovo thinkpad_p70_firmware *
hp elitebook_1050_g1_firmware *
lenovo thinkpad_s3_firmware *
hp elite_x2_1013_g3_firmware *
hp mt45_firmware *
lenovo thinkpad_p50_firmware *
synaptics vfs75xx_firmware 5.5.17.1102
lenovo thinkpad_x1_yoga_firmware *
hp envy_x360_firmware *
hp zbook_15u_g5_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_x1_carbon_(20kx)_firmware *
lenovo thinkpad_p51s_(20hx)_firmware *
hp probook_650_g5_firmware *
lenovo thinkpad_p52_firmware *
synaptics vfs75xx_firmware 5.1.337.26
lenovo thinkpad_x1_tablet_(20jx)_firmware *
synaptics vfs75xx_firmware 5.2.3530.26
hp elitebook_745_g6_firmware *
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_t570_(20hx)_firmware *
hp eliteone_1000_g1_firmware *
lenovo thinkpad_t490_firmware *
hp eliteone_1000_g2_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_e490s_firmware *
hp elitebook_840_g6_firmware *
lenovo thinkpad_t470_(20hx)_firmware *
hp elite_slice_firmware *
lenovo thinkpad_t470s_(20hx)_firmware *
hp elitebook_840_g5_firmware *
hp spectre_x360_firmware *
lenovo thinkpad_25_firmware *
hp elitebook_x360_1040_g6_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_p43s_firmware *
hp mt44_firmware *
synaptics vfs75xx_firmware 5.5.10.1100
lenovo thinkpad_t470_(20jx)_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
lenovo thinkpad_t470p_firmware *
hp zhan_x_13_g2_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp probook_455_g6_firmware *
lenovo thinkpad_s1_3rd_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
hp zbook_15_g6_firmware *
hp elitebook_846_g6_healthcare_edition_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp probook_430_g6_firmware *
lenovo thinkpad_x1_yoga_(20jx)_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_p51s_(20jx)_firmware *
lenovo thinkpad_p51s_(20kx)_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_p71_(20hx)_firmware *
hp elitebook_735_g5_firmware *
hp elite_x2_g4_firmware *
synaptics vfs75xx_firmware 5.5.502.79
synaptics vfs75xx_firmware 5.2.524.26
lenovo thinkpad_r590_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_yoga_s1_firmware *
hp zbook_15u_g6_firmware *
lenovo thinkpad_e485_firmware *
lenovo thinkpad_e590_firmware *
synaptics vfs75xx_firmware 5.2.320.26
lenovo thinkpad_p53_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_x390_firmware *
hp zbook_17_g5_firmware *
lenovo thinkpad_t590_firmware *
lenovo thinkpad_x270_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_830_g6_firmware *
lenovo thinkpad_yoga_260_firmware *
hp probook_445_g6_firmware *
hp zbook_studio_g5_firmware *
lenovo thinkpad_a275_firmware *
hp elitebook_836_g5_firmware *
hp elitebook_846_g5_healthcare_edition_firmware *
lenovo thinkpad_p72_firmware *
synaptics vfs75xx_firmware 5.5.17.1099
hp elitebook_x360_1040_g5_firmware *
synaptics vfs75xx_firmware 5.5.35.1058
lenovo thinkpad_t470s_(20jx)_firmware *
hp zbook_15_g5_firmware *
lenovo thinkpad_e480_firmware *
synaptics vfs75xx_firmware 5.5.10.1106
hp zhan_66_pro_15_g2_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
synaptics vfs75xx_firmware 5.5.8.1092
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_r490_firmware *
hp elitebook_830_g5_firmware *
lenovo thinkpad_l580_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
hp zbook_17_g6_firmware *
hp probook_455r_g6_firmware *
synaptics vfs75xx_firmware 5.1.5.51
CVE-2019-18619 MEDIUM

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-763,

Products Affected

Vendor Product Version
lenovo thinkpad_t25_(20k7)_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_x380_yoga_firmware *
synaptics vfs75xx_firmware 5.5.2734.1050
lenovo thinkpad_p52s_firmware *
lenovo thankpad_a475_firmware *
hp pavilion_x360_14t-dh000_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_t570(20jx)_firmware *
synaptics vfs75xx_firmware 5.2.318.26
lenovo thankpad_a485_firmware *
hp envy_13-aq1xxx_firmware *
lenovo thinkpad_p1_gen_2_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_e490_firmware *
hp envy_x360_-_15t-dr100_(validity_fps)_firmware *
hp envy_15-dr0xxx_x360_(validity_fps)_firmware *
hp envy_x360_-_15t-cn000_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_x1_carbon_(20hx)_firmware *
synaptics vfs75xx_firmware 5.5.3.1116
lenovo thinkpad_e585_firmware *
hp envy_17m-ce1xxx_firmware *
lenovo thinkpad_t490s_firmware *
lenovo thinkpad_p73_firmware *
hp envy_15-cn1xxx_x360_firmware *
hp pavilion_x360_-_15t-dq000_firmware *
lenovo thinkpad_p70_firmware *
hp envy_15-dr1xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_s3_firmware *
hp pavilion_14m-dh0xxx_x360_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_x1_carbon_(20kx)_firmware *
lenovo thinkpad_p51s_(20hx)_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_x1_tablet_(20jx)_firmware *
synaptics vfs75xx_firmware 5.2.3530.26
lenovo thinkpad_t460s_firmware *
hp envy_15m-cn0xxx_x360_firmware *
hp envy_15-dr1xxx_x360_firmware *
hp envy_15m-dr0xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_t570_(20hx)_firmware *
hp envy_x360_-_15t-dr000_(validity_fps)_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_e490s_firmware *
hp envy_15m-dr1xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_t470_(20hx)_firmware *
hp pavilion_14-cd1xxx_x360_firmware *
lenovo thinkpad_t470s_(20hx)_firmware *
synaptics vfs75xx_firmware 5.5.8.1096
hp envy_-_17t-bw000_firmware *
hp spectre_x360_firmware *
lenovo thinkpad_25_firmware *
hp envy_15m-dr0xxx_x360_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_p43s_firmware *
synaptics vfs75xx_firmware 5.5.11.1106
hp pavilion_14-cd2xxx_x360_firmware *
hp envy_17-ce0xxx_firmware *
lenovo thinkpad_t470_(20jx)_firmware *
synaptics vfs75xx_firmware 6.0.32.1104
hp envy_17m-ce0xxx_firmware *
hp envy_15-dr0xxx_x360_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_s1_3rd_firmware *
synaptics vfs75xx_firmware 5.6.23.1000
hp pavilion_14m-cd0xxx_x360_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
hp envy_17m-bw0xxx_firmware *
synaptics vfs75xx_firmware 5.2.225.26
synaptics vfs75xx_firmware 5.3.3539.26
lenovo thinkpad_x1_yoga_(20jx)_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_p51s_(20jx)_firmware *
hp envy_17-bw0xxx_firmware *
lenovo thinkpad_p51s_(20kx)_firmware *
hp envy_15-cn0xxx_x360_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_x1_tablet_firmware *
hp envy_15m-dr1xxx_x360_firmware *
lenovo thinkpad_p71_(20hx)_firmware *
synaptics vfs75xx_firmware 6.0.14.1108
hp envy_-_13t-ah100_firmware *
hp pavilion_x360_-_15t-dq100_firmware *
synaptics vfs75xx_firmware 5.2.524.26
lenovo thinkpad_r590_firmware *
lenovo thinkpad_x280_firmware *
hp envy_-_17t-ce100_firmware *
lenovo thinkpad_yoga_s1_firmware *
lenovo thinkpad_e485_firmware *
lenovo thinkpad_e590_firmware *
hp pavilion_15_firmware *
synaptics vfs75xx_firmware 5.5.38.1058
lenovo thinkpad_p53_firmware *
lenovo thinkpad_x1_extreme_firmware *
hp envy_x360_-_15t-dr100_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_t590_firmware *
hp envy_-_17t-ce000_firmware *
lenovo thinkpad_x270_firmware *
hp envy_17-ce1xxx_firmware *
lenovo thinkpad_yoga_260_firmware *
synaptics vfs75xx_firmware 5.5.15.1102
synaptics vfs75xx_firmware 5.5.2811.1050
hp envy_13-ah1xxx_firmware *
lenovo thinkpad_a275_firmware *
synaptics vfs75xx_firmware 5.5.10.1093
lenovo thinkpad_p72_firmware *
hp envy_-_13t-aq100_firmware *
hp envy_13-ah0xxx_firmware *
hp pavilion_14-dh0xxx_x360_firmware *
lenovo thinkpad_t470s_(20jx)_firmware *
hp pavilion_x360_-_14t-cd000_firmware *
lenovo thinkpad_e480_firmware *
hp envy_x360_-_15t-dr000_firmware *
synaptics vfs75xx_firmware 6.0.42.1107
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_r490_firmware *
lenovo thinkpad_l580_firmware *
hp envy_13-aq0xxx_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
hp pavilion_x360_14t-cd100_firmware *
CVE-2019-18909 HIGH

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
hp thinpro 6.2.1
hp thinpro 6.2
hp thinpro 7.1
hp thinpro 7.0
CVE-2019-18910 MEDIUM

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
hp thinpro 6.2.1
hp thinpro 6.2
hp thinpro 7.1
hp thinpro 7.0
CVE-2019-18912 MEDIUM

A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp futuresmart_4 *
CVE-2019-18913 HIGH

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp elitedesk_800_g5_twr_firmware *
hp prodesk_400_g6_mt_firmware *
hp prodesk_480_g6_mt_firmware *
hp zbook_14u_g6_mobile_workstation_firmware *
hp zhan_x_13_g2_firmware *
hp prodesk_400_g5_dm_firmware *
hp probook_640_g5_firmware *
hp elitedesk_800_g5_dm_firmware *
hp proone_400_g5_aio_firmware *
hp elitebook_830_g6_firmware *
hp elitebook_x360_830_g6_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_846_g6_healthcare_edition_firmware *
hp probook_650_g5_firmware *
hp prodesk_600_g5_mt_firmware *
hp proone_600_g5_aio_firmware *
hp proone_440_g5_aio_firmware *
hp eliteone_800_g5_aio_firmware *
hp prodesk_600_g5_pci_mt_firmware *
hp elite_dragonfly_firmware *
hp zbook_17u_g6_mobile_workstation_firmware *
hp elitebook_840_g6_firmware *
hp prodesk_600_g5_dm_firmware *
hp prodesk_600_g5_sff_firmware *
hp elite_x2_g4_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_846_g6_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp elitebook_x360_1040_g6_firmware *
hp zbook_15u_g6_mobile_workstation_firmware *
hp elitedesk_800_g5_sff_firmware *
hp prodesk_400_g6_sff_firmware *
CVE-2019-18914 MEDIUM

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp futuresmart_4 *
hp futuresmart_3 *
CVE-2019-18915 HIGH

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
hp system_event_utility *
CVE-2019-18916 MEDIUM

A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
hp color_laserjet_pro_mfp_m277_b3q11a_firmware *
hp color_laserjet_pro_mfp_m277_b3q10v_firmware *
hp color_laserjet_pro_mfp_m277_b3q11v_firmware *
hp color_laserjet_pro_mfp_m277_b3q10a_firmware *
hp color_laserjet_pro_mfp_m277_b3q17a_firmware *
CVE-2019-18917 MEDIUM

A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
hp envy_5000_m2u85a_firmware *
hp deskjet_ink_advantage_5000_m2u89b_firmware *
hp envy_5000_m2u94b_firmware *
hp envy_5000_m2u85b_firmware *
hp envy_5000_z4a54a_firmware *
hp deskjet_ink_advantage_5000_m2u86a_firmware *
hp envy_5000_m2u91a_firmware *
hp envy_5000_z4a74a_firmware *
CVE-2019-19539 LOW

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
hp web_viewpoint_t0986 *
hp web_viewpoint_t0952 *
hp web_viewpoint_t0320 *
CVE-2019-2422 LOW

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
netapp snapmanager -
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
oracle jdk 11.0.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
netapp oncommand_unified_manager *
redhat enterprise_linux_server 6.0
opensuse leap 42.3
redhat enterprise_linux_server 7.6
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
oracle jre 11.0.1
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_eus 8.6
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
netapp oncommand_workflow_automation *
CVE-2019-2426 MEDIUM

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
oracle jdk 11.0.1
netapp oncommand_unified_manager *
oracle jre 11.0.1
netapp snapmanager -
opensuse leap 42.3
hp xp7_command_view *
oracle jdk 1.8.0
oracle jdk 1.7.0
netapp oncommand_workflow_automation *
oracle jre 1.8.0
CVE-2019-2602 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 9.0
redhat openshift_container_platform 3.11
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 19.10
opensuse leap 42.3
mcafee epolicy_orchestrator 5.9.0
redhat enterprise_linux_server_tus 8.2
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
oracle jdk 11.0.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_aus 8.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.6
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 11.0.2
opensuse leap 15.0
oracle jre 12
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
mcafee epolicy_orchestrator 5.9.1
oracle jdk 12
CVE-2019-2684 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 9.0
redhat openshift_container_platform 3.11
apache tomcat 9.0.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
opensuse leap 42.3
redhat enterprise_linux_server_tus 8.2
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
oracle jdk 11.0.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_aus 8.6
redhat satellite 5.8
apache cassandra 4.0.0
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
apache cassandra *
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.6
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
oracle jre 11.0.2
opensuse leap 15.0
apache tomcat *
oracle jre 12
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
oracle jdk 12
CVE-2019-2697 MEDIUM

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
redhat satellite 5.8
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
redhat enterprise_linux 8.0
CVE-2019-2698 MEDIUM

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 9.0
redhat openshift_container_platform 3.11
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
opensuse leap 42.3
redhat enterprise_linux_server_tus 8.2
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_aus 8.6
redhat satellite 5.8
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.6
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
CVE-2019-2745 LOW

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.4 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
oracle jdk 11.0.3
oracle jdk 1.8.0
oracle jre 11.0.3
oracle jre 1.8.0
opensuse leap 15.1
opensuse leap 15.0
mcafee epolicy_orchestrator 5.9.0
hp xp7_command_view *
mcafee epolicy_orchestrator 5.9.1
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 8.0
CVE-2019-2762 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
oracle jdk 11.0.3
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
opensuse leap 15.1
mcafee epolicy_orchestrator 5.9.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
oracle jdk 12.0.1
redhat satellite 5.8
oracle jre 12.0.1
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
oracle jre 11.0.3
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
mcafee epolicy_orchestrator 5.9.1
CVE-2019-2766 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
oracle jdk 12.0.1
oracle jdk 11.0.3
oracle jre 12.0.1
oracle jdk 1.8.0
oracle jre 11.0.3
oracle jre 1.8.0
opensuse leap 15.1
opensuse leap 15.0
mcafee epolicy_orchestrator 5.9.0
hp xp7_command_view *
mcafee epolicy_orchestrator 5.9.1
oracle jdk 1.7.0
mcafee epolicy_orchestrator 5.10.0
CVE-2019-2769 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
oracle jdk 11.0.3
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
opensuse leap 15.1
mcafee epolicy_orchestrator 5.9.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
oracle jdk 12.0.1
redhat satellite 5.8
oracle jre 12.0.1
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
oracle jre 11.0.3
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
mcafee epolicy_orchestrator 5.9.1
CVE-2019-2786 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.4 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
oracle jdk 12.0.1
oracle jdk 11.0.3
redhat enterprise_linux_desktop 6.0
redhat satellite 5.8
oracle jre 12.0.1
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
oracle jre 11.0.3
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
opensuse leap 15.1
opensuse leap 15.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
redhat enterprise_linux 8.0
CVE-2019-2816 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre 1.7.0
redhat enterprise_linux_server 7.0
oracle jdk 11.0.3
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
opensuse leap 15.1
mcafee epolicy_orchestrator 5.9.0
canonical ubuntu_linux 16.04
oracle jdk 1.7.0
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 8.0
redhat enterprise_linux 8.0
oracle jdk 12.0.1
redhat satellite 5.8
oracle jre 12.0.1
oracle jdk 1.8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
oracle jre 11.0.3
oracle jre 1.8.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
mcafee epolicy_orchestrator 5.9.1
CVE-2019-2842 MEDIUM

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.0
mcafee epolicy_orchestrator 5.9.0
hp xp7_command_view *
oracle jdk 1.8.0
mcafee epolicy_orchestrator 5.9.1
canonical ubuntu_linux 16.04
mcafee epolicy_orchestrator 5.10.0
oracle jre 1.8.0
CVE-2019-3479 HIGH

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3480 MEDIUM

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3481 HIGH

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3482 MEDIUM

Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3483 MEDIUM

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3484 HIGH

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3485 MEDIUM

Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_logger *
CVE-2019-3486 MEDIUM

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp arcsight_management_center *
CVE-2019-3683 MEDIUM

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
meissner@suse.de 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
suse keystone-json-assignment *
suse openstack_cloud 8.0
hp helion_openstack 8.0
CVE-2019-5338 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5339 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5340 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5341 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5342 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5343 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5344 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5345 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5346 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5347 HIGH

A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5348 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5349 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5350 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5351 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5352 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5353 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5354 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5355 HIGH

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5356 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5357 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5358 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5359 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5360 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5361 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5362 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5363 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5364 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5365 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5366 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5367 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5368 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5369 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5370 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5371 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5372 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5373 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5374 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5375 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5376 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5377 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5378 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5379 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5380 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5381 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5382 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5383 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5384 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5385 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5386 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5387 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5388 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5389 HIGH

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5390 HIGH

A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5391 HIGH

A stack buffer overflow vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5392 MEDIUM

A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5393 MEDIUM

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2019-5394 MEDIUM

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp maintenance_entity *
hp blade_maintenance_entity *
hp integrated_maintenance_entity *
CVE-2019-5395 MEDIUM

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-5396 HIGH

A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-5397 HIGH

A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-5398 LOW

A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-5399 HIGH

A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-5400 MEDIUM

A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2019-5401 LOW

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp hp2910al-48g_firmware w.15.14.00.16
CVE-2019-5402 HIGH

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_storeserv_management_console *
CVE-2019-5403 LOW

A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp 3par_storeserv_management_console *
CVE-2019-5404 HIGH

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
hp 3par_storeserv_management_console *
CVE-2019-5405 MEDIUM

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_storeserv_management_console *
CVE-2019-5406 HIGH

A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-384,

Products Affected

Vendor Product Version
hp 3par_storeserv_management_console *
CVE-2019-5407 MEDIUM

A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp 3par_storeserv_management_console *
CVE-2019-5408 MEDIUM

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp xp7_tiered_storage_manager -
hp xp7_replication_manager -
hp xp7_device_manager *
CVE-2019-5736 HIGH

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
linuxfoundation runc 1.0.0
redhat enterprise_linux_server 7.0
d2iq kubernetes_engine *
redhat openshift 3.7
netapp hci_management_node -
google kubernetes_engine -
opensuse leap 15.1
apache mesos *
microfocus service_management_automation 2018.11
opensuse leap 42.3
canonical ubuntu_linux 16.04
microfocus service_management_automation 2018.05
redhat enterprise_linux 8.0
linuxcontainers lxc *
redhat openshift 3.4
docker docker *
microfocus service_management_automation 2018.02
microfocus service_management_automation 2018.08
redhat container_development_kit 3.7
redhat openshift 3.5
d2iq dc/os *
canonical ubuntu_linux 19.04
fedoraproject fedora 29
linuxfoundation runc *
fedoraproject fedora 30
hp onesphere -
netapp solidfire -
redhat openshift 3.6
opensuse leap 15.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
opensuse backports_sle 15.0
CVE-2019-6318 HIGH

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,

Products Affected

Vendor Product Version
hp laserjet_enterprise_500_color_m551_firmware *
hp color_laserjet_managed_mfp_e57540_firmware *
hp laserjet_enterprise_flow_mfp_m527z_firmware *
hp pagewide_color_755_firmware *
hp laserjet_managed_m605_firmware *
hp color_laserjet_managed_mfp_e87660_firmware *
hp laserjet_managed_mfp_e82560_firmware *
hp color_laserjet_enterprise_flow_mfp_m577_firmware *
hp color_laserjet_enterprise_m552_firmware *
hp color_laserjet_managed_flow_mfp_m880zm_firmware *
hp color_laserjet_enterprise_flow_mfp_m682_firmware *
hp color_laserjet_enterprise_m651_firmware *
hp pagewide_managed_color_flow_mfp_e58650z_firmware *
hp laserjet_enterprise_m4555_mfp_firmware *
hp laserjet_enterprise_500_mfp_m525f_firmware *
hp pagewide_color_mfp_779_firmware *
hp laserjet_managed_flow_mfp_e62575_firmware *
hp pagewide_managed_color_p75250_firmware *
hp laserjet_enterprise_m606_firmware *
hp color_laserjet_enterprise_m855_firmware *
hp laserjet_managed_500_mfp_m525_firmware *
hp laserjet_managed_mfp_m527_firmware *
hp color_laserjet_enterprise_m553_firmware *
hp officejet_managed_color_mfp_x585_firmware *
hp color_laserjet_managed_flow_mfp_e6750_firmware *
hp laserjet_managed_flow_mfp_e82550_firmware *
hp color_laserjet_managed_e65050_firmware *
hp laserjet_enterprise_flow_mfp_m631_firmware *
hp pagewide_enterprise_color_mfp_780_firmware *
hp pagewide_managed_color_e55650_firmware *
hp color_laserjet_managed_mfp_e77830_firmware *
hp pagewide_enterprise_color_765_firmware *
hp laserjet_enterprise_mfp_m527_firmware *
hp color_laserjet_managed_mfp_m577_firmware *
hp laserjet_managed_flow_mfp_m527z_firmware *
hp pagewide_managed_color_flow_mfp_e77650_firmware *
hp color_laserjet_enterprise_mfp_m682_firmware *
hp officejet_enterprise_color_mfp_x585_firmware *
hp color_laserjet_managed_flow_mfp_e57540_firmware *
hp color_laserjet_managed_flow_mfp_e87660_firmware *
hp laserjet_managed_flow_mfp_e72530_firmware *
hp pagewide_managed_color_mfp_e77650_firmware *
hp color_laserjet_managed_mfp_m775_firmware *
hp laserjet_managed_flow_mfp_m525_firmware *
hp color_laserjet_enterprise_m750_firmware *
hp laserjet_managed_flow_mfp_m630_firmware *
hp color_laserjet_managed_flow_mfp_m577_firmware *
hp laserjet_managed_mfp_e82550_firmware *
hp color_laserjet_enterprise_flow_mfp_m680_firmware *
hp pagewide_managed_color_flow_mfp_e77660z_firmware *
hp laserjet_enterprise_700_m712_firmware *
hp laserjet_managed_500_color_mfp_m575_firmware *
hp color_laserjet_managed_m651_firmware *
hp laserjet_managed_mfp_m725_firmware *
hp color_laserjet_managed_flow_mfp_e77822_firmware *
hp laserjet_managed_mfp_e62555_firmware *
hp laserjet_managed_mfp_e72525_firmware *
hp color_laserjet_managed_flow_mfp_m680_firmware *
hp laserjet_managed_e60055_firmware *
hp officejet_enterprise_color_flow_mfp_x585_firmware *
hp laserjet_managed_m506_firmware *
hp color_laserjet_managed_mfp_e67550_firmware *
hp color_laserjet_enterprise_flow_mfp_m880z_firmware *
hp laserjet_enterprise_flow_mfp_m632_firmware *
hp laserjet_enterprise_flow_mfp_m633_firmware *
hp laserjet_enterprise_m609_firmware *
hp color_laserjet_managed_flow_mfp_e87650_firmware *
hp laserjet_managed_e60065_firmware *
hp laserjet_enterprise_mfp_m631_firmware *
hp pagewide_enterprise_color_mfp_586_firmware *
hp laserjet_managed_flow_mfp_e62555_firmware *
hp color_laserjet_managed_e55040dw_firmware *
hp laserjet_enterprise_color_flow_mfp_m575_firmware *
hp laserjet_managed_e50045_firmware *
hp pagewide_enterprise_color_flow_mfp_586z_firmware *
hp digital_sender_flow_8500_fn2_document_capture_workstation_firmware *
hp pagewide_color_mfp_774_firmware *
hp laserjet_enterprise_m604_firmware *
hp color_laserjet_managed_flow_mfp_e67560_firmware *
hp laserjet_enterprise_mfp_m633_firmware *
hp laserjet_enterprise_700_color_mfp_m775_firmware *
hp pagewide_managed_color_mfp_p77940_firmware *
hp color_laserjet_enterprise_mfp_m577_firmware *
hp pagewide_managed_color_mfp_e58650dn_firmware *
hp laserjet_managed_flow_mfp_e72525_firmware *
hp color_laserjet_enterprise_m653_firmware *
hp laserjet_enterprise_m506_firmware *
hp laserjet_enterprise_mfp_m630_firmware *
hp color_laserjet_cm4540_mfp_firmware *
hp laserjet_enterprise_flow_mfp_m525_firmware *
hp laserjet_managed_flow_mfp_e72535_firmware *
hp color_laserjet_managed_flow_mfp_e77825_firmware *
hp scanjet_enterprise_8500_fn1_document_capture_workstation_firmware *
hp color_laserjet_managed_mfp_e67560_firmware *
hp laserjet_managed_flow_mfp_e62565_firmware *
hp laserjet_enterprise_600_m602_firmware *
hp officejet_managed_color_flow_mfp_x585_firmware *
hp laserjet_managed_mfp_e62565_firmware *
hp laserjet_enterprise_flow_mfp_m630_firmware *
hp color_laserjet_managed_mfp_m680_firmware *
hp pagewide_enterprise_color_556_firmware *
hp pagewide_managed_color_e75160_firmware *
hp laserjet_managed_color_flow_mfp_m575_firmware *
hp color_laserjet_enterprise_mfp_m680_firmware *
hp laserjet_enterprise_600_m603_firmware *
hp scanjet_enterprise_flow_n9120_fn2_document_scanner_firmware *
hp color_laserjet_managed_mfp_e87650_firmware *
hp color_laserjet_managed_flow_mfp_e77830_firmware *
hp laserjet_enterprise_500_color_mfp_m575_firmware *
hp laserjet_managed_mfp_e72535_firmware *
hp color_laserjet_enterprise_mfp_m681_firmware *
hp color_laserjet_managed_e65060_firmware *
hp laserjet_managed_flow_mfp_e82560_firmware *
hp laserjet_managed_mfp_e82540_firmware *
hp pagewide_enterprise_color_flow_mfp_780f_firmware *
hp pagewide_managed_color_mfp_p77960_firmware *
hp laserjet_managed_flow_mfp_e82540_firmware *
hp pagewide_enterprise_color_flow_mpf_785_firmware *
hp color_laserjet_enterprise_cp5525_firmware *
hp laserjet_enterprise_mfp_m725_firmware *
hp color_laserjet_managed_flow_mfp_e87640_firmware *
hp laserjet_enterprise_mfp_m632_firmware *
hp color_laserjet_managed_mfp_e77825_firmware *
hp laserjet_managed_mfp_m630_firmware *
hp laserjet_enterprise_m608_firmware *
hp laserjet_managed_flow_mfp_m830_firmware *
hp laserjet_enterprise_m607_firmware *
hp color_laserjet_enterprise_flow_mfp_m681_firmware *
hp laserjet_managed_e60075_firmware *
hp pagewide_managed_color_mfp_p77950_firmware *
hp color_laserjet_managed_m553_firmware *
hp color_laserjet_managed_mfp_e77822_firmware *
hp laserjet_managed_mfp_e52545_firmware *
hp laserjet_managed_mfp_e72530_firmware *
hp laserjet_enterprise_flow_mfp_m830_firmware *
hp laserjet_managed_flow_mfp_e52545c_firmware *
hp laserjet_enterprise_m605_firmware *
hp officejet_enterprise_color_x555_firmware *
hp laserjet_enterprise_m806_firmware *
hp color_laserjet_managed_mfp_e87640_firmware *
hp laserjet_enterprise_600_m601_firmware *
hp color_laserjet_enterprise_m652_firmware *
hp pagewide_managed_color_mfp_p77440_firmware *
CVE-2019-6319 MEDIUM

HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp deskjet_3630_v3f22a_firmware *
hp deskjet_3630_k4t93a_firmware *
hp deskjet_3630_v3f21a_firmware *
hp deskjet_3630_k4u03b_firmware *
hp deskjet_3630_k4t99c_firmware *
hp deskjet_3630_k4u00b_firmware *
hp deskjet_3630_f5s57a_firmware *
hp deskjet_3630_f5s43a_firmware *
CVE-2019-6320 MEDIUM

Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp deskjet_3630_v3f22a_firmware *
hp deskjet_3630_k4t93a_firmware *
hp deskjet_3630_v3f21a_firmware *
hp deskjet_3630_k4u03b_firmware *
hp deskjet_3630_k4t99c_firmware *
hp deskjet_3630_k4u00b_firmware *
hp deskjet_3630_f5s57a_firmware *
hp deskjet_3630_f5s43a_firmware *
CVE-2019-6321 HIGH

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-667,

Products Affected

Vendor Product Version
hp z6_g4_workstation_firmware *
hp z4_g4_core-x_workstation_firmware *
hp z4_g4_workstation_firmware *
hp z8_g4_workstation_firmware *
CVE-2019-6322 HIGH

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-667,

Products Affected

Vendor Product Version
hp z6_g4_workstation_firmware *
hp z4_g4_core-x_workstation_firmware *
hp z4_g4_workstation_firmware *
hp z8_g4_workstation_firmware *
CVE-2019-6323 MEDIUM

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp w2g54a_firmware *
hp t6b83a_firmware *
hp y5s54a_firmware *
hp t6b80a_firmware *
hp t6b82a_firmware *
hp w2g55a_firmware *
hp y5s55a_firmware *
hp t6b81a_firmware *
hp y5s53a_firmware *
hp y5s50a_firmware *
CVE-2019-6324 LOW

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp w2g54a_firmware *
hp t6b83a_firmware *
hp y5s54a_firmware *
hp t6b80a_firmware *
hp t6b82a_firmware *
hp w2g55a_firmware *
hp y5s55a_firmware *
hp t6b81a_firmware *
hp y5s53a_firmware *
hp y5s50a_firmware *
CVE-2019-6325 MEDIUM

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp w2g54a_firmware *
hp t6b83a_firmware *
hp y5s54a_firmware *
hp t6b80a_firmware *
hp t6b82a_firmware *
hp w2g55a_firmware *
hp y5s55a_firmware *
hp t6b81a_firmware *
hp y5s53a_firmware *
hp y5s50a_firmware *
CVE-2019-6326 MEDIUM

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hp w2g54a_firmware *
hp t6b83a_firmware *
hp y5s54a_firmware *
hp t6b80a_firmware *
hp t6b82a_firmware *
hp w2g55a_firmware *
hp y5s55a_firmware *
hp t6b81a_firmware *
hp y5s53a_firmware *
hp y5s50a_firmware *
CVE-2019-6327 HIGH

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp laserjet_pro_m280-m281_t6b80a_firmware *
hp laserjet_pro_mfp_m28-m31_y5s50a_firmware *
hp laserjet_pro_mfp_m28-m31_w2g54a_firmware *
hp laserjet_pro_mfp_m28-m31_w2g55a_firmware *
hp laserjet_pro_mfp_m28-m31_y5s54a_firmware *
hp laserjet_pro_mfp_m28-m31_y5s55a_firmware *
hp laserjet_pro_m280-m281_t6b83a_firmware *
hp laserjet_pro_m280-m281_t6b81a_firmware *
hp laserjet_pro_m280-m281_t6b82a_firmware *
hp laserjet_pro_mfp_m28-m31_y5s53a_firmware *
CVE-2019-6328 HIGH

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2019-6329 HIGH

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2019-6330 HIGH

A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp access_control *
CVE-2019-6331 LOW

An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp samsung_mobile_print *
CVE-2019-6332 LOW

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp envy_photo_7100_3xd89a_firmware *
hp smart_tank_wireless_450_z6z96a_firmware *
hp envy_5000_m2u85a_firmware *
hp ink_tank_wireless_410_z4b55a_firmware *
hp smart_tank_wireless_450_z6z98a_firmware *
hp envy_photo_6200_k7s21b_firmware *
hp envy_photo_7800_k7r96a_firmware *
hp ink_tank_wireless_410_z6z99a_firmware *
hp envy_5000_m2u91a_firmware *
hp envy_photo_6200_y0k15a_firmware *
hp smart_tank_wireless_450_z4b56a_firmware *
hp envy_5000_z4a54a_firmware *
hp envy_photo_6200_k7g26b_firmware *
hp envy_photo_7800_y0g42d_firmware *
hp officejet_5200_z4b12a_firmware *
hp deskjet_2600_y5h80a_firmware *
hp envy_5000_m2u94b_firmware *
hp officejet_5200_z4b27a_firmware *
hp officejet_5200_m2u75a_firmware *
hp deskjet_ink_advantage_2600_v1n02b_firmware *
hp deskjet_ink_advantage_5200_m2u78b_firmware *
hp envy_photo_7100_k7g93a_firmware *
hp envy_5000_z4a74a_firmware *
hp officejet_5200_z4b14a_firmware *
hp ink_tank_wireless_410_z7a01a_firmware *
hp envy_photo_7100_z3m37a_firmware *
hp envy_photo_7100_z3m52a_firmware *
hp envy_photo_7800_y0g52b_firmware *
hp deskjet_ink_advantage_5000_m2u89b_firmware *
hp officejet_5200_m2u84b_firmware *
hp deskjet_ink_advantage_2600_y5z04b_firmware *
hp envy_photo_6200_k7g18a_firmware *
hp envy_photo_7800_k7s10d_firmware *
hp officejet_5200_z4b29a_firmware *
hp envy_5000_m2u85b_firmware *
hp ink_tank_wireless_410_z6z95a_firmware *
hp deskjet_ink_advantage_5000_m2u86a_firmware *
hp deskjet_2600_v1n01a_firmware *
hp ink_tank_wireless_410_4dx94a_firmware *
hp deskjet_ink_advantage_5200_m2u76a_firmware *
hp officejet_5200_m2u81a_firmware *
hp deskjet_2600_v1n08a_firmware *
hp ink_tank_wireless_410_z4b53a_firmware *
hp deskjet_ink_advantage_2600_v1n02a_firmware *
hp deskjet_ink_advantage_2600_y5z00a_firmware *
hp ink_tank_wireless_410_4yf79a_firmware *
hp envy_photo_7800_k7s00a_firmware *
hp deskjet_2600_4uj28b_firmware *
hp deskjet_2600_y5h60a_firmware *
hp envy_photo_6200_y0k13d__firmware *
hp envy_photo_7100_k7g99a_firmware *
hp ink_tank_wireless_410_4dx95a_firmware *
CVE-2019-6333 HIGH

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
hp touchpoint_analytics *
CVE-2019-6334 HIGH

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp futuresmart_4 *
hp futuresmart_3 *
CVE-2019-6335 MEDIUM

A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp samsung_m2070_firmware -
hp samsung_c480_firmware -
hp samsung_clp680_firmware *
hp samsung_m436dn_firmware *
CVE-2019-6337 LOW

For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 0.9 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp k9z76d_firmware *
hp j6u51b_firmware *
hp k9z74a_firmware *
hp d3q21a_firmware *
hp d3q15a_firmware *
hp j9v82d_firmware *
hp d3q20c_firmware *
hp j9v80a_firmware *
hp d9l64a_firmware *
hp t0g70a_firmware *
hp j6u55a_firmware *
hp j9v82a_firmware *
hp k9z76a_firmware *
hp d3q20b_firmware *
hp j3p68a_firmware *
hp d3q19a_firmware *
hp k9z74d_firmware *
hp d3q21c_firmware *
hp d3q20a_firmware *
hp d3q19d_firmware *
hp w2z53b_firmware *
hp j6u57b_firmware *
hp w2z52b_firmware *
hp d3q17a_firmware *
hp d3q16d_firmware *
hp d3q20d_firmware *
hp d3q15d_firmware *
hp d3q15b_firmware *
hp j3p65a_firmware *
hp 2dr21d_firmware *
hp d9l63a_firmware *
hp d3q21b_firmware *
hp j9v78b_firmware *
hp d3q19b_firmware *
hp j9v80b_firmware *
hp k9z76b_firmware *
hp j6u55d_firmware *
hp d3q17d_firmware *
hp d3q21d_firmware *
hp d3q16a_firmware *
hp j6u57a_firmware *
CVE-2019-7317 LOW

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
oracle mysql *
opensuse package_hub -
netapp cloud_backup -
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux 6.0
redhat enterprise_linux_for_ibm_z_systems 8.0
mozilla thunderbird -
netapp active_iq_unified_manager *
opensuse leap 15.1
debian debian_linux 8.0
redhat enterprise_linux_for_ibm_z_systems 7.0
mozilla firefox -
netapp steelstore -
redhat enterprise_linux 7.0
redhat enterprise_linux_for_ibm_z_systems 6.0
netapp snapmanager 3.4.2
redhat enterprise_linux_for_power_little_endian 7.0
netapp e-series_santricity_web_services *
netapp e-series_santricity_unified_manager *
opensuse leap 15.0
canonical ubuntu_linux 18.04
netapp active_iq_unified_manager 9.6
redhat enterprise_linux_for_power_big_endian 7.0
oracle jdk 11.0.3
redhat enterprise_linux_desktop 6.0
debian debian_linux 9.0
redhat enterprise_linux_workstation 6.0
netapp plug-in_for_symantec_netbackup -
oracle java_se 8u212
libpng libpng *
opensuse leap 42.3
netapp snapmanager *
oracle hyperion_infrastructure_technology 11.2.6.0
canonical ubuntu_linux 16.04
oracle java_se 7u221
redhat enterprise_linux 8.0
netapp e-series_santricity_storage_manager *
oracle jdk 12.0.1
netapp oncommand_insight *
redhat satellite 5.8
canonical ubuntu_linux 19.04
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_power_big_endian 6.0
netapp e-series_santricity_management -
hpe xp7_command_view_advanced_edition_suite *
canonical ubuntu_linux 18.10
redhat enterprise_linux_workstation 7.0
hp xp7_command_view *
netapp oncommand_workflow_automation *
CVE-2020-10136 MEDIUM

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,CWE-290,

Products Affected

Vendor Product Version
cisco nx-os 5.2(1)n1(2)
cisco nx-os 6.1(2)i2(2a)
cisco nx-os 5.2(1)sm1(5.2a)
cisco nx-os 5.2(1)n1(1a)
cisco nx-os 7.3(5)d1(1)
cisco nx-os 5.2(1)sk3(2.2b)
cisco nx-os 5.0(3)u1(1b)
cisco nx-os 7.0(5)n1(1a)
cisco nx-os 7.1(3)n1(5)
treck tcp/ip *
cisco nx-os 7.2(2)d1(1)
cisco nx-os 6.0(2)u5(1)
cisco nx-os 6.0(2)u1(1)
cisco nx-os 5.0(3)u3(2a)
cisco nx-os 7.1(3)n1(4)
cisco nx-os 6.0(2)n1(2)
cisco nx-os 5.2(4)
cisco nx-os 6.0(2)a1(2d)
cisco nx-os 6.0(2)a3(1)
cisco nx-os 7.0(3)i1(1z)
cisco nx-os 5.2(1)sm3(1.1)
cisco nx-os 6.0(2)a4(2)
cisco nx-os 7.3(4)d1(1)
cisco nx-os 5.0(3)u1(2a)
cisco nx-os 7.3(2)n1(1)
cisco nx-os 6.0(2)a1(1b)
cisco nx-os 5.0(3)u2(2c)
cisco nx-os 6.0(2)u2(4.92.4z)
cisco nx-os 5.0(3)u5(1c)
cisco nx-os 7.3(7)n1(1)
cisco nx-os 7.3(6)d1(1)
cisco nx-os 6.0(2)a4(4)
cisco nx-os 7.1(3)n1(2)
cisco nx-os 7.2(1)d1(1)
cisco nx-os 6.2(2)
cisco nx-os 7.1(1)n1(1)
cisco nx-os 5.2(1)sv3(2.8)
cisco nx-os 6.0(2)a1(1c)
cisco nx-os 6.2(14)
cisco nx-os 5.2(9)
cisco nx-os 5.0(3)u1(2)
cisco nx-os 7.1(1)n1(1a)
cisco nx-os 5.2(1)sm3(1.1a)
cisco nx-os 6.0(2)u2(1)
cisco nx-os 6.2(6b)
cisco nx-os 6.0(2)a1(1d)
cisco nx-os 6.0(2)a4(1)
cisco nx-os 5.0(3)u5(1a)
cisco nx-os 7.3(0)n1(1b)
cisco nx-os 7.3(2)d1(3)
cisco nx-os 7.3(0)d1(1)
cisco nx-os 5.2(1)sv3(1.2)
cisco nx-os 6.1(2)i1(2)
cisco nx-os 6.0(2)a3(2)
cisco nx-os 5.0(3)u5(1f)
cisco nx-os 6.0(2)u2(6)
cisco nx-os 5.2(1)n1(8a)
cisco nx-os 6.0(2)u2(3)
cisco nx-os 5.2(1)sv3(3.1)
cisco nx-os 7.3(4)n1(1)
cisco nx-os 6.2(20a)
cisco nx-os 7.3(1)n1(1)
cisco nx-os 7.2(1)n1(1)
cisco nx-os 6.2(16)
cisco nx-os 6.0(2)n2(5b)
cisco nx-os 6.0(2)a1(1f)
cisco nx-os 7.3(2)d1(3a)
cisco nx-os 7.1(0)n1(1b)
cisco nx-os 5.2(1)sv3(1.4)
cisco nx-os 6.0(2)n2(5a)
cisco nx-os 6.2(6)
cisco nx-os 5.0(3)u3(2)
cisco nx-os 7.1(4)n1(1)
cisco nx-os 5.2(1)sv3(1.6)
cisco nx-os 7.1(4)n1(1c)
cisco nx-os 7.1(5)n1(1)
cisco nx-os 5.0(3)u2(2b)
cisco unified_computing_system -
cisco nx-os 7.1(3)n1(1)
cisco nx-os 5.2(1)n1(7)
cisco nx-os 5.2(1)sk3(2.1a)
cisco nx-os 5.0(3)u4(1)
cisco nx-os 6.0(2)u2(4)
cisco nx-os 5.2(1)sv3(1.10)
cisco nx-os 6.0(2)a4(5)
cisco nx-os 5.2(1)
cisco nx-os 6.0(2)n1(1)
cisco nx-os 7.0(6)n1(4s)
cisco nx-os 6.0(2)u4(3)
cisco nx-os 7.3(2)d1(1)
cisco nx-os 6.1(2)i2(3)
cisco nx-os 7.1(4)n1(1a)
cisco nx-os 5.2(1)sv3(4.1)
cisco nx-os 7.1(3)n1(3)
cisco nx-os 5.2(1)n1(9)
cisco nx-os 5.2(1)sv3(1.4b)
cisco nx-os 5.2(1)sv3(1.5a)
cisco nx-os 7.3(2)n1(1c)
cisco nx-os 5.2(1)n1(8b)
digi saros *
cisco nx-os 5.2(1)sv3(4.1b)
cisco nx-os 5.2(1)n1(6)
cisco nx-os 5.2(1)n1(9a)
cisco nx-os 5.0(3)u5(1i)
cisco nx-os 7.1(2)n1(1a)
cisco nx-os 7.3(2)d1(1d)
cisco nx-os 6.0(2)u4(4)
cisco nx-os 6.1(2)i2(2)
cisco nx-os 7.0(4)n1(1)
hp x3220nr_firmware *
cisco nx-os 6.0(2)u3(4)
cisco nx-os 7.3(7)n1(1a)
cisco nx-os 5.2(1)n1(1b)
cisco nx-os 7.0(3)i1(1b)
cisco nx-os 6.0(2)n1(2a)
cisco nx-os 7.3(0)dx(1)
cisco nx-os 5.2(1)n1(8)
cisco nx-os 5.2(9a)
cisco nx-os 7.3(3)d1(1)
cisco nx-os 5.2(1)sv3(1.1)
cisco nx-os 7.0(3)i1(1a)
cisco nx-os 5.2(1)n1(1)
cisco nx-os 6.0(2)u3(5)
cisco nx-os 5.2(1)sm1(5.1)
cisco nx-os 5.2(1)sv3(2.1)
cisco nx-os 5.2(1)sv5(1.2)
cisco nx-os 6.1(2)i3(1)
cisco nx-os 7.2(2)d1(3)
cisco nx-os 5.0(3)u3(1)
cisco nx-os 5.0(3)u1(1a)
cisco nx-os 6.0(2)a1(1e)
cisco nx-os 5.0(3)u2(2a)
cisco nx-os 6.0(2)n2(2)
cisco nx-os 6.0(2)u3(9)
cisco nx-os 5.2(3)
cisco nx-os 6.0(2)u3(6)
cisco nx-os 5.2(1)sv3(4.1a)
cisco nx-os 7.0(2)n1(1)
cisco nx-os 6.2(18)
cisco nx-os 7.0(4)n1(1a)
cisco nx-os 7.0(7)n1(1b)
cisco nx-os 5.2(1)sv3(1.3)
cisco nx-os 5.0(3)u5(1j)
cisco nx-os 5.0(3)u2(2d)
cisco nx-os 5.0(3)u5(1e)
cisco nx-os 6.0(2)a3(4)
cisco nx-os 5.2(7)
cisco nx-os 6.0(2)u3(1)
cisco nx-os 7.3(2)n1(1b)
cisco nx-os 7.0(6)n1(3s)
cisco nx-os 5.2(1)sv5(1.1)
cisco nx-os 5.0(3)u5(1)
cisco nx-os 7.3(0)n1(1a)
cisco nx-os 6.0(2)a4(6)
cisco nx-os 6.0(2)u3(2)
cisco nx-os 5.0(3)u3(2b)
cisco nx-os 5.0(3)u5(1g)
cisco nx-os 6.0(2)n2(1)
cisco nx-os 5.0(3)a1(2a)
cisco nx-os 6.0(2)n1(1a)
cisco nx-os 5.2(1)n1(9b)
cisco nx-os 5.0(3)u2(2)
cisco nx-os 7.3(6)n1(1a)
cisco nx-os 7.3(0)n1(1)
cisco nx-os 6.1(2)i2(1)
cisco nx-os 5.2(1)sv5(1.3)
cisco nx-os 6.2(8)
cisco nx-os 7.0(3)n1(1)
cisco ucs_manager 3.2(3n)a
cisco nx-os 5.0(3)u5(1d)
cisco nx-os 7.0(7)n1(1)
cisco nx-os 6.1(2)i3(3)
cisco nx-os 5.0(3)u2(1)
cisco nx-os 6.2(10)
cisco nx-os 5.2(1)n1(4)
cisco nx-os 7.0(0)n1(1)
cisco nx-os 5.2(1)sm1(5.2c)
cisco nx-os 7.1(3)n1(2a)
cisco nx-os 7.3(3)n1(1)
cisco nx-os 7.3(6)n1(1)
cisco nx-os 6.0(2)n2(4)
cisco nx-os 6.2(14a)
cisco nx-os 5.0(3)a1(1)
cisco nx-os 5.2(1)sm1(5.2b)
cisco nx-os 5.0(3)u1(1c)
cisco nx-os 7.0(6)n1(2s)
cisco nx-os 5.2(5)
cisco nx-os 7.0(5)n1(1)
cisco nx-os 6.0(2)a1(1a)
cisco nx-os 5.2(1)sk3(1.1)
cisco nx-os 7.2(2)d1(2)
cisco nx-os 6.0(2)u3(3)
cisco nx-os 6.1(2)i2(2b)
cisco nx-os 6.0(2)n2(1b)
cisco nx-os 6.0(2)u3(8)
cisco nx-os 6.0(2)u1(3)
cisco nx-os 6.0(2)u1(2)
cisco nx-os 6.1(2)i3(3a)
cisco nx-os 6.1(2)i1(3)
cisco nx-os 6.1(2)i3(2)
cisco nx-os 5.2(1)sv3(2.5)
cisco nx-os 5.2(1)sm1(5.2)
cisco nx-os 6.2(20)
cisco nx-os 5.2(1)sm3(1.1c)
cisco nx-os 5.0(3)u5(1b)
cisco nx-os 7.0(3)i1(1)
cisco nx-os 6.0(2)u2(5)
cisco nx-os 5.2(1)sm3(2.1)
cisco nx-os 5.2(1)sv3(1.15)
cisco nx-os 6.2(8a)
cisco nx-os 7.2(2)d1(4)
cisco nx-os 6.0(2)n2(7)
cisco nx-os 6.0(2)a1(1)
cisco nx-os 7.3(2)d1(2)
cisco nx-os 7.3(4)n1(1a)
cisco nx-os 6.0(2)n2(5)
cisco nx-os 7.0(6)n1(1)
cisco nx-os 7.0(7)n1(1a)
cisco nx-os 6.0(2)u1(4)
cisco nx-os 5.2(1)sk3(2.2)
cisco nx-os 7.2(0)d1(1)
cisco nx-os 5.2(1)n1(3)
cisco nx-os 5.2(1)sk3(2.1)
cisco nx-os 6.0(2)u2(2)
cisco nx-os 7.1(4)n1(1d)
cisco nx-os 5.2(3a)
cisco nx-os 6.2(24)
cisco nx-os 6.0(2)n2(3)
cisco nx-os 7.3(5)n1(1)
cisco nx-os 6.2(12)
cisco nx-os 6.2(22)
cisco nx-os 5.0(3)a1(2)
cisco nx-os 5.2(1)sv3(3.15)
cisco nx-os 6.2(2a)
cisco nx-os 6.2(14b)
cisco nx-os 7.1(0)n1(1)
cisco nx-os 7.1(5)n1(1b)
cisco nx-os 6.2(8b)
cisco nx-os 5.0(3)u5(1h)
cisco nx-os 7.0(8)n1(1a)
cisco nx-os 6.2(6a)
cisco nx-os 7.1(0)n1(1a)
cisco nx-os 7.1(2)n1(1)
cisco nx-os 5.0(3)u1(1)
cisco nx-os 7.0(8)n1(1)
cisco nx-os 6.0(2)a4(3)
cisco nx-os 6.0(2)n2(6)
cisco nx-os 5.2(1)n1(5)
cisco nx-os 7.0(1)n1(1)
cisco nx-os 5.2(1)sm3(1.1b)
cisco nx-os 6.0(2)u3(7)
cisco nx-os 6.0(2)u4(1)
cisco nx-os 7.3(1)d1(1)
cisco nx-os 5.0(3)u1(1d)
cisco nx-os 5.2(1)sv3(1.5b)
cisco nx-os 5.2(1)n1(2a)
cisco nx-os 6.0(2)u1(1a)
cisco nx-os 6.0(2)u4(2)
CVE-2020-11853 MEDIUM

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp universal_cmbd_foundation 2018.08
microfocus hybrid_cloud_management *
microfocus operation_bridge_manager 10.11
microfocus operation_bridge_manager 10.12
hp universal_cmbd_foundation 2019.05
microfocus operation_bridge_manager 10.61
hp universal_cmbd_foundation 10.30
microfocus service_manager_automation 2020.05
hp universal_cmbd_foundation 10.20
hp universal_cmbd_foundation 10.31
hp universal_cmbd_foundation 2019.11
microfocus operations_bridge_manager 2017.11
microfocus data_center_automation *
microfocus operations_bridge_manager 2019.11
microfocus operations_bridge_manager 2020.05
microfocus operations_bridge_manager 2018.11
hp universal_cmbd_foundation 2018.11
hp universal_cmbd_foundation 2018.05
hp universal_cmbd_foundation 10.33
microfocus operations_bridge_manager 2018.05
microfocus operations_bridge_manager 2019.08
microfocus application_performance_management 9.51
microfocus operations_bridge_manager 2018.02
hp universal_cmbd_foundation 2019.02
microfocus operation_bridge_manager 10.63
hp universal_cmbd_foundation 11.0
hp universal_cmbd_foundation 10.32
microfocus operation_bridge_manager 10.60
microfocus application_performance_management 9.50
microfocus operations_bridge_manager 2018.08
microfocus operation_bridge_manager *
microfocus operations_bridge_manager 2019.05
microfocus operation_bridge_manager 10.62
microfocus service_manager_automation 2020.02
hp universal_cmbd_foundation 2020.05.
microfocus application_performance_management 9.40
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp envy_5000_z4a54a -
fedoraproject fedora 31
hp envy_4524_k9t01a -
hp hp_envy_4522_f0v67a -
hp envy_5543_n9u88a -
hp envy_4500_a9t80a -
hp envy_photo_7100_z3m52a -
hp hp_envy_4526_k9t05b -
hp envy_5536 -
hp envy_4508_e6g72b -
cisco wap351 -
hp hp_envy_4513_k9h51a -
hp envy_photo_7164_k7g99a -
epson xp-2101 -
hp envy_5020_m2u91b -
hp envy_pro_6452_5se47a -
hp envy_4505_a9t86a -
hp hp_deskjet_ink_advantage_4675_f1h97b -
epson xp-440 -
hp envy_4501_c8d05a -
hp envy_photo_7822_y0g43d -
hp deskjet_ink_advantage_3545_a9t81c -
hp envy_100_cn519a -
hp envy_pro_6420_6wd14a -
hp hp_officejet_4655_k9v79a -
hp deskjet_ink_advantage_4538_f0v66b -
epson xp-340 -
hp officejet_4656_k9v81b -
ruckussecurity zonedirector_1200 -
hp envy_111_cq810a -
epson xp-320 -
hp deskjet_ink_advantage_4678_f1h99b -
hp envy_110_cq812c -
hp envy_5542_k7c88a -
hp envy_5000_m2u85a -
epson m571t -
hp officejet_4658_v6d30b -
hp officejet_4657_v6d29b -
hp envy_5640_b9s58a -
hp hp_officejet_4655_f1j00a -
hp deskjet_ink_advantage_3545_a9t83b -
hp envy_5540_k7c85a -
hp envy_4522_f0v67a -
hp envy_5535 -
hp hp_officejet_4650_e6g87a -
hp envy_110_cq809a -
hp envy_6052_5se18a -
hp hp_officejet_4652_f1j05b -
hp envy_5000_m2u85b -
hp officejet_4652_k9v84b -
hp 5030_m2u92b -
hp envy_photo_7120_z3m41d -
hp deskjet_ink_advantage_3546_a9t82a -
hp hp_envy_4520_f0v63b -
hp envy_photo_7800_y0g52b -
hp envy_5644_b9s65a -
epson xp-330 -
hp envy_114_cq812a -
hp envy_photo_7100_k7g99a -
hp officejet_4655_f1j00a -
hp envy_4520_e6g67b -
hp envy_photo_6200_k7g26b -
hp envy_photo_7800_k7s00a -
hp envy_5544_k7c89a -
hp envy_5548_k7g87a -
hp envy_4523_j6u60b -
hp envy_7644_e4w46a -
hp envy_4509_d3p94a -
canonical ubuntu_linux 20.04
hp hp_officejet_4657_v6d29b -
zte zxv10_w300 -
hp hp_envy_4520_e6g67a -
hp hp_envy_4512_k9h49a -
hp 5030_z4a70a -
hp envy_4509_d3p94b -
cisco wap131 -
hp envy_120_cz022c -
hp envy_photo_6200_y0k15a -
hp hp_envy_4511_k9h50a -
canon selphy_cp1200 -
hp officejet_4654_f1j06b -
hp deskjet_ink_advantage_4676_f1h98a -
hp envy_photo_7800_k7s10d -
hp envy_5540_g0v53a -
hp envy_photo_7155_z3m52a -
hp envy_4520_f0v63b -
hp envy_5000_m2u91a *
hp envy_5541_k7g89a -
epson xp-4100 -
hp envy_100_cn519b -
hp envy_110_cq809c -
hp envy_4520_f0v63a -
hp hp_deskjet_ink_advantage_4535_f0v64c -
ui unifi_controller -
hp envy_4500_a9t89a -
hp hp_envy_4525_k9t09b -
hp hp_officejet_4654_f1j07b -
hp envy_4511_k9h50a -
hp envy_5646_f8b05a -
tp-link archer_c50 -
hp envy_pro_6420_6wd16a -
hp 5020_z4a69a -
hp deskjet_ink_advantage_4675_f1h97a -
hp envy_4528_k9t08b -
dell b1165nfw -
epson xp-702 -
hp hp_officejet_4650_f1h96a -
zyxel vmg8324-b10a -
hp envy_7640 -
epson ew-m970a3t -
hp envy_photo_7800_y0g42d -
hp hp_officejet_4654_f1j06b -
hp envy_photo_6252_k7g22a -
nec wr8165n -
epson xp-630 -
hp envy_4524_f0v72b -
hp envy_photo_7100_3xd89a -
dlink dvg-n5412sp -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp deskjet_ink_advantage_4536_f0v65a -
hp deskjet_ink_advantage_5575_g0v48c -
hp envy_photo_7800_k7r96a -
epson xp-620 -
hp hp_envy_4524_f0v72b -
hp envy_6055_5se16a -
epson xp-2105 -
hp envy_100_cn518a -
hp hp_envy_4520_f0v69a -
hp envy_photo_6220_k7g21b -
hp envy_5664_f8b08a -
hp deskjet_ink_advantage_3548_a9t81b -
hp 5660_f8b04a -
hp hp_envy_4523_j6u60b -
w1.fi hostapd *
hp envy_5000_z4a74a -
epson xp-4105 -
hp officejet_4655_k9v79a -
hp envy_7645_e4w44a -
microsoft windows_10 -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp officejet_4652_f1j02a -
hp envy_100_cn517c -
epson xp-960 -
hp envy_5643_b9s63a -
hp envy_photo_6222_y0k14d -
hp envy_4525_k9t09b -
hp envy_5531 -
hp hp_envy_4520_e6g67b -
hp envy_4521_k9t10b -
hp envy_4527_j6u61b -
hp hp_envy_4524_f0v71b -
hp envy_5540_g0v47a -
hp envy_4524_f0v71b -
hp deskjet_ink_advantage_4675_f1h97c -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp deskjet_ink_advantage_3456_a9t84c -
hp envy_photo_7100_z3m37a -
hp officejet_4654_f1j07b -
hp envy_5540_g0v52a -
hp envy_5530 -
hp envy_5642_b9s64a -
hp envy_pro_6420_5se46a -
hp hp_envy_4528_k9t08b -
hp envy_110_cq809d -
asus rt-n11 -
zyxel amg1202-t10b -
debian debian_linux 10.0
hp deskjet_ink_advantage_3545_a9t81a -
hp envy_photo_6200_k7s21b -
hp envy_4512_k9h49a -
hp deskjet_ink_advantage_4535_f0v64a -
hp hp_deskjet_ink_advantage_4675_f1h97a -
hp hp_officejet_4650_f1h96b -
hp hp_envy_4521_k9t10b -
debian debian_linux 9.0
hp envy_5640_b9s56a -
fedoraproject fedora 32
hp envy_4520_e6g67a -
hp envy_5000_m2u91a -
hp envy_photo_6232_k7g26b -
epson xp-970 -
hp deskjet_ink_advantage_4675_f1h97b -
hp envy_120_cz022a -
hp officejet_4652_f1j05b -
hp hp_envy_4520_f0v63a -
hp officejet_4650_f1h96b -
hp envy_114_cq811a -
hp hp_deskjet_ink_advantage_4676_f1h98a -
hp envy_pro_6420_5se45b -
hp envy_4502_a9t85a -
hp envy_5534 -
hp deskjet_ink_advantage_4535_f0v64b -
hp hp_envy_4516_k9h52a -
hp envy_photo_6200_y0k13d_ -
hp envy_5532 -
epson xp-100 -
hp envy_4504_c8d04a -
hp envy_photo_6200_k7g18a -
hp envy_5547_j6u64a -
hp officejet_4655_k9v82b -
hp envy_5546_k7c90a -
hp hp_envy_4527_j6u61b -
hp envy_4520_f0v69a -
hp envy_pro_6455_5se45a -
hp hp_officejet_4652_k9v84b -
hp envy_4516_k9h52a -
hp hp_officejet_4655_k9v82b -
hp officejet_4650_e6g87a -
huawei hg255s -
hp deskjet_ink_advantage_4515 -
hp envy_5544_k7c93a -
hp envy_photo_6222_y0k13d -
epson xp-8600 -
hp envy_4500_d3p93a -
hp envy_120_cz022b -
hp envy_5665_f8b06a -
hp deskjet_ink_advantage_4518 -
epson xp-241 -
cisco wap150 -
hp envy_6020_6wd35a -
epson ep-101 -
hp deskjet_ink_advantage_5575_g0v48b -
hp hp_officejet_4656_k9v81b -
hp envy_100_cn517a -
hp envy_4526_k9t05b -
hp envy_5539 -
hp hp_deskjet_ink_advantage_4678_f1h99b -
hp envy_5000_m2u94b -
hp envy_4500_a9t80b -
hp hp_officejet_4652_f1j02a -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp envy_4502_a9t87b -
hp envy_4507_e6g70b -
hp envy_4503_e6g71b -
hp envy_6020_5se16b -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp envy_5540_f2e72a -
hp envy_photo_7822_y0g42d -
hp envy_6020_7cz37a -
hp envy_4504_a9t88b -
hp 5034_z4a74a -
hp envy_photo_6234_k7s21b -
hp envy_photo_6230_k7g25b -
epson xp-8500 -
hp officejet_4650_f1h96a -
hp hp_officejet_4658_v6d30b -
huawei hg532e -
broadcom adsl -
hp envy_4513_k9h51a -
hp envy_5545_g0v50a -
hp deskjet_ink_advantage_4535_f0v64c -
hp envy_5540_g0v51a -
microsoft xbox_one 10.0.19041.2494
hp envy_6020_5se17a -
hp envy_100_cn517b -
netgear wnhde111 -
hp envy_110_cq809b -
hp envy_photo_7100_k7g93a -
hp hp_envy_4524_k9t01a -
hp envy_photo_6220_k7g20d -
hp envy_photo_7830_y0g50b -
hp envy_114_cq811b -
hp envy_6540_b9s59a -
CVE-2020-15596 MEDIUM

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
hp pro_x2_612_g2_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_revolve_810_g3_firmware *
hp elitebook_1030_g1_firmware *
hp elitebook_folio_1040_g3_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elitebook_x360_1030_g2_firmware *
hp elitebook_1040_g4_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp zbook_x2_g4_firmware *
hp elitebook_folio_g1_firmware *
hp elite_x2_1012_g2_firmware *
hp elitebook_revolve_810_g2_firmware *
CVE-2020-24629 HIGH

A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24630 HIGH

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24646 HIGH

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24647 HIGH

A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24648 HIGH

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24649 HIGH

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24650 HIGH

A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24651 HIGH

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-24652 HIGH

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-28416 MEDIUM

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pagewide_pro_477dn_d3q19b_firmware *
hp officejet_4656_k9v81b_firmware *
hp pagewide_pro_577dw_d3q21b_firmware *
hp officejet_pro_8716_j6x81a_firmware *
hp officejet_pro_6970_t0f34a_firmware *
hp officejet_pro_8710_j6x79a_firmware *
hp officejet_pro_6830c_l3l04a_firmware *
hp officejet_pro_8715_k7s37a_firmware *
hp officejet_6960_j7k39a_firmware *
hp pagewide_pro_477dw_d3q20a_firmware *
hp officejet_pro_6960_j7k35a_firmware *
hp pagewide_managed_p52750dw_j9v78b_firmware *
hp officejet_6960_t0f32a_firmware *
hp officejet_pro_8725_j7a31a_firmware *
hp officejet_pro_8717_m9l65a_firmware *
hp officejet_pro_8744_k7s39a_firmware *
hp officejet_5742_f8b11a_firmware *
hp officejet_4658_v6d30b_firmware *
hp officejet_pro_6960_j7k39a_firmware *
hp pagewide_managed_p57750dw_9v82a_firmware *
hp officejet_6835_t6t84a_firmware *
hp officejet_6960_j7k33a_firmware *
hp officejet_pro_8718_t0g48a_firmware *
hp officejet_6960_j7k38a_firmware *
hp officejet_4650_f1h96a_firmware *
hp officejet_7510_g3j47a_firmware *
hp officejet_pro_8746_k7s40a_firmware *
hp officejet_5740_b9s78a_firmware *
hp officejet_5742_b9s84a_firmware *
hp officejet_5745_b9s80a_firmware *
hp officejet_pro_6960_t0f31a_firmware *
hp officejet_4654_f1j06b_firmware *
hp officejet_pro_6960_t0f28a_firmware *
hp officejet_4655_f1j00a_firmware *
hp officejet_pro_6970_t0f37a_firmware *
hp officejet_pro_8715_j6x78a_firmware *
hp officejet_pro_8728_t0g54a_firmware *
hp pagewide_pro_477dw_d3q20c_firmware *
hp officejet_6950_p4c81a_firmware *
hp officejet_5740_b9s79a_firmware *
hp officejet_4652_k9v84b_firmware *
hp officejet_pro_6960_t0g26a_firmware *
hp officejet_6950_p4c84a_firmware *
hp officejet_pro_8732m_t0g58a_firmware *
hp officejet_6960_j7k35a_firmware *
hp pagewide_pro_577dw_d3q21d_firmware *
hp officejet_6960_t0f30a_firmware *
hp officejet_5743_f8b10a_firmware *
hp pagewide_managed_p57750dw_j9v82b_firmware *
hp officejet_pro_6960_j7k37a_firmware *
hp officejet_6960_t0g25a_firmware *
hp officejet_pro_8710_d9l18a_firmware *
hp officejet_4657_v6d27b_firmware *
hp officejet_5744_b9s85a_firmware *
hp officejet_250c_l9d57a_firmware *
hp officejet_6960_t0g26a_firmware *
hp officejet_pro_873_d9l20a_firmware *
hp officejet_pro_6960_j7k33a_firmware *
hp officejet_4657_v6d29b_firmware *
hp pagewide_managed_p57750dw_j9v82c_firmware *
hp officejet_4652_f1j02a_firmware *
hp officejet_4652_f1j05b_firmware *
hp officejet_4654_f1j07b_firmware *
hp officejet_5742_b9s81a_firmware *
hp officejet_pro_8718_t0g47a_firmware *
hp officejet_pro_7745_t1p99a_firmware *
hp pagewide_pro_477dw_w2z53b_firmware *
hp officejet_6950_p4c86a_firmware *
hp officejet_pro_8710_m9l66a_firmware *
hp officejet_pro_6960_t0f32a_firmware *
hp officejet_258_n4l17a_firmware *
hp officejet_pro_8715_j6x76a_firmware *
hp pagewide_pro_477dn_d3q19a_firmware *
hp officejet_pro_6960_t0f38a_firmware *
hp officejet_pro_6960_j7k38a_firmware *
hp officejet_4650_e6g87a_firmware *
hp officejet_6960_t0f38a_firmware *
hp officejet_pro_8720_k7s35a_firmware *
hp officejet_4650_f9d37a_firmware *
hp pagewide_pro_477dw_d3q20d_firmware *
hp officejet_5741_b9s83a_firmware *
hp officejet_pro_8732m_t0g59a_firmware *
hp officejet_6960_t0f36a_firmware *
hp officejet_pro_6960_t0f30a_firmware *
hp officejet_pro_8725_m9l80a_firmware *
hp officejet_6950_p4c82a_firmware *
hp officejet_pro_8717_k7s38a_firmware *
hp officejet_pro_6970_t0f39a_firmware *
hp officejet_5746_t1p36a_firmware *
hp officejet_pro_6970_j7k41a_firmware *
hp officejet_5740_b9s76a_firmware *
hp officejet_4650_f1j03a_firmware *
hp officejet_4658_v6d28b_firmware *
hp officejet_pro_6970_t0f40a_firmware *
hp officejet_pro_6960_t0f36a_firmware *
hp officejet_pro_8732m_t0g56a_firmware *
hp officejet_pro_8720_d9l19a_firmware *
hp pagewide_pro_577dw_d3q21a_firmware *
hp officejet_6950_p4c85a_firmware *
hp officejet_pro_8720_k7s36a_firmware *
hp officejet_pro_8715_m9l70a_firmware *
hp pagewide_377dw_j9v80b_firmware *
hp officejet_pro_8732m_t0g57a_firmware *
hp pagewide_pro_577dw_d3q21c_firmware *
hp pagewide_pro_477dw_d3q20b_firmware *
hp officejet_pro_6970_t0f33a_firmware *
hp officejet_pro_8715_j6x80a_firmware *
hp officejet_250_cz992a_firmware *
hp officejet_pro_8719_t0g49a_firmware *
hp officejet_6950_t3p03a_firmware *
hp officejet_pro_8727_j7a29a_firmware *
hp officejet_pro_8740_d9l21a_firmware *
hp officejet_pro_8720_m9l74a_firmware *
hp pagewide_377dw_j9v80a_firmware *
hp officejet_252c_n4l18c_firmware *
hp officejet_pro_8725_k7s34a_firmware *
hp officejet_pro_8725_j7a28a_firmware *
hp officejet_pro_8747_k7s41a_firmware *
hp officejet_pro_6960_t0g25a_firmware *
hp officejet_252_n4l16c_firmware *
hp officejet_4654_k9v76a_firmware *
hp officejet_6950_p4c78a_firmware *
hp officejet_7512_k1z44a_firmware *
hp officejet_pro_8720_m9l75a_firmware *
hp pagewide_pro_477dn_d3q19d_firmware *
hp officejet_pro_6970_j7k36a_firmware *
hp officejet_pro_6835_j2d37a_firmware *
hp officejet_pro_6830_e3e02a_firmware *
hp officejet_pro_8710_m9l67a_firmware *
hp officejet_pro_6970_j7k34a_firmware *
hp officejet_pro_6970_j7k40a_firmware *
hp officejet_pro_8745_k7s43a_firmware *
hp officejet_pro_8716_j6x77a_firmware *
hp officejet_pro_8740_k7s42a_firmware *
hp officejet_pro_8712_t0g46a_firmware *
hp officejet_6960_t0f31a_firmware *
hp officejet_pro_6970_t0f29a_firmware *
hp officejet_pro_6830_m0f56a_firmware *
hp officejet_pro_8745_j6x83a_firmware *
hp officejet_4650_k9v85b_firmware *
hp officejet_4655_k9v82b_firmware *
hp officejet_4650_f1h96b_firmware *
hp officejet_4650_f1j04a_firmware *
hp officejet_5746_f8b09a_firmware *
hp officejet_6960_t0f28a_firmware *
hp officejet_6960_j7k37a_firmware *
hp officejet_pro_7740_g5j38a_firmware *
hp officejet_pro_6970_t0f35a_firmware *
hp officejet_pro_6970_j7k42a_firmware *
hp officejet_4650_k9v77a_firmware *
hp officejet_pro_8720_m9l76a_firmware *
hp officejet_4651_k9v83b_firmware *
hp officejet_pro_8743_t0g65a_firmware *
hp officejet_5744_b9s82a_firmware *
hp pagewide_managed_p57750dw_j9v82d_firmware *
CVE-2020-28419 MEDIUM

During installation with certain driver software or application packages an arbitrary code execution could occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp color_laserjet_pro_m255_firmware *
hp laserjet_p1600_firmware *
hp pagewide_color_755_firmware *
hp laserjet_managed_m605_firmware *
hp color_laserjet_enterprise_m552_firmware *
hp laserjet_pro_cm1415_mfp_firmware *
hp pagewide_managed_color_flow_mfp_e58650z_firmware *
hp laserjet_enterprise_m4555_mfp_firmware *
hp color_laserjet_pro_mfp_m176_firmware *
hp color_laserjet_managed_flow_mfp_e62675_firmware *
hp color_laserjet_managed_mfp_e67650_firmware *
hp pagewide_managed_color_p75250_firmware *
hp laserjet_enterprise_m606_firmware *
hp officejet_pro_7720_wide_format_firmware *
hp color_laserjet_pro_mfp_m282_firmware *
hp color_laserjet_enterprise_m855_firmware *
hp deskjet_3790_firmware *
hp laserjet_pro_300_color_mfp_m375_firmware *
hp officejet_managed_color_mfp_x585_firmware *
hp color_laserjet_pro_mfp_m477_firmware *
hp color_laserjet_pro_mfp_m183_firmware -
hp laserjet_pro_400_m401_firmware *
hp pagewide_managed_color_e55650_firmware *
hp deskjet_3630_firmware *
hp laserjet_pro_cp1525_firmware *
hp laserjet_enterprise_mfp_m527_firmware *
hp laserjet_pro_mfp_m126_firmware *
hp laserjet_managed_flow_mfp_m527z_firmware *
hp laserjet_pro_m118_firmware *
hp color_laserjet_pro_m156_firmware *
hp officejet_enterprise_color_mfp_x585_firmware *
hp laserjet_pro_300_color_mfp_printer_m351_firmware *
hp color_laserjet_managed_mfp_m775_firmware *
hp deskjet_3700_firmware *
hp laserjet_enterprise_600_m603 *
hp laserjet_managed_flow_mfp_m525_firmware *
hp color_laserjet_enterprise_m750_firmware *
hp color_laserjet_pro_mfp_m180_firmware *
hp color_laserjet_enterprise_flow_mfp_m680_firmware *
hp color_laserjet_pro_m252dw_firmware *
hp smart_tank_plus_650_wireless_firmware -
hp neverstop_laser_1020_firmware *
hp laserjet_pro_m225_firmware *
hp pagewide_enterprise_color_flow_mfp_785_firmware *
hp smart_tank_plus_550_wireless_firmware *
hp color_laserjet_pro_mfp_m181_firmware *
hp color_laserjet_managed_m651_firmware *
hp laserjet_managed_mfp_m725_firmware *
hp laserjet_pro_400_color_mfp_m475_firmware *
hp color_laserjet_managed_flow_mfp_m680_firmware *
hp laserjet_pro_mfp_m426_firmware *
hp laserjet_pro_mfp_m149_firmware *
hp laserjet_pro_mfp_m127_firmware *
hp color_laserjet_enterprise_mfp_m480 *
hp laserjet_enterprise_color_flow_mfp_m575_firmware *
hp deskjet_plus_ink_advantage_6400_firmware *
hp laserjet_pro_mfp_m29_firmware *
hp envy_5000_firmware *
hp laserjet_enterprise_m604_firmware *
hp laserjet_pro_m435_mfp_firmware *
hp color_laserjet_managed_flow_mfp_e67560_firmware *
hp deskjet_ink_advantage_3830_firmware *
hp laserjet_enterprise_700_color_mfp_m775_firmware *
hp deskjet_ink_advantage_2700_firmware *
hp laserjet_ultra_mfp_m230_firmware *
hp color_laserjet_pro_mfp_m277dw_firmware *
hp pagewide_managed_color_mfp_e58650dn_firmware *
hp color_laserjet_pro_mfp_m182_firmware *
hp color_laserjet_pro_mfp_m283_firmware *
hp laserjet_enterprise_mfp_m630_firmware *
hp envy_photo_7100_firmware *
hp color_laserjet_managed_mfp_e77422 *
hp laserjet_enterprise_flow_mfp_m525_firmware *
hp color_laserjet_pro_mfp_m281_firmware *
hp laserjet_pro_m403_firmware *
hp color_laserjet_managed_mfp_e67560_firmware *
hp laserjet_enterprise_flow_mfp_m630_firmware *
hp officejet_8010_firmware *
hp deskjet_ink_advantage_3700_firmware *
hp laserjet_pro_mfp_m427_firmware *
hp officejet_pro_9020_firmware *
hp color_laserjet_managed_flow_mfp_e67550_firmware *
hp color_laserjet_managed_mfp_e77428 *
hp color_laserjet_pro_mfp_m274n_firmware *
hp pagewide_managed_color_mfp_p77960_firmware *
hp laserjet_enterprise_mfp_m725_firmware *
hp laserjet_enterprise_m407_firmware *
hp deskjet_ink_advantage_ultra_5730_firmware *
hp laserjet_managed_flow_mfp_m830_firmware *
hp smart_tank_355_firmware *
hp color_laserjet_pro_m452nw_firmware *
hp laserjet_pro_400_n404dw_firmware *
hp laserjet_pro_m17_firmware *
hp ink_tank_wireless_410_firmware *
hp laserjet_pro_200_color_m251_firmware *
hp laserjet_enterprise_flow_mfp_m830_firmware *
hp officejet_pro_8210_firmware *
hp color_laserjet_pro_mfp_m177_firmware *
hp laserjet_managed_flow_mfp_e52545c_firmware *
hp laserjet_enterprise_m605_firmware *
hp officejet_enterprise_color_x555_firmware *
hp laserjet_enterprise_m806_firmware *
hp laserjet_managed_mfp_e72425_firmware *
hp laserjet_pro_mfp_m132_firmware *
hp laserjet_enterprise_600_m601_firmware *
hp pagewide_enterprise_color_mpf_780dn_firmware -
hp laserjet_pro_m402_firmware *
hp _laserjet_managed_mfp_e62665_firmware *
hp laserjet_enterprise_500_color_m551_firmware *
hp laserjet_enterprise_flow_mfp_m527z_firmware *
hp color_laserjet_pro_mfp_m277n_firmware *
hp color_laserjet_enterprise_flow_mfp_m577_firmware *
hp envy_6000_firmware *
hp laserjet_pro_m203_firmware *
hp color_laserjet_managed_flow_mfp_m880zm_firmware *
hp smart_tank_wireless_450_firmware *
hp color_laserjet_enterprise_m651_firmware *
hp color_laserjet_pro_m452dn_firmware *
hp laserjet_pro_m15_firmware *
hp laserjet_enterprise_500_mfp_m525f_firmware *
hp officejet_pro_7730_wide_format_firmware *
hp color_laserjet_enterprise_m856_firmware *
hp officejet_3830_firmware *
hp laserjet_managed_flow_mfp_e62575_firmware *
hp laserjet_enterprise_600_m601 -
hp laserjet_pro_m16_firmware *
hp deskjet_3755_firmware *
hp laserjet_managed_500_mfp_m525_firmware *
hp deskjet_2700_firmware *
hp laserjet_managed_mfp_m527_firmware *
hp officejet_8022_firmware *
hp color_laserjet_enterprise_m553_firmware *
hp deskjet_ink_advantage_2600_firmware *
hp laserjet_pro_m202_firmware *
hp laserjet_enterprise_managed_e42540_firmware *
hp deskjet_ink_advantage_5000_firmware *
hp color_laserjet_pro_mfp_m377_firmware *
hp color_laserjet_managed_e75245_firmware *
hp laserjet_pro_m206_firmware *
hp laserjet_pro_m1536_mfp_firmware *
hp laserjet_pro_mfp_m134_firmware *
hp deskjet_plus_ink_advantage_6000_firmware *
hp laserjet_managed_flow_mfp_m630_firmware *
hp laserjet_enterprise_m406_firmware *
hp envy_pro_6400_firmware *
hp color_laserjet_pro_m154_firmware *
hp laserjet_enterprise_700_m712_firmware *
hp officejet_pro_8020_firmware *
hp laserjet_pro_mfp_m226_firmware *
hp smart_tank_510_wireless_firmware *
hp laserjet_pro_mfp_m227_firmware *
hp laserjet_managed_mfp_e62555_firmware *
hp laserjet_pro_m201_firmware *
hp laserjet_managed_m506_firmware *
hp laserjet_pro_400_mfp_m425_firmware *
hp color_laserjet_managed_mfp_e67550_firmware *
hp laserjet_pro_400_color_m451_firmware *
hp color_laserjet_enterprise_flow_mfp_m880z_firmware *
hp laserjet_enterprise_m609_firmware *
hp color_laserjet_managed_mfp_e62655_firmware *
hp laserjet_pro_mfp_m31 *
hp pagewide_enterprise_color_mfp_586_firmware *
hp laserjet_managed_flow_mfp_e62555_firmware *
hp pagewide_enterprise_color_flow_mfp_586z_firmware *
hp officejet_6960_firmware *
hp color_laserjet_pro_m155_firmware *
hp ink_tank_310_firmware *
hp color_laserjet_pro_mfp_m476_firmware *
hp pagewide_managed_color_mfp_p77940_firmware *
hp color_laserjet_enterprise_mfp_m577_firmware *
hp color_laserjet_pro_mfp_m280_firmware *
hp laserjet_enterprise_m506_firmware *
hp color_laserjet_cm4540_mfp_firmware *
hp color_laserjet_enterprise_m455_firmware *
hp laserjet_p1100_firmware *
hp smart_tank_610_wireless_firmware *
hp laserjet_managed_flow_mfp_e62565_firmware *
hp laserjet_enterprise_600_m602_firmware *
hp laserjet_managed_mfp_e62565_firmware *
hp color_laserjet_managed_mfp_m680_firmware *
hp color_laserjet_pro_m452dw_firmware *
hp pagewide_enterprise_color_556_firmware *
hp pagewide_managed_color_e75160_firmware *
hp color_laserjet_enterprise_mfp_m680_firmware *
hp laserjet_pro_m521_mfp_firmware *
hp neverstop_laser_1200a_firmware *
hp laserjet_pro_mfp_m128_firmware *
hp laserjet_enterprise_500_color_mfp_m575_firmware *
hp laserjet_p1560_firmware *
hp laserjet_pro_m226_firmware *
hp laserjet_pro_mfp_m225_firmware *
hp neverstop_laser_1000_firmware *
hp laserjet_pro_mfp_m148_firmware *
hp pagewide_enterprise_color_flow_mfp_780f_firmware *
hp laserjet_pro_200_color_m276_firmware *
hp color_laserjet_managed_e85055_firmware *
hp officejet_6950_firmware *
hp laserjet_pro_mfp_m125_firmware *
hp deskjet_2600_firmware *
hp laserjet_managed_mfp_m630_firmware *
hp laserjet_enterprise_m608_firmware *
hp color_laserjet_managed_e45028_firmware *
hp laserjet_100_color_mfp_m175nw_firmware *
hp laserjet_enterprise_mfp_m528_firmware *
hp laserjet_enterprise_m607_firmware *
hp pagewide_managed_color_mfp_p77950_firmware *
hp color_laserjet_managed_m553_firmware *
hp deskjet_plus_4100_firmware *
hp laserjet_managed_mfp_e52545_firmware *
hp laserjet_pro_m501_firmware *
hp color_laserjet_pro_m252n_firmware *
hp laserjet_pro_mfp_m130_firmware *
hp envy_photo_7800_firmware *
hp laserjet_pro_500_color_mfp_m570_firmware *
hp officejet_pro_9010_firmware *
CVE-2020-6917 MEDIUM

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2020-6918 MEDIUM

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2020-6919 MEDIUM

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2020-6920 MEDIUM

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2020-6921 MEDIUM

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2020-6922 MEDIUM

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2020-6931 MEDIUM

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp print_and_scan_doctor *
CVE-2020-7130 MEDIUM

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hp oneview_global_dashboard 1.9
CVE-2020-7131 HIGH

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hp maintenance_entity *
hp blade_maintenance_entity *
hp integrated_maintenance_entity *
CVE-2020-7132 LOW

A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp onboard_administrator 4.85
CVE-2020-7133 HIGH

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hpe_iot_+_gcp 1.2.4.2
hp hpe_iot_+_gcp 1.4.0
hp hpe_iot_+_gcp 1.4.1
hp hpe_iot_+_gcp 1.4.2
CVE-2020-7134 MEDIUM

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hpe_iot_+_gcp 1.2.4.2
hp hpe_iot_+_gcp 1.4.0
hp hpe_iot_+_gcp 1.4.1
hp hpe_iot_+_gcp 1.4.2
CVE-2020-7135 MEDIUM

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp service_pack_for_proliant 2018.09.0
hp service_pack_for_proliant 2019.03.0
hp service_pack_for_proliant 2018.11.0
hp service_pack_for_proliant 2018.06.0
CVE-2020-7140 MEDIUM

A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp icewall_sso_dgfw 11.0
hp icewall_sso_dfw 11.0
CVE-2020-7141 HIGH

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7142 HIGH

A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7143 HIGH

A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7144 HIGH

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7145 HIGH

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7146 HIGH

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7147 HIGH

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7148 HIGH

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7149 HIGH

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7150 HIGH

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7151 HIGH

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7152 HIGH

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7153 HIGH

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7154 HIGH

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7155 HIGH

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7156 HIGH

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7157 HIGH

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7158 HIGH

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7159 HIGH

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7160 HIGH

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7161 HIGH

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7162 HIGH

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7163 HIGH

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7164 HIGH

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7165 HIGH

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7166 HIGH

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7167 HIGH

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7168 HIGH

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7169 HIGH

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7170 HIGH

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7171 HIGH

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7172 HIGH

A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7173 HIGH

A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7174 HIGH

A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7175 HIGH

A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7176 HIGH

A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7177 HIGH

A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7178 HIGH

A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7179 HIGH

A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7180 HIGH

A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7181 HIGH

A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7182 HIGH

A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7183 HIGH

A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7184 HIGH

A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7185 HIGH

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7186 HIGH

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7187 HIGH

A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7188 HIGH

A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7189 HIGH

A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7190 HIGH

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7191 HIGH

A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7192 HIGH

A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7193 HIGH

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7194 HIGH

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7195 HIGH

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
hp intelligent_management_center 7.3
hp intelligent_management_center *
CVE-2020-7196 MEDIUM

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
hp bluedata_epic *
hp ezmeral_container_platform 5.0
CVE-2020-7197 HIGH

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp storeserv_management_console *
CVE-2020-7198 MEDIUM

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp oneview 5.4
hp synergy_composer 5.3
hp synergy_composer 5.00.01
hp synergy_composer_2 5.0
hp synergy_composer_2 5.00.02
hp oneview 5.3
hp synergy_composer 5.4
hp synergy_composer 5.0
hp synergy_composer_2 5.3
hp oneview 5.2
hp oneview 5.0
hp oneview 5.00.02
hp synergy_composer 5.00.02
hp synergy_composer_2 5.00.01
hp synergy_composer_2 5.2
hp synergy_composer 5.2
hp oneview 5.00.01
hp oneview 5.20.01
hp synergy_composer_2 5.20.01
hp synergy_composer 5.20.01
hp synergy_composer_2 5.4
CVE-2020-7199 HIGH

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hp edgeline_infrastructure_manager *
CVE-2020-7200 HIGH

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp systems_insight_manager 7.6
CVE-2020-7201 MEDIUM

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hp storeever_msl2024_firmware *
hp storeever_1/8_g2_tape_autoloader_firmware *
CVE-2020-7202 MEDIUM

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2020-7203 HIGH

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ilo_amplifier_pack 1.70
CVE-2020-7206 HIGH

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
hp nagios-plugins-hpilo *
CVE-2020-7207 HIGH

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp synergy_480_gen10_firmware -
hp synergy_660_gen10_firmware -
hp proliant_xl170r_gen10_firmware -
hp proliant_bl460c_gen10_firmware -
hp apollo_4500_firmware -
hp proliant_dl380_gen10_firmware -
hp proliant_dl580_gen10_firmware -
hp proliant_ml110_gen10_firmware -
hp proliant_e910_firmware -
hp apollo_4200_gen10_firmware -
hp proliant_dl360_gen10_firmware -
hp proliant_dl180_gen10_firmware -
hp proliant_dl560_gen10_firmware -
hp proliant_xl230k_gen10_firmware -
hp proliant_xl270d_gen10_firmware -
hp proliant_ml350_gen10_firmware -
hp apollo_2000_firmware -
hp proliant_dl120_gen10_firmware -
hp proliant_dl160_gen10_firmware -
hp proliant_xl190r_gen10_firmware -
hp proliant_xl450_gen10_firmware -
CVE-2020-7208 MEDIUM

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp linuxki *
CVE-2020-7209 HIGH

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp linuxki *
CVE-2021-25139 HIGH

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hp moonshot_provisioning_manager 1.20
CVE-2021-25140 HIGH

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp moonshot_provisioning_manager 1.20
CVE-2021-26582 MEDIUM

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp icewall_sso_dgfw 11.0
hp icewall_sso_dgfw 10.0
CVE-2021-26583 HIGH

A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp ilo_amplifier_pack *
CVE-2021-26584 MEDIUM

A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp oneview_for_vmware_vcenter *
CVE-2021-26586 MEDIUM

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp edgeline_infrastructure_management *
CVE-2021-29201 LOW

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29202 MEDIUM

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29203 HIGH

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
hp edgeline_infrastructure_manager *
CVE-2021-29204 LOW

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29205 LOW

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29206 LOW

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29207 LOW

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29208 LOW

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29209 LOW

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29210 LOW

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29211 LOW

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2021-29212 HIGH

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hp ilo_amplifier_pack 1.90
hp ilo_amplifier_pack 1.95
hp ilo_amplifier_pack 1.81
hp ilo_amplifier_pack 1.80
CVE-2021-29214 MEDIUM

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp storeserv_management_console *
CVE-2021-29220 HIGH

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp ilo_amplifier_pack *
CVE-2021-3437

Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.

Products Affected

Vendor Product Version
hp omen_gaming_hub_sdk *
hp omen_gaming_hub *
CVE-2021-3438 MEDIUM

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
samsung xpress_sl-m2876_ss356a -
samsung clx-3305_ss096a -
samsung proxpress_sl-m4020_4pt7b -
samsung proxpress_sl-c4010_ss216j -
samsung multixpress_scx-8230_ss021a -
samsung scx-4835_sw020a -
samsung proxpress_sl-c3060_ss211e -
hp color_laser_mfp_170_4zb97a -
samsung ml-4512_ss142a -
samsung proxpress_sl-m4020_ss383l -
samsung scx-5737_sw045a -
samsung xpress_sl-m2675_ss334a -
samsung ml-5510_ss149a -
samsung ml-5510_sv898a -
samsung proxpress_sl-c4010_ss216n -
samsung proxpress_sl-m4530_ss398d -
samsung scx-4655_sv988a -
samsung proxpress_sl-c4010_ss216e -
samsung proxpress_sl-m3820_ss373j -
samsung multixpress_sl-k7400_ss037a -
samsung sf-760_ss199a -
hp laserjet_mfp_m42625_8af49a -
samsung clp-680_ss075a -
samsung scx-3406_sv298a -
hp laserjet_mfp_m437_7zb19a -
samsung proxpress_sl-c4010_ss216c -
samsung clx-3305_ss094a -
samsung proxpress_sl-c3060_ss211g -
samsung ml-3750_ss138a -
samsung ml-5015_ss147a -
samsung proxpress_sl-c3060_ss211n -
samsung proxpress_sl-m3875_ss380a -
samsung multixpress_sl-m5370_sw121a -
samsung proxpress_sl-m4020_ss383c -
samsung multixpress_sl-k2200_ss025a -
samsung proxpress_sl-m3825_ss376a -
hp laser_mfp_130_4zb89a -
samsung multixpress_clx-9251_sv719a -
samsung proxpress_sl-c4010_ss216m -
samsung ml-5510_ss152a -
samsung multixpress_sl-k4300_ss032a -
hp laserjet_mfp_m42625_8af52a -
hp laserjet_mfp_m433_1vr14a -
samsung multixpress_scx-8128_sw172a -
samsung proxpress_sl-m3820_ss373v -
samsung proxpress_sl-m3870_ss377a -
hp laser_mfp_130_4zb82a -
samsung ml-6510_sv899c -
samsung proxpress_sl-m3375fd_ss369a -
samsung proxpress_sl-m3825_ss375a -
samsung proxpress_sl-c3060_ss211p -
samsung proxpress_sl-c4010_ss216h -
samsung proxpress_sl-c4010_ss216l -
samsung proxpress_sl-m3820_ss373d -
samsung proxpress_sl-c4010_ss216v -
samsung clp-365_sw139a -
samsung proxpress_sl-m3820_ss371d -
samsung clp-775_ss078a -
samsung proxpress_sl-m3820_ss373h -
hp laser_mfp_130_4zb87a -
hp laserjet_mfp_m439_7zb22a -
samsung ml-5010_ss145a -
samsung xpress_sl-m2875_ss352a -
hp laser_mfp_130_4zb93a -
samsung proxpress_sl-m3820_ss373s -
hp laserjet_mfp_m439_7zb23a -
samsung scx-4521_sv967a -
samsung proxpress_sl-c3060_s221b -
samsung xpress_sl-c480_ss257a -
samsung xpress_sl-m2626_ss329a -
samsung proxpress_sl-m3820_ss371a -
samsung scx-3406_sv945a -
samsung sf-760_ss197a -
samsung xpress_sl-m2670_ss331a -
samsung multixpress_sl-x3220nr_ss043e -
samsung proxpress_sl-m3875_ss381a -
samsung scx-5635_sw041a -
samsung xpress_sl-c480_ss254a -
samsung proxpress_sl-m4560_ss400a -
samsung multixpress_sl-k4250_ss030a -
samsung proxpress_sl-m3375fd_ss369e -
samsung multixpress_sl-x7500_ss056a -
samsung scx-3405_ss162a -
samsung xpress_sl-m2625_ss327a -
hp laserjet_mfp_m442_8af71a -
samsung ml-5510_ss150a -
samsung proxpress_sl-m4075_ss392a -
samsung clx-3305_ss095a -
samsung xpress_sl-m2835_ss346a -
samsung multixpress_scx-8240_ss022a -
samsung proxpress_sl-c4010_ss215a -
samsung multixpress_sl-k7400_ss038a -
samsung scx-3405_ss159a -
hp laserjet_mfp_m440_8af46a -
samsung scx-5639_st676a -
samsung proxpress_sl-m3375fd_ss368f -
hp laser_mfp_130_5ue15a -
samsung multixpress_sl-k7600_ss041a -
samsung scx-4833_ss181a -
samsung proxpress_sl-m3820_ss371b -
samsung scx-3405_ss163a -
samsung proxpress_sl-c3010_ss210h -
samsung proxpress_sl-m4020_ss383x -
hp laserjet_mfp_m42625_8af50a -
samsung multixpress_sl-m4370_sw117a -
samsung proxpress_sl-m3820_ss373u -
samsung xpress_sl-c1860_ss205a -
samsung xpress_sl-m2620_ss323a -
hp laser_100_4zb81a -
samsung sf-760_ss196a -
hp laser_100_4zb79a -
samsung proxpress_sl-m4530_ss397g -
samsung xpress_sl-m2620_ss324a -
samsung proxpress_sl-m3820_ss373l -
samsung scx-4521_sv966a -
hp laser_100_5ue14a -
hp laser_mfp_130_4zb92a -
samsung clp-365_ss067a -
samsung xpress_sl-m2070_ss293a -
samsung multixpress_sl-k3300_ss028a -
samsung proxpress_sl-m4080_ss395a -
samsung scx-4521_sv969a -
samsung ml-6510_ss154a -
samsung proxpress_sl-c3060_ss211q -
samsung xpress_sl-m2820_ss340a -
samsung ml-5510_ss151a -
samsung scx-3406_sw127a -
hp laserjet_mfp_m436_w7u01a -
samsung multixpress_clx-9301_sw179a -
samsung xpress_sl-m2675_ss336a -
samsung proxpress_sl-m4025_ss387a -
samsung multixpress_scx-8128_ss018a -
samsung proxpress_sl-m4020_4pt87a -
samsung scx-4650_ss172a -
samsung proxpress_sl-c4010_ss216q -
hp laser_mfp_130_9vv52a -
samsung ml-6510_sv900a -
samsung proxpress_sl-c4060_ss218a -
samsung scx-5635_sw093a -
samsung proxpress_sl-m4070_ss390c -
samsung multixpress_clx-9301_ss007a -
samsung clp-775_ss079a -
samsung ml-5012_ss146a -
hp laserjet_mfp_m440_8af48a -
samsung proxpress_sl-m3820_ss373p -
samsung scx-4650_sb983a -
samsung proxpress_sl-c4010_ss216f -
samsung xpress_sl-m2070_ss294a -
samsung proxpress_sl-m3820_ss373b -
samsung scx-4835_sw021a -
hp laserjet_mfp_m438_8af45a -
hp laserjet_mfp_m443_8af72a -
samsung scx-4521_sv968a -
samsung xpress_sl-m2825_ss342a -
hp laserjet_mfp_m42625_8af51a -
samsung xpress_sl-m2825_ss343a -
samsung scx-4521_ss167a -
hp laser_mfp_130_4zb83a -
samsung xpress_sl-m2626_ss328a -
hp laser_408_7uq75a -
samsung proxpress_sl-c3010_ss210j -
samsung proxpress_sl-c4010_ss216z -
samsung sf-760_ss198a -
samsung xpress_sl-m2070_ss298a -
samsung proxpress_sl-m3325_ss367a -
samsung proxpress_sl-c4010_ss216u -
samsung xpress_sl-m2870_ss349a -
samsung xpress_sl-m2875_ss354a -
hp color_laser_150_4zb94a -
hp laser_mfp_130_4zb85a -
samsung scx-3400_sv938a -
samsung xpress_sl-m2620_ss322a -
samsung scx-3401_ss157a -
hp laser_mfp_130_6hu12a -
samsung multixpress_sl-k2200_ss024a -
samsung ml-6510_ss153a -
samsung scx-3406_sv946a -
samsung clx-6260_ss107a -
samsung proxpress_sl-m3375fd_ss369d -
samsung xpress_sl-m2880_ss358a -
samsung xpress_sl-m2876_ss355a -
samsung proxpress_sl-c3060_ss211j -
samsung scx-5637_ss182a -
hp laserjet_mfp_m439_7zb24a -
hp laserjet_mfp_m42523_7zb72a -
samsung proxpress_sl-m3820_ss373g -
hp laser_100_4zb80a -
samsung proxpress_sl-m3875_ss379a -
samsung proxpress_sl-c4010_ss216d -
hp laserjet_mfp_m436_2ky38a -
samsung proxpress_sl-c4010_ss216b -
samsung proxpress_sl-c3060_ss211f -
samsung proxpress_sl-m3820_ss373m -
samsung scx-4655_ss174a -
hp laserjet_mfp_m72625-m72630_2zn49a -
samsung proxpress_sl-c3060_ss211d -
samsung proxpress_sl-c3010_ss201c -
samsung proxpress_sl-m3820_ss373w -
hp laserjet_mfp_m440_8af47a -
samsung proxpress_sl-m4020_ss383y -
samsung proxpress_sl-m4030_ss388a -
samsung xpress_sl-m2671_ss332a -
samsung xpress_sl-m2625_ss326a -
samsung clp-560_sv612a -
samsung proxpress_sl-c4062_ss219a -
samsung proxpress_sl-m4072_ss391a -
samsung xpress_sl-m2820_ss339a -
hp color_laser_mfp_170_6hu09a -
samsung proxpress_sl-c3010_ss210l -
samsung proxpress_sl-c4010_ss216p -
samsung proxpress_sl-m4560_ss399a -
samsung proxpress_sl-c3010_ss210m -
samsung proxpress_sl-m3870_ss378a -
samsung proxpress_sl-c4010_ss216t -
samsung scx-4655_sv989a -
samsung xpress_sl-c430_ss230a -
samsung multixpress_scx-8128_ss019a -
samsung scx-4650_ss171a -
samsung scx-3401_sv393a -
samsung multixpress_sl-x7500_ss055a -
samsung proxpress_sl-m3875_ss382a -
samsung clp-366_sv600a -
samsung multixpress_sl-m4370_ss396a -
samsung proxpress_sl-c3010_ss210e -
samsung xpress_sl-c480_ss255a -
hp laser_100_209u7a -
samsung clx-6260_sw177a -
samsung xpress_sl-m2070_ss296a -
samsung proxpress_sl-m3820_ss373k -
samsung clx-6260_ss105a -
samsung clp-366_ss068a -
samsung proxpress_sl-c4010_ss216g -
samsung proxpress_sl-m4020_ss383k -
samsung scx-5737_ss183a -
samsung multixpress_sl-k4350_ss033a -
samsung multixpress_sl-k7500_ss039a -
samsung proxpress_sl-m3370_ss378a -
samsung ml-5017_ss148a -
samsung multixpress_sl-k4250_ss031a -
samsung multixpress_sl-x4250_ss048a -
samsung xpress_sl-m2826_ss344a -
samsung clp-360_ss062a -
samsung multixpress_sl-x7600_ss058a -
samsung multixpress_sl-m5360_ss403a -
samsung proxpress_sl-m3820_ss373n -
samsung ml-4510_ss141a -
hp laser_mfp_130_4zb86a -
samsung scx-3406_ss164a -
samsung xpress_sl-m2885_ss359a -
samsung scx-3405_ss161a -
samsung clp-560_sv611a -
samsung xpress_sl-m2070_ss297a -
samsung multixpress_sl-x7600_ss059a -
samsung proxpress_sl-c3060_ss211a -
samsung clx-6260_ss106a -
samsung proxpress_sl-c3060_ss211c -
samsung proxpress_sl-c3060_ss213c -
samsung proxpress_sl-m3820_ss373z -
hp laserjet_mfp_m42523_7ab26a -
samsung xpress_sl-c430_ss229a -
samsung xpress_sl-m2621_ss325a -
samsung xpress_sl-m2676_ss338a -
samsung clx-3300_sv677a -
samsung proxpress_sl-c3060_ss213a -
samsung scx-4833_ss180a -
samsung proxpress_sl-m3820_ss373e -
hp laserjet_mfp_m72625-m72630_2zn50a -
samsung proxpress_sl-c3060_ss213g -
samsung xpress_sl-m2020_ss272a -
samsung clp-368_sv601a -
samsung xpress_sl-m2676_ss337a -
samsung multixpress_sl-k7500_ss040a -
samsung proxpress_sl-m4025_ss386a -
samsung multixpress_scx-8240_st717a -
samsung proxpress_sl-c3010_ss210a -
samsung proxpress_sl-c3060_ss213e -
hp laser_mfp_130_4zb90a -
samsung proxpress_sl-m3820_ss373c -
samsung xpress_sl-m2871_ss350a -
samsung scx-3405_sv943a -
hp laser_mfp_130_4zb91a -
samsung multixpress_sl-x3280_ss044a -
samsung scx-3405_sw314a -
samsung proxpress_sl-m3375fd_ss369c -
samsung proxpress_sl-c3010_ss210b -
samsung multixpress_sl-m5370_ss404a -
samsung multixpress_clx-9301_sw152a -
samsung proxpress_sl-m3825_ss374a -
samsung multixpress_scx-8128_ss020a -
hp laserjet_mfp_m437_7zb20a -
samsung multixpress_sl-k7600_ss042a -
samsung proxpress_sl-m4580_ss402a -
samsung xpress_sl-m2670_ss330a -
samsung xpress_sl-m2875_ss353a -
samsung scx-3405_ss160a -
samsung proxpress_sl-m3375fd_ss369b -
samsung proxpress_sl-c3060_ss213b -
samsung scx-5635_sw040a -
samsung scx-5637_sw043a -
samsung multixpress_sl-x4300_ss049a -
samsung proxpress_sl-c4010_ss216s -
hp color_laser_mfp_170_4zb96a -
samsung ml-6510_sv901a -
samsung proxpress_sl-c3010_ss210f -
samsung proxpress_sl-c3060_ss211h -
samsung clx-3305_ss093a -
samsung proxpress_sl-m4075_ss393a -
samsung proxpress_sl-c4010_ss216a -
samsung proxpress_sl-m3820_ss373a -
samsung scx-3401_ss158a -
samsung proxpress_sl-c3010_ss210p -
samsung xpress_sl-m2675_ss335a -
samsung scx-4021_ss165a -
samsung proxpress_sl-c3010_ss210k -
samsung proxpress_sl-m3820_ss372c -
samsung proxpress_sl-c3010_ss209a -
hp laserjet_mfp_m438_8af44a -
samsung clx-6260_ss108a -
samsung xpress_sl-m2675_sw112a -
samsung proxpress_sl-c3010_ss210g -
samsung proxpress_sl-m3320nd_ss365a -
samsung multixpress_scx-8240_sw185a -
samsung xpress_sl-m3015_ss360a -
samsung scx-4521_ss168a -
samsung xpress_sl-m2875_ss351a -
samsung multixpress_clx-9251_ss005a -
hp laser_mfp_130_6hu11a -
samsung proxpress_sl-m4530_ss397e -
samsung proxpress_sl-m4024_ss385a -
samsung scx-5737_sw046a -
samsung xpress_sl-m2070_ss295a -
samsung proxpress_sl-m3820_ss371c -
hp laserjet_mfp_m437_7zb21a -
samsung proxpress_sl-m3820_ss373t -
samsung scx-4833_sw019a -
samsung clp-365_ss066a -
hp laserjet_mfp_m42523_7zb25a -
samsung proxpress_sl-c3060_ss213f -
samsung scx-3406_sv947a -
hp laser_mfp_130_4zb88a -
samsung proxpress_sl-c3060_ss211m -
samsung proxpress_sl-m3321_ss366a -
samsung proxpress_sl-c3010_ss210d -
samsung xpress_sl-m2870_ss348a -
samsung xpress_sl-m2821_ss341a -
hp color_laser_mfp_170_6hu08a -
hp laserjet_mfp_m438_8af43a -
samsung proxpress_sl-m3820_ss373f -
samsung proxpress_sl-m3820_ss373q -
samsung scx-3405_sw313a -
samsung proxpress_sl-c3060_ss211k -
hp color_laser_150_4zb95a -
hp laser_mfp_130_6hu10a -
samsung scx-3400_ss156a -
samsung clx-3300_ss088a -
samsung ml-5510_sv897a -
samsung sf-760_ss195a -
samsung xpress_sl-c480_ss256a -
samsung multixpress_sl-k3250_ss027e -
samsung proxpress_sl-c4012_ss217a -
samsung proxpress_sl-m4580_ss401a -
samsung xpress_sl-m2676_sw113a -
samsung proxpress_sl-c3060_ss213d -
samsung multixpress_sl-x7400_ss054a -
samsung scx-3400_ss155a -
hp laser_mfp_130_4zb84a -
samsung proxpress_sl-c3060_ss211l -
samsung proxpress_sl-c3060_ss213h -
samsung scx-4521_sv530a -
samsung multixpress_sl-x7400_ss053a -
samsung proxpress_sl-m3820_ss375b -
hp laserjet_mfp_m436_w7u02a -
samsung xpress_sl-m2876_ss357a -
samsung clp-680_ss076a -
samsung scx-4521_sw129a -
hp laser_mfp_432_7uq76a -
samsung proxpress_sl-m4070_ss389j -
samsung multixpress_sl-x4220_ss047a -
samsung proxpress_sl-c4010_ss216k -
samsung xpress_sl-m2671_ss333a -
samsung proxpress_sl-m4075_ss394a -
samsung xpress_sl-m2020_ss271a -
CVE-2021-3439

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp elitedesk_880_g2_tower_pc_firmware -
hp probook_470_g4_firmware *
hp zbook_15_g3_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware -
hp z_vr_backpack_g1_firmware -
hp 282_pro_g3_microtower_pc_firmware -
hp 280_pro_g6_microtower_(rom_family_ssid_8948)_firmware -
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware -
hp 290_g1_small_form_factor_(rom_family_ssid_843f)_firmware -
hp prodesk_600_g3_small_form_factor_pc_firmware -
hp elitebook_x360_1030_g4_firmware *
hp zbook_firefly_15_g7_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware -
hp elitebook_x360_1030_g2_firmware *
hp probook_440_g4_firmware *
hp elitedesk_880_g6_tower_pc_firmware -
hp mp9_g2_retail_system_firmware -
hp probook_470_g3_firmware *
hp 250_g7_firmware *
hp 406_microtower_pc_firmware -
hp prodesk_400_g6_microtower_pc_firmware -
hp 280_g4_small_form_factor_(rom_family_ssid_8768)_firmware -
hp probook_450_g3_firmware *
hp elitedesk_880_g3_tower_pc_firmware -
hp 288_pro_g6_microtower_(rom_family_ssid_877e)_firmware -
hp z2_small_form_factor_g4_firmware -
hp 280_pro_g4_microtower_(rom_family_ssid_843c)_firmware -
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp elitedesk_800_g2_tower_pc_firmware -
hp probook_x360_11_g5_education_edition_firmware *
hp elitebook_1030_g1_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware -
hp prodesk_680_g2_microtower_pc_firmware -
hp proone_440_g6_24_all-in-one_pc_firmware -
hp elitebook_836_g6_firmware *
hp 260_g4_desktop_mini_pc_firmware -
hp elitebook_1040_g4_firmware *
hp elitedesk_800_g6_tower_pc_firmware -
hp zhan_86_pro_g1_microtower_pc_firmware -
hp prodesk_600_g3_desktop_mini_pc_firmware -
hp zhan_66_pro_13_g2_firmware *
hp 348_g7_firmware *
hp mt21_thin_client_firmware -
hp elite_x2_1012_g1_tablet_firmware *
hp prodesk_480_g4_microtower_pc_firmware -
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware -
hp 280_g3_small_form_factor_(rom_family_ssid_843f)_firmware -
hp zbook_studio_x360_g5_firmware *
hp probook_430_g3_firmware *
hp 290_g1_microtower_pc_firmware -
hp mt22_thin_client_firmware -
hp prodesk_600_g4_desktop_mini_pc_firmware -
hp probook_x360_440_g1_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware -
hp 290_g2_small_form_factor_(rom_family_ssid_86e9)_firmware -
hp t638_thin_client_firmware -
hp elitebook_840r_g4_firmware *
hp zbook_15u_g5_firmware *
hp probook_430_g4_firmware *
hp elitebook_828_g4_firmware *
hp 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware -
hp elitebook_x360_1040_g8_firmware *
hp zbook_15_g4_firmware *
hp 288_pro_g4_microtower_(rom_family_ssid_843c)_firmware -
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware -
hp z2_tower_g4_firmware -
hp elitebook_folio_g1_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware -
hp prodesk_480_g5_microtower_pc_firmware -
hp 290_g4_microtower_(rom_family_ssid_8948)_firmware -
hp elitebook_850_g7_firmware *
hp engage_flex_pro-c_retail_system_firmware -
hp elitebook_840_g7_firmware *
hp 240_g7_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware -
hp elitebook_840_g6_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc_firmware -
hp proone_440_g3_(rom_family_ssid_81b7)_firmware -
hp probook_650_g7_firmware *
hp probook_640_g2_firmware *
hp 346_g3_firmware *
hp elitedesk_800_g4_tower_pc_firmware -
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware -
hp z840_workstation_firmware -
hp 250_g4_firmware -
hp 250_g6_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware -
hp z4_g4_workstation_(core-x)_firmware -
hp elitebook_x360_1040_g6_firmware *
hp prodesk_600_g3_microtower_pc_firmware -
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware -
hp prodesk_400_g5_desktop_mini_pc_firmware -
hp prodesk_600_g5_small_form_factor_pc_firmware -
hp z2_mini_g5_firmware -
hp zbook_17_g3_firmware *
hp 200_g4_22_all-in-one_pc_(rom_family_ssid_86f8)_firmware -
hp elitedesk_800_g5_tower_pc_firmware -
hp z2_small_form_factor_g5_firmware -
hp 258_g6_firmware *
hp elitebook_848_g3_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware -
hp zhan_66_pro_g3_22_all-in-one_pc_firmware -
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware -
hp mp9_g4_retail_system_firmware -
hp zhan_66_pro_14_g2_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware -
hp probook_640_g5_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware -
hp elitebook_x360_830_g5_firmware *
hp z440_workstation_firmware -
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp zhan_66_pro_g1_firmware *
hp elite_dragonfly_g2_firmware *
hp 280_g3_microtower_pc_firmware -
hp prodesk_400_g5_microtower_pc_firmware -
hp zbook_15_g6_firmware *
hp proone_490_g3_(rom_family_ssid_82dc)_firmware -
hp prodesk_400_g6_desktop_mini_pc_firmware -
hp probook_430_g6_firmware *
hp 348_g4_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware -
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware -
hp elitebook_x360_1030_g8_firmware *
hp 340_g7_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware -
hp elitebook_840_g3_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware -
hp 288_pro_g3_microtower_firmware -
hp z1_entry_tower_g6_firmware -
hp prodesk_600_g6_small_form_factor_pc_firmware -
hp probook_450_g5_firmware *
hp 250_g5_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware -
hp z1_entry_tower_g5_firmware -
hp elite_x2_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware -
hp proone_490_g3_(rom_family_ssid_81b7)_firmware -
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware -
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware -
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware -
hp probook_440_g8_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware -
hp elitedesk_880_g4_tower_pc_firmware -
hp elitebook_x360_1040_g7_firmware *
hp z238_microtower_firmware -
hp z8_g4_workstation_firmware -
hp z240_small_form_factor_firmware -
hp desktop_pro_300_g3_firmware -
hp 280_pro_g3_small_form_factor_(rom_family_ssid_843f)_firmware -
hp zbook_17_g5_firmware *
hp elitedesk_800_g4_workstation_edition_firmware -
hp t430_thin_client_firmware -
hp 240_g6_firmware *
hp elitebook_850_g5_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware -
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware -
hp probook_x360_11_g6_education_edition_firmware *
hp sprout_pro_by_g2_firmware -
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp elitebook_x360_1040_g5_firmware *
hp prodesk_600_g5_microtower_pc_firmware -
hp zbook_create_g7_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware -
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware -
hp probook_640_g3_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware -
hp prodesk_680_g3_microtower_pc_firmware -
hp z2_tower_g5_firmware -
hp elitebook_828_g3_firmware *
hp 205_g4_22_all-in-one_pc_(rom_family_ssid_86f8)_firmware -
hp prodesk_680_g4_microtower_pc_firmware -
hp zhan_66_pro_15_g2_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware -
hp z2_mini_g4_firmware -
hp elitebook_840_g4_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware -
hp prodesk_600_g2_small_form_factor_pc_firmware -
hp 200_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware -
hp 288_pro_g6_microtower_(rom_family_ssid_8948)_firmware -
hp zbook_15u_g4_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp zhan_86_pro_g2_microtower_(rom_family_ssid_843c)_firmware -
hp prodesk_600_g4_small_form_factor_pc_firmware -
hp zhan_66_pro_15_g3_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware -
hp 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f8)_firmware -
hp elitedesk_800_g5_desktop_mini_pc_firmware -
hp 282_pro_g6_microtower_(rom_family_ssid_8948)_firmware -
hp elitebook_840_g6_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware -
hp zbook_17_g6_firmware *
hp elitebook_1040_g3_firmware *
hp 256_g4_firmware -
hp 340_g5_firmware *
hp desktop_pro_g1_microtower_(rom_family_ssid_843c)_firmware -
hp 282_pro_g5_microtower_(rom_family_ssid_86e9)_firmware -
hp probook_x360_11_g2_education_edition_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware -
hp zcentral_4r_firmware -
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware -
hp zbook_14u_g5_firmware *
hp 246_g5_firmware -
hp 290_g2_small_form_factor_(rom_family_ssid_8768)_firmware -
hp 348_g3_firmware *
hp desktop_pro_microtower_pc_firmware -
hp prodesk_600_g6_microtower_pc_firmware -
hp engage_one_pro_aio_system_firmware -
hp 246_g7_firmware *
hp elite_slice_firmware -
hp elitedesk_800_g6_desktop_mini_pc_firmware -
hp proone_400_g6_24_all-in-one_pc_firmware -
hp zhan_99_pro_g1_microtower_(rom_family_ssid_843c)_firmware -
hp elitebook_846_g5_firmware *
hp stream_11_pro_g4_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware -
hp 290_g4_microtower_(rom_family_ssid_877e)_firmware -
hp probook_640_g4_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware -
hp probook_630_g8_firmware *
hp 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f8)_firmware -
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp z640_workstation_firmware -
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware -
hp probook_440_g5_firmware *
hp 256_g6_firmware *
hp 348_g5_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware -
hp 340_g3_firmware *
hp elitedesk_800_g2_small_form_factor_pc_firmware -
hp 280_g4_microtower_(rom_family_ssid_843c)_firmware -
hp probook_650_g3_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware -
hp elitedesk_800_g5_small_form_factor_pc_firmware -
hp elitebook_x360_1020_g2_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware -
hp eliteone_800_g6_24_all-in-one_pc_firmware -
hp elitebook_850_g6_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware -
hp 280_g4_small_form_factor_(rom_family_ssid_86e9)_firmware -
hp 280_g5_microtower_(rom_family_ssid_877e)_firmware -
hp probook_440_g6_firmware *
hp elite_x2_1012_g2_firmware *
hp 258_g7_firmware *
hp 280_g3_pci_microtower_pc_firmware -
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware -
hp 240_g5_firmware -
hp elitedesk_800_g3_tower_pc_firmware -
hp prodesk_400_g4_microtower_pc_firmware -
hp prodesk_600_g2_desktop_mini_pc_firmware -
hp rp9_g1_retail_system_firmware -
hp probook_470_g5_firmware *
hp 470_g7_firmware *
hp elitebook_1050_g1_firmware *
hp elite_x2_1013_g3_firmware *
hp zhan_66_pro_g1_microtower_pc_firmware -
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp elitebook_850_g3_firmware *
hp zbook_x2_g4_firmware *
hp probook_440_g3_firmware *
hp zhan_66_pro_14_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware -
hp elite_dragonfly_firmware *
hp desktop_pro_g3_firmware -
hp probook_650_g8_firmware *
hp engage_one_all-in-one_system_firmware -
hp 280_pro_g3_microtower_pc_firmware -
hp probook_450_g4_firmware *
hp 246_g4_firmware -
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware -
hp z240_tower_firmware -
hp elitebook_830_g7_firmware *
hp 218_pro_g5_microtower_pc_firmware *
hp 200_g3_all-in-one_(rom_family_ssid_84de)_firmware -
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp spectre_pro_x360_g2_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware -
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware -
hp 260_g3_desktop_mini_pc_firmware -
hp probook_650_g4_firmware *
hp prodesk_400_g7_microtower_pc_firmware -
hp desktop_pro_g2_firmware -
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware -
hp prodesk_680_g6_pci_microtower_pc_firmware -
hp pro_x2_612_g2_firmware *
hp mt20_thin_client_firmware -
hp zhan_x_13_g2_firmware *
hp zbook_14u_g4_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware -
hp prodesk_600_g6_desktop_mini_pc_firmware -
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware -
hp mt31_thin_client_firmware -
hp probook_446_g3_firmware *
hp z6_g4_workstation_firmware -
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware -
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp 290_g2_microtower_(rom_family_ssid_843c)_firmware -
hp z1_all-in-one_g3_firmware -
hp elite_slice_g2_with_zoom_rooms_firmware -
hp proone_440_g3_(rom_family_ssid_82dc)_firmware -
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware -
hp desktop_pro_g2_microtower_pc_firmware -
hp 200_g3_all-in-one_(rom_family_ssid_8431)_firmware -
hp 256_g5_firmware *
hp 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware -
hp prodesk_400_g5_small_form_factor_pc_firmware -
hp prodesk_600_g4_microtower_pc_firmware -
hp probook_650_g2_firmware *
hp elitedesk_880_g5_tower_pc_firmware -
hp spectre_pro_13_g1_firmware *
hp 340s_g7_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware -
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware -
hp zbook_17_g4_firmware *
hp z4_g4_workstation_(xeon_w)_firmware -
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware -
hp probook_430_g5_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware -
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp elitebook_x360_830_g7_firmware *
hp stream_11_pro_g5_firmware *
hp 205_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware -
hp prodesk_600_g6_pci_microtower_pc_firmware -
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware -
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware -
hp prodesk_600_g2_microtower_pc_firmware -
hp 340_g4_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware -
hp elitebook_830_g6_firmware *
hp elite_slice_for_meeting_rooms_firmware -
hp 346_g4_firmware *
hp 240_g4_firmware -
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp z2_mini_g3_firmware -
hp 282_pro_g4_microtower_(rom_family_ssid_843c)_firmware -
hp probook_11_g2_education_edition_firmware *
hp 280_g5_small_form_factor_(rom_family_ssid_86e9)_firmware -
hp 290_g3_(rom_family_ssid_86e9)_firmware -
hp zbook_15v_g5_mobile_workstation_firmware *
hp zbook_15_g5_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware -
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware -
hp prodesk_480_g6_microtower_pc_firmware -
hp zbook_firefly_14_g7_firmware *
hp desktop_pro_g3_microtower_firmware -
hp 256_g7_firmware *
hp engage_flex_pro_retail_system_firmware -
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware -
hp prodesk_400_g7_small_form_factor_pc_firmware -
hp probook_430_g7_firmware *
hp 246_g6_firmware *
hp zhan_66_pro_g1_r_microtower_pc_firmware -
hp 288_pro_g5_microtower_(rom_family_ssid_86e9)_firmware -
hp 260_g2_desktop_mini_firmware -
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp engage_gomobile_system_firmware -
CVE-2021-3440 MEDIUM

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp hp_smart *
CVE-2021-3441 LOW

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp officejet_7110_firmware *
CVE-2021-3661

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

Products Affected

Vendor Product Version
hp z2_mini_g5_firmware 01.03.00_rev_a
hp z2_mini_g3_firmware 01.83
hp z2_small_form_factor_g4_firmware 01.08.01
hp z2_tower_g4_firmware 01.08.01
hp z2_tower_g5_firmware 01.03.00_rev_a
hp z240_tower_firmware 01.83
hp z2_mini_g4_firmware 01.08.01
hp zcentral_4r_firmware 01.18
hp z2_tower_g8_firmware 01.03.00_rev_a
hp z240_small_form_factor_firmware 01.83
hp z6_g4_firmware 02.75
hp z640_firmware 2.58
hp z440_firmware 2.58
hp z2_small_form_factor_g8_firmware 01.03.00_rev_a
hp z8_g4_firmware 02.75
hp z238_microtower_firmware 01.83
hp z840_firmware 2.58
hp z4_g4_firmware 02.75
hp z1_all-in-one_g3_firmware 01.31
hp z2_small_form_factor_g5_firmware 01.03.00_rev_a
CVE-2021-3662 LOW

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp futuresmart_5 *
hp futuresmart_4 *
CVE-2021-3704 HIGH

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_j8h60a_firmware *
hp laserjet_pro_j8h61a_firmware *
CVE-2021-3705 HIGH

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_j8h60a_firmware *
hp laserjet_pro_j8h61a_firmware *
CVE-2021-3808

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Products Affected

Vendor Product Version
hp elitebook_1050_g1_firmware 01.19.00
hp elitebook_850_g5_firmware 01.19.00
hp hp_mt21_mobile_thin_client_firmware 01.21.01
hp zbook_studio_g5_firmware 01.19.00
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware 2.4
hp elite_x2_g4_firmware 01.12.00
hp probook_470_g4_firmware 1.41
hp probook_430_g6_firmware 01.19.00
hp elitebook_x360_1030_g2_firmware 1.41
hp pro_x2_612_g2_firmware 1.41
hp elitebook_x360_830_g6_firmware 01.12.00
hp elitebook_850_g4_firmware 1.41
hp elitedesk_800_g4_workstation_firmware 02.17.00
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware 2.4
hp probook_650_g5_firmware 01.12.00
hp hp_z2_mini_g4_firmware 01.08.01
hp eliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmware 2.4
hp elitebook_850_g6_firmware 01.12.00
hp probook_11_ee_g2_firmware 1.55
hp elitedesk_705_g4_small_form_factor_pc_firmware 02.12.00
hp hp_z2_tower_g5_firmware 01.04.02
hp prodesk_600_g5_small_form_factor_pc_firmware 02.11.00
hp elitebook_735_g5_firmware 01.20.00
hp elitedesk_800_g4_small_form_factor_pc_firmware 02.17.00
hp hp_mt44_mobile_thin_client_firmware 01.21.01
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware 02.18.00
hp probook_655_g3_firmware 1.4
hp zbook_17_g6_firmware 01.12.00
hp eliteone_800_g4_23.8-in_all-in-one_business_pc_firmware 02.18.00
hp elitebook_836_g5_firmware 01.19.00
hp elitebook_840r_g4_firmware 01.19.00
hp elitedesk_705_g4_desktop_mini_pc_firmware 02.17.00
hp probook_445_g6_firmware 01.19.00
hp elitebook_840_g4_firmware 1.41
hp engage_flex_pro-c_retail_system_firmware 02.17.00
hp zhan_66_pro_14_g2_firmware 01.19.00
hp elitebook_735_g6_firmware 01.19.00
hp elitebook_1040_g4_firmware 1.41
hp elitebook_828_g4_firmware 1.41
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware 02.17.00
hp zbook_x2_g4_firmware 1.41
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware 02.18.00
hp engage_go_mobile_system_firmware 01.19.00
hp elite_slice_g2_firmware 2.55
hp probook_x360_11_g2_ee_firmware 1.43
hp elitedesk_705_g4_microtower_pc_firmware 02.17.00
hp elitebook_x360_1030_g4_firmware 01.12.00
hp probook_450_g4_firmware 1.41
hp elitedesk_705_g4_workstation_firmware 02.17.00
hp zbook_14u_g6_firmware 01.12.00
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware 02.17.00
hp prodesk_480_g4_microtower_pc_firmware 2.4
hp elitebook_820_g4_firmware 1.41
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware 02.18.00
hp elitebook_x360_1040_g6_firmware 01.12.00
hp engage_flex_pro_retail_system_firmware 02.17.00
hp zhan_x_13_g2_firmware 01.12.00
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware 02.18.00
hp mp9_g4_retail_system_firmware 02.17.00
hp hp_mt31_mobile_thin_client_firmware 01.21.01
hp elitebook_836_g6_firmware 01.12.00
hp elitedesk_880_g4_tower_pc_firmware 02.17.00
hp zbook_studio_x360_g5_firmware 01.19.00
hp elitebook_745_g4_firmware 1.4
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware 2.4
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware 02.11.01
hp eliteone_800_g5_23.8-in_all-in-one_firmware 2.11.01
hp prodesk_600_g3_small_form_factor_pc_firmware 2.4
hp probook_445r_g6_firmware 01.19.00
hp prodesk_405_g4_small_form_factor_pc_firmware 02.12.00
hp probook_455_g4_firmware 1.4
hp elite_slice_firmware 2.55
hp elite_x2_1012_g2_firmware 1.41
hp zbook_17_g4_firmware 1.41
hp prodesk_480_g6_microtower_pc_firmware 02.11.00
hp elitedesk_705_g5_desktop_mini_pc_firmware 02.11.00
hp hp_z238_microtower_firmware 1.83
hp prodesk_480_g5_microtower_pc_firmware 02.17.00
hp elitebook_725_g4_firmware 1.4
hp elitebook_x360_1040_g5_firmware 01.19.00
hp probook_470_g5_firmware 01.20.00
hp zbook_14u_g4_firmware 1.41
hp probook_440_g5_firmware 01.20.00
hp elitedesk_800_g3_small_form_factor_pc_firmware 2.4
hp elite_x2_1013_g3_firmware 01.19.00
hp probook_640_g5_firmware 01.12.00
hp probook_x360_11_g3_ee_firmware 01.17.00
hp engage_one_aio_system_firmware 02.40.00
hp zbook_15u_g5_firmware 01.19.00
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware 02.11.01
hp prodesk_400_g6_small_form_factor_pc_firmware 02.11.00
hp prodesk_600_g3_microtower_pc_firmware 2.4
hp probook_645_g4_firmware 01.20.00
hp elitebook_840_g6_firmware 01.12.00
hp elitedesk_800_g4_tower_pc_firmware 02.17.00
hp elitebook_830_g6_firmware 01.12.00
hp elitebook_x360_830_g5_firmware 01.19.00
hp elitedesk_800_g5_tower_pc_firmware 02.11.00
hp prodesk_400_g4_desktop_mini_pc_firmware 02.18.00
hp elitedesk_705_g3_small_form_factor_pc_firmware 2.38
hp prodesk_405_g4_desktop_mini_pc_firmware 02.17.00
hp zbook_17_g5_firmware 01.19.00
hp elitedesk_705_g3_microtower_pc_firmware 2.38
hp zhan_66_pro_15_g2_firmware 01.19.00
hp prodesk_400_g4_small_form_factor_pc_firmware 2.4
hp probook_450_g6_firmware 01.19.00
hp probook_455_g5_firmware 01.20.00
hp hp_z2_mini_g5_firmware 01.04.02
hp probook_645_g3_firmware 1.4
hp probook_x360_440_g1_firmware 01.19.00
hp zbook_studio_g4_firmware 1.41
hp prodesk_400_g6_microtower_pc_firmware 02.11.00
hp zhan_66_pro_g1_firmware 01.20.00
hp prodesk_600_g4_small_form_factor_pc_firmware 02.18.00
hp zbook_15_g4_firmware 1.41
hp hp_z240_small_form_factor_firmware 1.83
hp probook_450_g5_firmware 01.20.00
hp hp_z2_small_form_factor_g5_firmware 01.04.02
hp elitebook_x360_1020_g2_firmware 1.41
hp probook_640_g4_firmware 01.20.00
hp prodesk_400_g5_microtower_pc_firmware 02.17.00
hp elitedesk_800_g5_small_form_factor_pc_firmware 02.11.00
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware 2.4
hp probook_650_g3_firmware 1.41
hp probook_455_g6_firmware 01.19.00
hp elitedesk_705_g5_small_form_factor_pc_firmware 02.11.00
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware 02.17.00
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware 02.17.00
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware 02.11.01
hp elitebook_840_g5_firmware 01.19.00
hp probook_650_g4_firmware 01.20.00
hp prodesk_400_g5_small_form_factor_pc_firmware 2.17
hp zbook_15u_g4_firmware 1.41
hp probook_440_g6_firmware 01.19.00
hp elitedesk_705_g3_desktop_mini_pc_firmware 2.38
hp prodesk_680_g3_microtower_pc_firmware 2.4
hp prodesk_600_g5_microtower_pc_firmware 02.11.00
hp probook_455r_g6_firmware 01.19.00
hp probook_640_g3_firmware 1.41
hp zbook_14u_g5_firmware 01.19.00
hp prodesk_600_g3_desktop_mini_pc_firmware 2.4
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware 02.11.01
hp elitebook_x360_1030_g3_firmware 01.19.00
hp probook_430_g5_firmware 01.20.00
hp zbook_15_g5_firmware 01.19.00
hp elitebook_755_g4_firmware 1.4
hp prodesk_600_g4_microtower_pc_firmware 02.17.00
hp elitebook_848_g4_firmware 1.41
hp probook_430_g4_firmware 1.41
hp hp_mt45_mobile_thin_client_firmware 01.21.01
hp elitedesk_800_g5_desktop_mini_pc_firmware 02.11.00
hp elitedesk_880_g5_tower_pc_firmware 02.11.00
hp hp_z2_tower_g4_firmware 01.08.01
hp elitebook_755_g5_firmware 01.20.00
hp elitebook_745_g5_firmware 01.20.00
hp zbook_15_g6_firmware 01.12.00
hp zhan_66_pro_13_g2_firmware 01.19.00
hp elitedesk_800_g3_tower_pc_firmware 2.4
hp hp_z1_entry_tower_g5_firmware 02.11.00
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware 2.4
hp prodesk_400_g5_desktop_mini_pc_firmware 02.11.00
hp prodesk_680_g4_microtower_pc_firmware 02.17.00
hp hp_z1_all-in-one_g3_firmware 1.31
hp hp_z2_mini_g3_firmware 1.83
hp hp_z240_tower_firmware 1.83
hp prodesk_600_g4_desktop_mini_pc_firmware 02.18.00
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware 2.4
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware 2.4
hp prodesk_600_g5_desktop_mini_pc_firmware 02.11.00
hp hp_z2_small_form_factor_g4_firmware 01.08.01
hp engage_go_10_mobile_system_firmware 01.08.00
hp elite_dragonfly_firmware 01.12.00
hp elitedesk_880_g3_tower_pc_firmware 2.4
hp prodesk_400_g3_desktop_mini_pc_firmware 2.4
hp prodesk_400_g4_microtower_pc_firmware 2.4
hp probook_x360_11_g4_ee_firmware 01.13.00
hp elitebook_846_g5_firmware 01.19.00
hp probook_440_g4_firmware 1.41
hp zbook_15u_g6_firmware 01.12.00
hp elitebook_745_g6_firmware 01.19.00
hp elitebook_830_g5_firmware 01.19.00
CVE-2021-3809

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Products Affected

Vendor Product Version
hp elitebook_1050_g1_firmware 01.19.00
hp elitebook_850_g5_firmware 01.19.00
hp hp_mt21_mobile_thin_client_firmware 01.21.01
hp zbook_studio_g5_firmware 01.19.00
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware 2.4
hp elite_x2_g4_firmware 01.12.00
hp probook_470_g4_firmware 1.41
hp probook_430_g6_firmware 01.19.00
hp elitebook_x360_1030_g2_firmware 1.41
hp pro_x2_612_g2_firmware 1.41
hp elitebook_x360_830_g6_firmware 01.12.00
hp elitebook_850_g4_firmware 1.41
hp elitedesk_800_g4_workstation_firmware 02.17.00
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware 2.4
hp probook_650_g5_firmware 01.12.00
hp hp_z2_mini_g4_firmware 01.08.01
hp eliteone_800_g3_23.8_non-touch_all-in-one_business_pc_firmware 2.4
hp elitebook_850_g6_firmware 01.12.00
hp probook_11_ee_g2_firmware 1.55
hp elitedesk_705_g4_small_form_factor_pc_firmware 02.12.00
hp hp_z2_tower_g5_firmware 01.04.02
hp prodesk_600_g5_small_form_factor_pc_firmware 02.11.00
hp elitebook_735_g5_firmware 01.20.00
hp elitedesk_800_g4_small_form_factor_pc_firmware 02.17.00
hp hp_mt44_mobile_thin_client_firmware 01.21.01
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware 02.18.00
hp probook_655_g3_firmware 1.4
hp zbook_17_g6_firmware 01.12.00
hp eliteone_800_g4_23.8-in_all-in-one_business_pc_firmware 02.18.00
hp elitebook_836_g5_firmware 01.19.00
hp elitebook_840r_g4_firmware 01.19.00
hp elitedesk_705_g4_desktop_mini_pc_firmware 02.17.00
hp probook_445_g6_firmware 01.19.00
hp elitebook_840_g4_firmware 1.41
hp engage_flex_pro-c_retail_system_firmware 02.17.00
hp zhan_66_pro_14_g2_firmware 01.19.00
hp elitebook_735_g6_firmware 01.19.00
hp elitebook_1040_g4_firmware 1.41
hp elitebook_828_g4_firmware 1.41
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware 02.17.00
hp zbook_x2_g4_firmware 1.41
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware 02.18.00
hp engage_go_mobile_system_firmware 01.19.00
hp elite_slice_g2_firmware 2.55
hp probook_x360_11_g2_ee_firmware 1.43
hp elitedesk_705_g4_microtower_pc_firmware 02.17.00
hp elitebook_x360_1030_g4_firmware 01.12.00
hp probook_450_g4_firmware 1.41
hp elitedesk_705_g4_workstation_firmware 02.17.00
hp zbook_14u_g6_firmware 01.12.00
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware 02.17.00
hp prodesk_480_g4_microtower_pc_firmware 2.4
hp elitebook_820_g4_firmware 1.41
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware 02.18.00
hp elitebook_x360_1040_g6_firmware 01.12.00
hp engage_flex_pro_retail_system_firmware 02.17.00
hp zhan_x_13_g2_firmware 01.12.00
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware 02.18.00
hp mp9_g4_retail_system_firmware 02.17.00
hp hp_mt31_mobile_thin_client_firmware 01.21.01
hp elitebook_836_g6_firmware 01.12.00
hp elitedesk_880_g4_tower_pc_firmware 02.17.00
hp zbook_studio_x360_g5_firmware 01.19.00
hp elitebook_745_g4_firmware 1.4
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware 2.4
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware 02.11.01
hp eliteone_800_g5_23.8-in_all-in-one_firmware 2.11.01
hp prodesk_600_g3_small_form_factor_pc_firmware 2.4
hp probook_445r_g6_firmware 01.19.00
hp prodesk_405_g4_small_form_factor_pc_firmware 02.12.00
hp probook_455_g4_firmware 1.4
hp elite_slice_firmware 2.55
hp elite_x2_1012_g2_firmware 1.41
hp zbook_17_g4_firmware 1.41
hp prodesk_480_g6_microtower_pc_firmware 02.11.00
hp elitedesk_705_g5_desktop_mini_pc_firmware 02.11.00
hp hp_z238_microtower_firmware 1.83
hp prodesk_480_g5_microtower_pc_firmware 02.17.00
hp elitebook_725_g4_firmware 1.4
hp elitebook_x360_1040_g5_firmware 01.19.00
hp probook_470_g5_firmware 01.20.00
hp zbook_14u_g4_firmware 1.41
hp probook_440_g5_firmware 01.20.00
hp elitedesk_800_g3_small_form_factor_pc_firmware 2.4
hp elite_x2_1013_g3_firmware 01.19.00
hp probook_640_g5_firmware 01.12.00
hp probook_x360_11_g3_ee_firmware 01.17.00
hp engage_one_aio_system_firmware 02.40.00
hp zbook_15u_g5_firmware 01.19.00
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware 02.11.01
hp prodesk_400_g6_small_form_factor_pc_firmware 02.11.00
hp prodesk_600_g3_microtower_pc_firmware 2.4
hp probook_645_g4_firmware 01.20.00
hp elitebook_840_g6_firmware 01.12.00
hp elitedesk_800_g4_tower_pc_firmware 02.17.00
hp elitebook_830_g6_firmware 01.12.00
hp elitebook_x360_830_g5_firmware 01.19.00
hp elitedesk_800_g5_tower_pc_firmware 02.11.00
hp prodesk_400_g4_desktop_mini_pc_firmware 02.18.00
hp elitedesk_705_g3_small_form_factor_pc_firmware 2.38
hp prodesk_405_g4_desktop_mini_pc_firmware 02.17.00
hp zbook_17_g5_firmware 01.19.00
hp elitedesk_705_g3_microtower_pc_firmware 2.38
hp zhan_66_pro_15_g2_firmware 01.19.00
hp prodesk_400_g4_small_form_factor_pc_firmware 2.4
hp probook_450_g6_firmware 01.19.00
hp probook_455_g5_firmware 01.20.00
hp hp_z2_mini_g5_firmware 01.04.02
hp probook_645_g3_firmware 1.4
hp probook_x360_440_g1_firmware 01.19.00
hp zbook_studio_g4_firmware 1.41
hp prodesk_400_g6_microtower_pc_firmware 02.11.00
hp zhan_66_pro_g1_firmware 01.20.00
hp prodesk_600_g4_small_form_factor_pc_firmware 02.18.00
hp zbook_15_g4_firmware 1.41
hp hp_z240_small_form_factor_firmware 1.83
hp probook_450_g5_firmware 01.20.00
hp hp_z2_small_form_factor_g5_firmware 01.04.02
hp elitebook_x360_1020_g2_firmware 1.41
hp probook_640_g4_firmware 01.20.00
hp prodesk_400_g5_microtower_pc_firmware 02.17.00
hp elitedesk_800_g5_small_form_factor_pc_firmware 02.11.00
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware 2.4
hp probook_650_g3_firmware 1.41
hp probook_455_g6_firmware 01.19.00
hp elitedesk_705_g5_small_form_factor_pc_firmware 02.11.00
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware 02.17.00
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware 02.17.00
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware 02.11.01
hp elitebook_840_g5_firmware 01.19.00
hp probook_650_g4_firmware 01.20.00
hp prodesk_400_g5_small_form_factor_pc_firmware 2.17
hp zbook_15u_g4_firmware 1.41
hp probook_440_g6_firmware 01.19.00
hp elitedesk_705_g3_desktop_mini_pc_firmware 2.38
hp prodesk_680_g3_microtower_pc_firmware 2.4
hp prodesk_600_g5_microtower_pc_firmware 02.11.00
hp probook_455r_g6_firmware 01.19.00
hp probook_640_g3_firmware 1.41
hp zbook_14u_g5_firmware 01.19.00
hp prodesk_600_g3_desktop_mini_pc_firmware 2.4
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware 02.11.01
hp elitebook_x360_1030_g3_firmware 01.19.00
hp probook_430_g5_firmware 01.20.00
hp zbook_15_g5_firmware 01.19.00
hp elitebook_755_g4_firmware 1.4
hp prodesk_600_g4_microtower_pc_firmware 02.17.00
hp elitebook_848_g4_firmware 1.41
hp probook_430_g4_firmware 1.41
hp hp_mt45_mobile_thin_client_firmware 01.21.01
hp elitedesk_800_g5_desktop_mini_pc_firmware 02.11.00
hp elitedesk_880_g5_tower_pc_firmware 02.11.00
hp hp_z2_tower_g4_firmware 01.08.01
hp elitebook_755_g5_firmware 01.20.00
hp elitebook_745_g5_firmware 01.20.00
hp zbook_15_g6_firmware 01.12.00
hp zhan_66_pro_13_g2_firmware 01.19.00
hp elitedesk_800_g3_tower_pc_firmware 2.4
hp hp_z1_entry_tower_g5_firmware 02.11.00
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware 2.4
hp prodesk_400_g5_desktop_mini_pc_firmware 02.11.00
hp prodesk_680_g4_microtower_pc_firmware 02.17.00
hp hp_z1_all-in-one_g3_firmware 1.31
hp hp_z2_mini_g3_firmware 1.83
hp hp_z240_tower_firmware 1.83
hp prodesk_600_g4_desktop_mini_pc_firmware 02.18.00
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware 2.4
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware 2.4
hp prodesk_600_g5_desktop_mini_pc_firmware 02.11.00
hp hp_z2_small_form_factor_g4_firmware 01.08.01
hp engage_go_10_mobile_system_firmware 01.08.00
hp elite_dragonfly_firmware 01.12.00
hp elitedesk_880_g3_tower_pc_firmware 2.4
hp prodesk_400_g3_desktop_mini_pc_firmware 2.4
hp prodesk_400_g4_microtower_pc_firmware 2.4
hp probook_x360_11_g4_ee_firmware 01.13.00
hp elitebook_846_g5_firmware 01.19.00
hp probook_440_g4_firmware 1.41
hp zbook_15u_g6_firmware 01.12.00
hp elitebook_745_g6_firmware 01.19.00
hp elitebook_830_g5_firmware 01.19.00
CVE-2021-3821

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

Products Affected

Vendor Product Version
hp futuresmart_5 *
CVE-2021-3919

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.

Products Affected

Vendor Product Version
hp omen_gaming_hub *
hp command_center *
CVE-2021-39237 LOW

Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp futuresmart_5 *
hp futuresmart_4 *
hp futuresmart_3 *
CVE-2021-39238 HIGH

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp futuresmart_5 *
hp futuresmart_4 *
hp futuresmart_3 *
CVE-2021-39297 HIGH

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp mp9_g4_retail_system_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp probook_440_g5_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp z6_g4_workstation_firmware *
hp probook_x360_11_g5_education_edition_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp 260_g3_desktop_mini_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp probook_440_g6_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp zbook_studio_x360_g5_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zhan_66_pro_14_g4_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp elitebook_850_g7_firmware *
hp elite_dragonfly_firmware *
hp probook_650_g8_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp zbook_studio_15_g8_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp prodesk_680_g4_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp elite_x2_g8_tablet_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp zhan_x_13_g2_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_power_15_g8_firmware *
hp zbook_studio_g7_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp zhan_66_pro_g1_firmware *
hp elite_dragonfly_g2_firmware *
hp zbook_15_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp probook_430_g6_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp elitebook_840_aero_g8_firmware *
hp zbook_firefly_14_g8_firmware *
hp zbook_firefly_15_g8_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp z1_entry_tower_g6_workstation_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp z1_entry_tower_g5_workstation_firmware *
hp z8_g4_workstation_firmware *
hp probook_430_g5_firmware *
hp probook_x360_11_g7_education_edition_firmware *
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp elitebook_x360_830_g7_firmware *
hp zbook_17_g5_firmware *
hp prodesk_600_g5_microtower_pc(with_pci_slot)_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_830_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp probook_x360_11_g6_education_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_600_g4_microtower_pc(with_pci_slot)_firmware *
hp elitebook_x360_1040_g5_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_430_g7_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp zbook_fury_17_g8_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp zbook_fury_15_g8_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
CVE-2021-39298 HIGH

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp mp9_g4_retail_system_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp probook_440_g5_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp z6_g4_workstation_firmware *
hp probook_x360_11_g5_education_edition_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp 260_g3_desktop_mini_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp probook_440_g6_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp zbook_studio_x360_g5_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zhan_66_pro_14_g4_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp elitebook_850_g7_firmware *
hp elite_dragonfly_firmware *
hp probook_650_g8_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp zbook_studio_15_g8_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp prodesk_680_g4_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp elite_x2_g8_tablet_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp zhan_x_13_g2_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_power_15_g8_firmware *
hp zbook_studio_g7_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp zhan_66_pro_g1_firmware *
hp elite_dragonfly_g2_firmware *
hp zbook_15_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp probook_430_g6_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp elitebook_840_aero_g8_firmware *
hp zbook_firefly_14_g8_firmware *
hp zbook_firefly_15_g8_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp z1_entry_tower_g6_workstation_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp z1_entry_tower_g5_workstation_firmware *
hp z8_g4_workstation_firmware *
hp probook_430_g5_firmware *
hp probook_x360_11_g7_education_edition_firmware *
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp elitebook_x360_830_g7_firmware *
hp zbook_17_g5_firmware *
hp prodesk_600_g5_microtower_pc(with_pci_slot)_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_830_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp probook_x360_11_g6_education_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_600_g4_microtower_pc(with_pci_slot)_firmware *
hp elitebook_x360_1040_g5_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_430_g7_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp zbook_fury_17_g8_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp zbook_fury_15_g8_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
CVE-2021-39299 HIGH

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp mp9_g4_retail_system_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp probook_440_g5_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp z6_g4_workstation_firmware *
hp probook_x360_11_g5_education_edition_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp 260_g3_desktop_mini_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp probook_440_g6_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp zbook_studio_x360_g5_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zhan_66_pro_14_g4_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp elitebook_850_g7_firmware *
hp elite_dragonfly_firmware *
hp probook_650_g8_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp zbook_studio_15_g8_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp prodesk_680_g4_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp elite_x2_g8_tablet_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp zhan_x_13_g2_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_power_15_g8_firmware *
hp zbook_studio_g7_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp zhan_66_pro_g1_firmware *
hp elite_dragonfly_g2_firmware *
hp zbook_15_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp probook_430_g6_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp elitebook_840_aero_g8_firmware *
hp zbook_firefly_14_g8_firmware *
hp zbook_firefly_15_g8_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp z1_entry_tower_g6_workstation_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp z1_entry_tower_g5_workstation_firmware *
hp z8_g4_workstation_firmware *
hp probook_430_g5_firmware *
hp probook_x360_11_g7_education_edition_firmware *
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp elitebook_x360_830_g7_firmware *
hp zbook_17_g5_firmware *
hp prodesk_600_g5_microtower_pc(with_pci_slot)_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_830_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp probook_x360_11_g6_education_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_600_g4_microtower_pc(with_pci_slot)_firmware *
hp elitebook_x360_1040_g5_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_430_g7_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp zbook_fury_17_g8_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp zbook_fury_15_g8_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
CVE-2021-39300 HIGH

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp mp9_g4_retail_system_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp probook_440_g5_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp z6_g4_workstation_firmware *
hp probook_x360_11_g5_education_edition_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp 260_g3_desktop_mini_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp probook_440_g6_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp zbook_studio_x360_g5_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zhan_66_pro_14_g4_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp elitebook_850_g7_firmware *
hp elite_dragonfly_firmware *
hp probook_650_g8_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp zbook_studio_15_g8_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp prodesk_680_g4_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp elite_x2_g8_tablet_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp zhan_x_13_g2_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_power_15_g8_firmware *
hp zbook_studio_g7_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp zhan_66_pro_g1_firmware *
hp elite_dragonfly_g2_firmware *
hp zbook_15_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp probook_430_g6_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp elitebook_840_aero_g8_firmware *
hp zbook_firefly_14_g8_firmware *
hp zbook_firefly_15_g8_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp z1_entry_tower_g6_workstation_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp z1_entry_tower_g5_workstation_firmware *
hp z8_g4_workstation_firmware *
hp probook_430_g5_firmware *
hp probook_x360_11_g7_education_edition_firmware *
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp elitebook_x360_830_g7_firmware *
hp zbook_17_g5_firmware *
hp prodesk_600_g5_microtower_pc(with_pci_slot)_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_830_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp probook_x360_11_g6_education_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_600_g4_microtower_pc(with_pci_slot)_firmware *
hp elitebook_x360_1040_g5_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_430_g7_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp zbook_fury_17_g8_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp zbook_fury_15_g8_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
CVE-2021-39301 HIGH

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp mp9_g4_retail_system_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp probook_440_g5_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp z6_g4_workstation_firmware *
hp probook_x360_11_g5_education_edition_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp 260_g3_desktop_mini_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_850_g6_firmware *
hp probook_440_g6_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp zbook_studio_x360_g5_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zhan_66_pro_14_g4_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp elitebook_850_g7_firmware *
hp elite_dragonfly_firmware *
hp probook_650_g8_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp zbook_studio_15_g8_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp prodesk_680_g4_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp elite_x2_g8_tablet_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp zhan_x_13_g2_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_power_15_g8_firmware *
hp zbook_studio_g7_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp zhan_66_pro_g1_firmware *
hp elite_dragonfly_g2_firmware *
hp zbook_15_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp probook_430_g6_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp elitebook_840_aero_g8_firmware *
hp zbook_firefly_14_g8_firmware *
hp zbook_firefly_15_g8_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp z1_entry_tower_g6_workstation_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp z1_entry_tower_g5_workstation_firmware *
hp z8_g4_workstation_firmware *
hp probook_430_g5_firmware *
hp probook_x360_11_g7_education_edition_firmware *
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp elitebook_x360_830_g7_firmware *
hp zbook_17_g5_firmware *
hp prodesk_600_g5_microtower_pc(with_pci_slot)_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_830_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp probook_x360_11_g6_education_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_600_g4_microtower_pc(with_pci_slot)_firmware *
hp elitebook_x360_1040_g5_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_430_g7_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp zbook_fury_17_g8_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp zbook_fury_15_g8_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
CVE-2021-3942

Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.

Products Affected

Vendor Product Version
hp designjet_z6_t8w18a_firmware *
hp deskjet_2700_7fr61a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u69a_firmware -
hp color_laserjet_managed_mfp_e77426_5cm75a_firmware -
hp designjet_z9_w3z71a_firmware *
hp laserjet_tank_mfp_2603_381u5a_firmware -
hp laserjet_managed_mfp_m725_cf068a_firmware -
hp laserjet_mfp_m237_6gx05a_firmware -
hp laserjet_tank_1503_2r3e1a_firmware -
hp laserjet_m207_9yf85a_firmware -
hp laserjet_pro_mfp_m29_y5s50a_firmware -
hp laserjet_managed_mfp_e62665_3gy18a_firmware -
hp scanjet_enterprise_8500_fn1_l2717a_firmware -
hp laserjet_mfp_m237_9yg09a_firmware -
hp laserjet_mfp_m141_7md70a_firmware -
hp laserjet_mfp_m131_g3q58a_firmware -
hp envy_6000_8qq97a_firmware -
hp laserjet_mfp_m233_9yf92a_firmware -
hp color_laserjet_pro_mfp_m183_7kw55a_firmware -
hp laserjet_managed_mfp_e82550_x3a71a_firmware -
hp laserjet_mfp_m233e_6gx00e_firmware -
hp color_laserjet_managed_mfp_e77830_x3a80a_firmware -
hp deskjet_3700_2fy93a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr97a_firmware -
hp smart_tank_7000_28b54a_firmware -
hp color_laserjet_pro_mfp_m377_cf378a_firmware -
hp designjet_t1708_1vd86a_firmware -
hp smart_tank_670_28c13a_firmware -
hp deskjet_2700_7fr57a_firmware -
hp pagewide_xl_4700_4vw15f_firmware -
hp laserjet_managed_mfp_e82550_az8z20a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm63a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z19_firmware -
hp designjet_z6_t8w16d_firmware *
hp deskjet_plus_4100_7fs87d_firmware -
hp color_laserjet_managed_mfp_flow_e87660_z8z13a_firmware -
hp officejet_pro_8030e_4kj65a_firmware -
hp color_laserjet_pro_mfp_m277_b3q10a_firmware -
hp pagewide_color_mfp_779_4pz45a_firmware -
hp laserjet_tank_1020_381v5a_firmware -
hp color_laserjet_pro_mfp_m285_7kw73a_firmware -
hp designjet_xl_3600_mfp_6kd26h_firmware -
hp laserjet_mfp_m132_g3q62a_firmware -
hp laserjet_mfp_m236_9yf91a_firmware -
hp laserjet_m208_6gw62a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a80a_firmware -
hp laserjet_managed_mfp_e62555_j8j67a_firmware -
hp color_laserjet_pro_mfp_m280_t6b81a_firmware -
hp laserjet_m110_2u587a_firmware -
hp designjet_z9+_pro_2rm82f_firmware -
hp laserjet_pro_m403_f6j41a_firmware -
hp color_laserjet_managed_e65050_l3u57a_firmware -
hp laserjet_pro_m706_k9g91a_firmware -
hp laserjet_mfp_m234_6gx00a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z60a_firmware -
hp color_laserjet_managed_mfp_e77427_5rc91a_firmware -
hp laserjet_pro_mfp_m148_4pa41a_firmware -
hp laserjet_mfp_m139_7md74a_firmware -
hp color_laserjet_pro_mfp_m274_b3q11a_firmware -
hp laserjet_enterprise_m605_e6b69a_firmware -
hp laserjet_pro_m304_w1a46a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a75a_firmware -
hp designjet_t1700_w6b56c_firmware *
hp laserjet_mfp_m237_6gx00a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a75a_firmware -
hp color_laserjet_pro_m254_t6b63a_firmware -
hp laserjet_mfp_m232e_9yg02e_firmware -
hp laserjet_enterprise_mfp_m521pv49a_firmware -
hp laserjet_managed_mfp_e82550_z8z23a_firmware -
hp laserjet_tank_mfp_2604_381u5a_firmware -
hp color_laserjet_pro_mfp_m183_7kw57a_firmware -
hp officejet_3830_k7v37a_firmware -
hp laserjet_m207_9yf83a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs29a_firmware -
hp laserjet_enterprise_700_color_mfp_m775_l3u50a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z07a_firmware -
hp laserjet_mfp_m228_q3q75a_firmware -
hp color_laserjet_enterprise_m652_j7z99a_firmware -
hp laserjet_m204_g3q47a_firmware -
hp laserjet_mfp_m233_6gx00a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs50a_firmware -
hp laserjet_m104_g3q36a_firmware -
hp laserjet_managed_mfp_e72525_x3a62a_firmware -
hp laserjet_pro_mfp_m427_f6w15a_firmware -
hp deskjet_plus_4100_3xv14c_firmware -
hp color_laserjet_managed_mfp_e78323_8pe95a_firmware -
hp designjet_xl_3600_mfp_6kd25g_firmware -
hp laserjet_m111_2u587a_firmware -
hp designjet_t1700_w6b55a_firmware -
hp laserjet_mfp_m235_6gx00a_firmware -
hp laserjet_pro_mfp_m148_4pa44a_firmware -
hp color_laserjet_enterprise_m553_b5l38a_firmware *
hp laserjet_mfp_m234_9yf97a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_z8z13a_firmware -
hp laserjet_mfp_m129_g3q57a_firmware -
hp laserjet_mfp_m237_9yf91a_firmware -
hp color_laserjet_m455_39z95a_firmware *
hp designjet_xl_3600_mfp_6kd25l_firmware -
hp laserjet_tank_2506_2r3e3a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z22a_firmware -
hp laserjet_tank_2504_2r3e3a_firmware -
hp pagewide_xl_5200_4vw16a_firmware -
hp laserjet_managed_mfp_e82540_z8z19_firmware -
hp color_laserjet_managed_mfp_flow_e87640_z8z17a_firmware -
hp deskjet_ink_advantage_3700_t8w37a_firmware -
hp laserjet_pro_mfp_m28_y5s54a_firmware -
hp pagewide_pro_772dw_w1b31a_firmware -
hp envy_6400e_223r3a_firmware -
hp laserjet_m110e_2u584e_firmware -
hp laserjet_tank_mfp_2602_2r7f5a_firmware -
hp designjet_t1700_w6b55g_firmware -
hp laserjet_m208e_6gw62er_firmware -
hp color_laserjet_managed_mfp_e87640du_5fm82a_firmware -
hp color_laserjet_managed_e65150_3gy04a_firmware -
hp laserjet_managed_mfp_e62665_3gy16a_firmware -
hp officejet_pro_9010e_257g3a_firmware -
hp laserjet_m110e_2u587e_firmware -
hp officejet_pro_6960_t0f31a_firmware -
hp designjet_z6_t8w15b_firmware *
hp laserjet_mfp_m141_7md72a_firmware -
hp laserjet_tank_mfp_1603_2r3e8a_firmware -
hp laserjet_m211e_6gw62er_firmware -
hp laserjet_mfp_m235e_6gx00e_firmware -
hp laserjet_managed_mfp_e72530_z8z010a_firmware -
hp smart_tank_790_28b97a_firmware -
hp laserjet_enterprise_m506_f2a71a_firmware -
hp laserjet_mfp_m139_7md70f_firmware -
hp laserjet_enterprise_700_color_mfp_m775_cc522a_firmware -
hp pagewide_xl_4200_4vw13a_firmware -
hp laserjet_enterprise_mfp_m527_f2a76a_firmware -
hp color_laserjet_pro_mfp_m284_7kw77a_firmware -
hp officejet_pro_8740_k7s41a_firmware -
hp laserjet_managed_mfp_m725_l3u63a_firmware -
hp color_laserjet_pro_m155_7kw50a_firmware -
hp color_laserjet_pro_mfp_m185_7kw58a_firmware -
hp pagewide_managed_p75050dn_w1b29a_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u69a_firmware -
hp color_laserjet_pro_m153_t6b54a_firmware -
hp pagewide_xl_8200_4vw18fb_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z04a_firmware -
hp smart_tank_7000_2h0a6a_firmware -
hp laserjet_m111_7md68a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs37a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs44a_firmware -
hp laserjet_enterprise_flow_mfp_m632_j8j70a_firmware -
hp laserjet_managed_m506_f2a67a_firmware -
hp officejet_pro_6960_t0f32a_firmware -
hp pagewide_managed_color_mfp_p77950_2gp26a_firmware -
hp officejet_pro_8710_d9l18a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm79a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a72a_firmware -
hp smart_tank_plus_550_3yw71a_firmware -
hp color_laserjet_pro_mfp_m185_7kw55a_firmware -
hp laserjet_tank_mfp_2603_381u1a_firmware -
hp laserjet_m212_6gw61a_firmware -
hp laserjet_m102_g3q35a_firmware -
hp laserjet_tank_2502_381v4a_firmware -
hp designjet_xl_3600_mfp_6kd23m_firmware -
hp color_laserjet_pro_mfp_m280_t6b80a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r63a_firmware -
hp envy_inspire_7900e_31k15d_firmware -
hp laserjet_mfp_m133_g3q59a_firmware -
hp designjet_xl_3600_mfp_6kd25a_firmware -
hp laserjet_mfp_m236e_9yg05e_firmware -
hp laserjet_mfp_m237_9yf88a_firmware -
hp laserjet_managed_m605_e6b71a_firmware -
hp color_laserjet_pro_m154_t6b51a_firmware -
hp officejet_pro_8710_j6x79a_firmware -
hp laserjet_mfp_m235e_9yf91e_firmware -
hp color_laserjet_pro_m256_7kw66a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z09a_firmware -
hp laserjet_pro_200_color_mfp_m276_cf144a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z00a_firmware -
hp laserjet_pro_mfp_m149_4pa41a_firmware -
hp laserjet_managed_mfp_e72535_z8z09a_firmware -
hp laserjet_managed_mfp_e82550_x3a72a_firmware -
hp laserjet_mfp_m229_q3q75a_firmware -
hp laserjet_mfp_m233e_6gx05e_firmware -
hp laserjet_mfp_m233_9yg02a_firmware -
hp officejet_250_l9d57a_firmware -
hp laserjet_mfp_m236e_6gx01a_firmware -
hp laserjet_mfp_m232_9yg09a_firmware -
hp color_laserjet_pro_mfp_m283_7kw76a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_x3a93a_firmware -
hp color_laserjet_managed_mfp_e78225_19gsaw_firmware -
hp laserjet_m111a_7md65a_firmware -
hp scanjet_enterprise_flow_n9120_fn2_l2763a_firmware -
hp color_laserjet_m552_b5l23a_firmware *
hp designjet_xl_3600_mfp_6kd26n_firmware -
hp designjet_z6_t8w18f_firmware *
hp officejet_pro_6970_j7k40a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z01a_firmware -
hp color_laserjet_pro_m154_t6b46a_firmware -
hp pagewide_color_mfp_774_4pz43a_firmware -
hp color_laserjet_pro_mfp_m274_m6d61a_firmware -
hp officejet_pro_6960_t0f30a_firmware -
hp color_laserjet_managed_mfp_e78323_9rt92a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z00a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a81a_firmware -
hp laserjet_tank_mfp_2604_381u6a_firmware -
hp color_laserjet_managed_flow_e77426_5rc91a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm66a_firmware -
hp officejet_pro_8030_3uc64a_firmware -
hp laserjet_m111e_2u587e_firmware -
hp color_laserjet_enterprise_m553_b5l27a_firmware *
hp laserjet_mfp_m237e_9yg05e_firmware -
hp laserjet_managed_e60055_m0p35a_firmware -
hp color_laserjet_pro_mfp_m281_t6b84a_firmware -
hp smart_tank_610_y0f72a_firmware -
hp color_laserjet_managed_e55040dw_3gx98a_firmware -
hp laserjet_managed_mfp_e72430_5cm71a_firmware -
hp laserjet_m211_9yf83a_firmware -
hp designjet_xl_3600_mfp_6kd25n_firmware -
hp laserjet_tank_2503_381v4a_firmware -
hp laserjet_enterprise_mfp_m632_j8j72a_firmware -
hp laserjet_m109_7md68a_firmware -
hp laserjet_mfp_m237e_6gx09a_firmware -
hp color_laserjet_enterprise_m553_b5l25a_firmware *
hp color_laserjet_managed_flow_mfp_e77822_z8z0a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_x3a92a_firmware -
hp color_laserjet_pro_mfp_m478_w1a78a_firmware -
hp laserjet_mfp_m233_9yf89a_firmware -
hp laserjet_mfp_m232_9yf96a_firmware -
hp laserjet_mfp_m134_g3q57a_firmware -
hp pagewide_xl_3920_4vw11a_firmware *
hp laserjet_managed_mfp_e82560_x3a68a_firmware -
hp laserjet_tank_mfp_2602_381u7a_firmware -
hp laserjet_m106_g3q39a_firmware -
hp laserjet_m104_g3q37a_firmware -
hp designjet_z9_w3z71b_firmware *
hp laserjet_pro_m305_w1a46a_firmware -
hp designjet_z9_w3z71h_firmware *
hp color_laserjet_enterprise_mfp_m480_3qa55a_firmware -
hp officejet_pro_8030_5lj18a_firmware -
hp laserjet_tank_mfp_2603_381u8a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z00a_firmware -
hp color_laserjet_managed_mfp_m775_cc523a_firmware -
hp laserjet_pro_m403_c5f96a_firmware -
hp color_laserjet_managed_mfp_e87640du_5fm81a_firmware -
hp laserjet_mfp_m235_9yf88a_firmware -
hp smart_tank_510_3yw73a_firmware -
hp laserjet_mfp_m141e_7md70e_firmware -
hp deskjet_3630_k4t96a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp23a_firmware -
hp color_laserjet_managed_flow_e77425_5cm79a_firmware -
hp laserjet_managed_flow_mfp_e62675_firmware -
hp laserjet_m110a_2u586a_firmware -
hp designjet_xl_3600_mfp_6kd26g_firmware -
hp laserjet_managed_mfp_m725_l3u64a_firmware -
hp laserjet_enterprise_700_color_mfp_m775_cf304a_firmware -
hp laserjet_mfp_m236e_6gx00e_firmware -
hp color_laserjet_pro_m154_t6b54a_firmware -
hp laserjet_mfp_m142_7md76a_firmware -
hp laserjet_pro_m701_b6s02a_firmware -
hp laserjet_pro_m14_y5s47a_firmware -
hp smart_tank_720_28y90a_firmware -
hp color_laserjet_m578_mfp_7zu86a_firmware *
hp smart_tank_6000_2h1w1a_firmware -
hp officejet_pro_8030e_5lj15a_firmware -
hp laserjet_enterprise_m406_3pz15a_firmware -
hp deskjet_2700_5ar84a_firmware -
hp color_laserjet_managed_mfp_e77424_5rc91a_firmware -
hp envy_6000e_2k4w2a_firmware -
hp laserjet_mfp_m233_6gw71a_firmware -
hp laserjet_mfp_m236_9yf92a_firmware -
hp color_laserjet_managed_m553_b5l25a_firmware *
hp envy_inspire_7900e_31k29d_firmware -
hp color_laserjet_managed_mfp_e78223_8gs43a_firmware -
hp color_laserjet_managed_m553_b5l26a_firmware *
hp color_laserjet_managed_mfp_e77822_z8z05a_firmware -
hp laserjet_managed_mfp_e82550_z8z22a_firmware -
hp laserjet_mfp_m133_g3q66a_firmware -
hp laserjet_tank_mfp_2605_381v1a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z01a_firmware -
hp laserjet_pro_mfp_m31_y5s50a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z66a_firmware -
hp color_laserjet_pro_mfp_m281_t6b86a_firmware -
hp laserjet_managed_mfp_e72430_5cm69a_firmware -
hp laserjet_pro_m225_cf497a_firmware -
hp color_laserjet_pro_mfp_m283_7kw74a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a71a_firmware -
hp laserjet_tank_mfp_2605_381u2a_firmware -
hp laserjet_mfp_m140_1y7d4a_firmware -
hp color_laserjet_managed_mfp_e87650du_5cm64a_firmware -
hp laserjet_enterprise_mfp_m635_7ps97a_firmware -
hp smart_tank_7600_28b98a_firmware -
hp smart_tank_750_28b71a_firmware -
hp color_laserjet_managed_flow_ee77426_5rc92a_firmware -
hp laserjet_mfp_m233_6gx05a_firmware -
hp officejet_6950_p4c86a_firmware -
hp laserjet_pro_m501_j8h60a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a84a_firmware -
hp deskjet_ink_advantage_3630_k4u07a_firmware -
hp officejet_pro_9020_1mr75a_firmware -
hp designjet_t1700_w6b56h_firmware -
hp laserjet_pro_m226_cf497a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_z8z14a_firmware -
hp laserjet_mfp_m233_9yg09a_firmware -
hp laserjet_m208_9yf83a_firmware -
hp color_laserjet_pro_mfp_m282_7kw76a_firmware -
hp laserjet_tank_mfp_2606_381u5a_firmware -
hp color_laserjet_enterprise_m751_t3u43a_firmware -
hp deskjet_2700_7fr52a_firmware -
hp designjet_xl_3600_mfp_6kd26f_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a63a_firmware -
hp officejet_pro_6970_t0f40a_firmware -
hp laserjet_pro_m702_k9g90a_firmware -
hp smart_tank_720_28b49a_firmware -
hp color_laserjet_pro_m454_w1y40a_firmware -
hp smart_tank_7300_28b75a_firmware -
hp color_laserjet_managed_mfp_m775_cc524a_firmware -
hp deskjet_plus_4100_7fs83d_firmware -
hp officejet_pro_8020_1kr61a_firmware -
hp smart_tank_7600_2g9q9a_firmware -
hp laserjet_pro_mfp_m29_w2g57a_firmware -
hp officejet_pro_8020_5lj17a_firmware -
hp smart_tank_670_28c15a_firmware -
hp laserjet_m205_g3q46a_firmware -
hp laserjet_mfp_m236e_6gw99e_firmware -
hp smart_tank_790_4wf66a_firmware -
hp laserjet_mfp_m142_7md74a_firmware -
hp color_laserjet_managed_mfp_e87650du_5fm80a_firmware -
hp deskjet_plus_ink_advantage_6000_5se522a_firmware -
hp designjet_z6+_pro_2qu25a_firmware -
hp officejet_pro_8020_1kr57a_firmware -
hp color_laserjet_enterprise_m855_d7p73a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r65a_firmware -
hp color_laserjet_pro_m255_7kw63a_firmware -
hp color_laserjet_pro_mfp_m281_t6b83a_firmware -
hp officejet_pro_8210_d9l64a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u67a_firmware -
hp laserjet_enterprise_flow_mfp_m635_7ps98a_firmware -
hp laserjet_mfp_m140_7md70a_firmware -
hp laserjet_m208_9yf82a_firmware -
hp designjet_t1700_w6b56a_firmware -
hp color_laserjet_pro_mfp_m182_7kw54a_firmware -
hp laserjet_tank_mfp_2603_381v1a_firmware -
hp laserjet_m203_g3q48a_firmware -
hp laserjet_managed_mfp_e62655_3gy15a_firmware -
hp laserjet_pro_m705_b6s02a_firmware -
hp laserjet_pro_m402_c5f93a_firmware -
hp laserjet_m207_9yf80a_firmware -
hp color_laserjet_pro_mfp_m285_7kw76a_firmware -
hp color_laserjet_managed_flow_e77423_5rc92a_firmware -
hp laserjet_mfp_m139e_7md72e_firmware -
hp laserjet_enterprise_m4555_mfp_ce738a_firmware -
hp laserjet_mfp_m228_g3q74a_firmware -
hp laserjet_pro_m403_c5f92a_firmware -
hp designjet_z9_w3z72h_firmware *
hp color_laserjet_enterprise_m856_t3u52a_firmware -
hp envy_6400e_2k5l5a_firmware -
hp color_laserjet_enterprise_m554_7zu78a_firmware -
hp laserjet_enterprise_700_color_mfp_m775_cc523a_firmware -
hp color_laserjet_managed_mfp_m775_l3u49a_firmware -
hp color_laserjet_enterprise_m554_7zu81a_firmware -
hp laserjet_enterprise_500_color_mfp_m575_cd644a_firmware -
hp designjet_xl_3600_mfp_6dh33a_firmware -
hp laserjet_m211_6gw62a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs28a_firmware -
hp laserjet_pro_m404_w1a53a_firmware -
hp color_laserjet_pro_mfp_m181_t6b71a_firmware -
hp laserjet_mfp_m134_g3q65a_firmware -
hp laserjet_mfp_m140_2u589a_firmware -
hp laserjet_mfp_m140_7md72a_firmware -
hp color_laserjet_managed_flow_e77424_5rc91a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_z8z17a_firmware -
hp pagewide_managed_color_mfp_p77950_2gp22a_firmware -
hp pagewide_xl_4700_4vw14h_firmware -
hp pagewide_pro_477dn_d3q19a_firmware -
hp laserjet_tank_2504_381v4a_firmware -
hp laserjet_pro_mfp_m427_1gp80a_firmware -
hp color_laserjet_managed_mfp_e87640du_5fm80a_firmware -
hp smart_tank_720_6uu46a_firmware -
hp pagewide_color_mfp_779_4pz46a_firmware -
hp color_laserjet_pro_m452_cf394v_firmware -
hp laserjet_managed_mfp_e72525_z8z09a_firmware -
hp laserjet_managed_mfp_e72525_x3a66a_firmware -
hp designjet_z9_w3z71e_firmware *
hp deskjet_2600_y5h61a_firmware -
hp envy_6000e_223n6a_firmware -
hp envy_6400e_223r6a_firmware -
hp color_laserjet_pro_m253_t6b63a_firmware -
hp color_laserjet_pro_mfp_m180_t6b71a_firmware -
hp laserjet_pro_mfp_m429_w1a35a_firmware -
hp smart_tank_7000_28b49a_firmware -
hp deskjet_2600_6jy94a_firmware -
hp laserjet_managed_m605_e6b70a_firmware -
hp color_laserjet_pro_mfp_m274_b3q10a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a84a_firmware -
hp laserjet_managed_mfp_e52645_1ps55a_firmware -
hp laserjet_m101_g3q37a_firmware -
hp laserjet_enterprise_flow_mfp_m631_j8j65a_firmware -
hp laserjet_managed_mfp_e82560du_5fm76a_firmware -
hp laserjet_mfp_m229_g3q74a_firmware -
hp deskjet_ink_advantage_3630_k4u06a_firmware -
hp deskjet_3630_f5s48a_firmware -
hp color_laserjet_cm5525_mfp_ce707a_firmware *
hp laserjet_mfp_m234_6gw99a_firmware -
hp laserjet_mfp_m235_9yf94a_firmware -
hp laserjet_mfp_m130_g3q66a_firmware -
hp laserjet_tank_2505_2r7f4a_firmware -
hp officejet_3830_k7v38a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm78a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs15a_firmware -
hp officejet_pro_9010_1kr48a_firmware -
hp pagewide_pro_552dw_d3q17a_firmware -
hp laserjet_tank_mfp_2606_381u0a_firmware -
hp laserjet_enterprise_mfp_m528_1pv65a_firmware -
hp laserjet_mfp_m232_6gx06a_firmware -
hp laserjet_mfp_m141_2u589f_firmware -
hp envy_6000_8qq98a_firmware -
hp color_laserjet_managed_mfp_e87640du_5rc88a_firmware -
hp laserjet_mfp_m234_6gx05a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z62a_firmware -
hp laserjet_tank_mfp_2605_381u1a_firmware -
hp smart_tank_plus_650_y0f72a_firmware -
hp laserjet_pro_m16_w2g53a_firmware -
hp color_laserjet_managed_mfp_e77424_5cm75a_firmware -
hp designjet_t1700_w6b56d_firmware -
hp laserjet_pro_m701_k9g90a_firmware -
hp color_laserjet_managed_mfp_e78227_17f27aw_firmware -
hp laserjet_managed_mfp_e72530_z8z011a_firmware -
hp laserjet_enterprise_500_mfp_m525f_cf118a_firmware -
hp color_laserjet_managed_e65050_l3u56a_firmware -
hp color_laserjet_pro_m453_w1y40a_firmware -
hp designjet_xl_3600_mfp_6kd24a_firmware -
hp laserjet_m207e_6gw62e_firmware -
hp pagewide_xl_5200_4vw20h_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a65a_firmware -
hp laserjet_mfp_m132_g3q65a_firmware -
hp deskjet_plus_ink_advantage_4100_7fs96b_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u67a_firmware -
hp deskjet_3700_t8w57a_firmware -
hp smart_tank_610_3yw48a_firmware -
hp laserjet_pro_m703_b6s02a_firmware -
hp designjet_xl_3600_mfp_6kd23h_firmware -
hp deskjet_2600_y5h59a_firmware -
hp designjet_z6_t8w16g_firmware *
hp laserjet_mfp_m232_6gx04a_firmware -
hp color_laserjet_pro_mfp_m180_t6b74a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z02a_firmware -
hp color_laserjet_enterprise_m855_a2w77a_firmware -
hp color_laserjet_enterprise_m750_d3l09a_firmware -
hp laserjet_mfp_m133_g3q62a_firmware -
hp pagewide_xl_4700_4vw14g_firmware -
hp designjet_xl_3600_mfp_6kd24g_firmware -
hp pagewide_377dw_j9v80a_firmware -
hp officejet_252_n4l18c_firmware -
hp officejet_pro_8730_d9l20a_firmware -
hp officejet_pro_9010_1kr45a_firmware -
hp designjet_t1700_1vd87a_firmware -
hp color_laserjet_managed_mfp_e78226_19gsaw_firmware -
hp hp_color_laserjet_enterprise_m554_7zu79a_firmware *
hp color_laserjet_pro_m154_t6b49a_firmware -
hp laserjet_mfp_m130_g3q58a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a80a_firmware -
hp color_laserjet_managed_flow_e77426_5cm76a_firmware -
hp deskjet_ink_advantage_3630_k4u00a_firmware -
hp designjet_z9_w3z72g_firmware *
hp color_laserjet_pro_m155_7kw51a_firmware -
hp laserjet_m109a_7md67a_firmware -
hp pagewide_managed_p55250dw_j6u55b_firmware -
hp color_laserjet_enterprise_mfp_m776_t3u56a_firmware -
hp laserjet_m212e_6gw62e_firmware -
hp laserjet_enterprise_m506_f2a70a_firmware -
hp deskjet_2600_y5h65a_firmware -
hp envy_inspire_7900e_327a9a_firmware -
hp deskjet_4100e_26q91a_firmware -
hp officejet_202_n4k99c_firmware -
hp color_laserjet_managed_mfp_e78228_19gsaw_firmware -
hp laserjet_managed_mfp_e82540du_5cm61a_firmware -
hp laserjet_mfp_m235_9yf92a_firmware -
hp laserjet_enterprise_m606_e6b73a_firmware -
hp laserjet_m103_g3q36a_firmware -
hp laserjet_m112_2u584a_firmware -
hp laserjet_tank_1502_2r7f3a_firmware -
hp laserjet_enterprise_mfp_m630_b3g86a_firmware -
hp laserjet_enterprise_600_m603_ce994a_firmware -
hp laserjet_managed_e60075_m0p33a_firmware -
hp laserjet_tank_mfp_2604_381u0a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l46a_firmware -
hp pagewide_managed_p75050dw_w1b28a_firmware -
hp laserjet_mfp_m134_g3q68a_firmware -
hp deskjet_3630_k4t98a_firmware -
hp laserjet_mfp_m237_9yf89a_firmware -
hp designjet_xl_3600_mfp_6kd23f_firmware -
hp laserjet_pro_m405_w1a58a_firmware -
hp deskjet_ink_advantage_3630_k4u08a_firmware -
hp deskjet_3630_v3f21a_firmware -
hp envy_6000e_2k4w1a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u67a_firmware -
hp laserjet_managed_e60065_m0p40a_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u67a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z05a_firmware -
hp laserjet_pro_m402_f6j43a_firmware -
hp laserjet_mfp_m132_g3q57a_firmware -
hp pagewide_xl_4200_4vw12a_firmware *
hp pagewide_managed_color_flow_mfp_e77660z_firmware -
hp color_laserjet_managed_mfp_e77423_5cm76a_firmware -
hp smart_tank_7000_28y90a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a77a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_x3a93a_firmware -
hp laserjet_mfp_m139_1y7d4a_firmware -
hp laserjet_m205_g3q48a_firmware -
hp officejet_pro_9020_1mr68a_firmware -
hp pagewide_managed_color_mfp_p77960_5zn99a_firmware -
hp designjet_t2600_36"_mfp_3xb77a_firmware *
hp laserjet_mfp_m141_7md69a_firmware -
hp laserjet_managed_e60175_3gy09a_firmware -
hp laserjet_mfp_m233e_6gw99e_firmware -
hp deskjet_ink_advantage_3630_k4u01a_firmware -
hp laserjet_enterprise_600_m601_ce990a_firmware -
hp pagewide_managed_color_mfp_e58650dn_l3u42a_firmware -
hp designjet_xl_3600_mfp_6dh33b_firmware -
hp laserjet_mfp_m132_g3q63a_firmware -
hp laserjet_managed_mfp_e72535_x3a59a_firmware -
hp laserjet_m212_9yf83a_firmware -
hp color_laserjet_managed_mfp_e77426_5cm76a_firmware -
hp color_laserjet_pro_mfp_m182_7kw55a_firmware -
hp laserjet_tank_mfp_2605_381v0a_firmware -
hp deskjet_ink_advantage_3700_j9v87a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a13a_firmware -
hp laserjet_m211_6gw61a_firmware -
hp color_laserjet_enterprise_flow_mfp_m880z_d7p70a_firmware *
hp laserjet_tank_mfp_2602_381u2a_firmware -
hp laserjet_m212_9yf84a_firmware -
hp color_laserjet_enterprise_flow_mfp_m682_j8a16a_firmware -
hp laserjet_managed_flow_mfp_e82550_az8z20a_firmware -
hp laserjet_m106_g3q37a_firmware -
hp laserjet_mfp_m139_7md69a_firmware -
hp color_laserjet_managed_mfp_e77424_5cm78a_firmware -
hp laserjet_tank_mfp_2606_381v0a_firmware -
hp laserjet_mfp_m139_2u589a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm65a_firmware -
hp laserjet_mfp_m130_g3q64a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z19_firmware -
hp laserjet_mfp_m130_g3q67a_firmware -
hp color_laserjet_managed_mfp_e77422_5rc92a_firmware -
hp laserjet_managed_mfp_e72535_z8z08a_firmware -
hp laserjet_mfp_m237e_9yf91e_firmware -
hp smart_tank_610_y0f73a_firmware -
hp pagewide_managed_color_mfp_p77950_5zn98a_firmware -
hp laserjet_mfp_m237e_9yg02e_firmware -
hp deskjet_plus_ink_advantage_4100_7fs94b_firmware -
hp color_laserjet_managed_mfp_e78225_8gs14a_firmware -
hp color_laserjet_pro_mfp_m479_w1a80a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a60a_firmware -
hp officejet_pro_8710_j6x80a_firmware -
hp color_laserjet_managed_flow_mfp_m880zm_d7p70a_firmware *
hp designjet_z6_t8w16f_firmware *
hp color_laserjet_enterprise_flow_mfp_m681_j8a13a_firmware -
hp laserjet_mfp_m228_g3q78a_firmware -
hp laserjet_mfp_m141e_7md76e_firmware -
hp laserjet_managed_mfp_e82540du_5rc85a_firmware -
hp color_laserjet_pro_m153_t6b52a_firmware -
hp laserjet_mfp_m134_g3q62a_firmware -
hp color_laserjet_managed_mfp_e77427_5cm76a_firmware -
hp laserjet_mfp_m235_9yg05a_firmware -
hp laserjet_mfp_m236_9yg05a_firmware -
hp officejet_3830_k7v40a_firmware -
hp laserjet_tank_mfp_2604_2r7f5a_firmware -
hp color_laserjet_pro_mfp_m281_t6b81a_firmware -
hp laserjet_enterprise_mfp_m431_3pz56a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_x3a87a_firmware -
hp laserjet_mfp_m139_7md75a_firmware -
hp laserjet_pro_mfp_m31_y5s53a_firmware -
hp laserjet_mfp_m140_7md76a_firmware -
hp color_laserjet_managed_mfp_e78224_17f27aw_firmware -
hp laserjet_managed_mfp_m725_cf066a_firmware -
hp laserjet_tank_mfp_2603_381u6a_firmware -
hp laserjet_m106_g3q35a_firmware -
hp color_laserjet_managed_flow_e77425_5cm76a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs37a_firmware -
hp laserjet_managed_mfp_e82540_x3a68a_firmware -
hp deskjet_ink_advantage_2700_7fr21a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a78a_firmware -
hp designjet_z9_w3z71g_firmware *
hp deskjet_2600_y5h63a_firmware -
hp laserjet_managed_m605_e6b69a_firmware -
hp laserjet_mfp_m142_7md72a_firmware -
hp laserjet_mfp_m236_9yg02a_firmware -
hp smart_tank_790_28b99a_firmware -
hp designjet_t1600_36"_3ek10a_firmware *
hp laserjet_managed_e60175_3gy10a_firmware -
hp laserjet_managed_mfp_e82540_x3a72a_firmware -
hp laserjet_m109e_7md66e_firmware -
hp color_laserjet_enterprise_m855_a2w79a_firmware -
hp laserjet_pro_m14_y5s43a_firmware -
hp designjet_t1600_36"_3ek11a_firmware *
hp envy_inspire_7900e_349u4a_firmware -
hp laserjet_mfp_m232e_6gx00e_firmware -
hp color_laserjet_managed_mfp_e77822_z8z0a_firmware -
hp smart_tank_7000_28b51a_firmware -
hp laserjet_pro_mfp_m30_y5s50a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs15a_firmware -
hp laserjet_mfp_m131_g3q62a_firmware -
hp laserjet_mfp_m235_9yf90a_firmware -
hp laserjet_mfp_m233_6gx04a_firmware -
hp color_laserjet_enterprise_flow_mfp_m776_t3u55a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z64a_firmware -
hp laserjet_m209e_6gw62er_firmware -
hp deskjet_ink_advantage_3700_t8w35a_firmware -
hp laserjet_pro_m405_w1a63a_firmware -
hp laserjet_enterprise_m610_7ps81a_firmware -
hp laserjet_mfp_m229_g3q76a_firmware -
hp laserjet_mfp_m140_7md71a_firmware -
hp smart_tank_plus_550_3yw70a_firmware -
hp laserjet_enterprise_m4555_mfp_ce503a_firmware -
hp deskjet_2600_v1n01a_firmware -
hp laserjet_mfp_m232_9yf92a_firmware -
hp smart_tank_790_28c03a_firmware -
hp laserjet_mfp_m235e_9yg05e_firmware -
hp laserjet_managed_mfp_e52545_3gy20a_firmware -
hp officejet_pro_6960_t0f36a_firmware -
hp laserjet_mfp_m130_g3q65a_firmware -
hp smart_tank_670_30s82a_firmware -
hp laserjet_managed_mfp_e72535_z8z011a_firmware -
hp deskjet_4100e_26q96a_firmware -
hp envy_6400e_223r2a_firmware -
hp envy_inspire_7200e_349u9d_firmware -
hp color_laserjet_enterprise_m750_d3l08a_firmware -
hp laserjet_managed_mfp_e72525_x3a59a_firmware -
hp laserjet_managed_mfp_e82540_x3a75a_firmware -
hp laserjet_mfp_m130_g3q59a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a77a_firmware -
hp smart_tank_7000_28b55a_firmware -
hp color_laserjet_pro_mfp_m283_7kw77a_firmware -
hp laserjet_mfp_m232e_6gw99e_firmware -
hp laserjet_pro_m703_k9g90a_firmware -
hp deskjet_4100e_26q95a_firmware -
hp color_laserjet_enterprise_m555_7zu79a_firmware -
hp color_laserjet_pro_mfp_m183_7kw59a_firmware -
hp laserjet_pro_mfp_m30_y5s53a_firmware -
hp color_laserjet_managed_mfp_e87650du_5cm65a_firmware -
hp deskjet_2600_y5h80a_firmware -
hp laserjet_enterprise_mfp_m725_cf067a_firmware -
hp laserjet_pro_m16_w2g52a_firmware -
hp laserjet_mfp_m141e_2u589e_firmware -
hp laserjet_managed_flow_mfp_m830_cf367a_firmware -
hp pagewide_managed_color_mfp_p77950_2gp23a_firmware -
hp laserjet_enterprise_m611_7ps84a_firmware -
hp laserjet_managed_mfp_e82550_x3a82a_firmware -
hp laserjet_managed_mfp_e72430_5rc90a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z07a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp22a_firmware -
hp laserjet_m210_6gw62a_firmware -
hp laserjet_mfp_m232_9yf98a_firmware -
hp envy_inspire_7900e_242p9d_firmware -
hp laserjet_enterprise_m610_7ps82a_firmware -
hp laserjet_managed_mfp_e82550_x3a74a_firmware -
hp laserjet_mfp_m141_7md70f_firmware -
hp laserjet_m110a_2u581a_firmware -
hp color_laserjet_pro_m255_7kw67a_firmware -
hp laserjet_pro_m16_y5s43a_firmware -
hp laserjet_pro_m17_w2g50a_firmware -
hp laserjet_managed_mfp_flow_e62575_j8j73a_firmware -
hp color_laserjet_managed_mfp_e77423_5cm75a_firmware -
hp color_laserjet_managed_flow_e77422_5cm78a_firmware -
hp laserjet_m112e_2u587e_firmware -
hp laserjet_mfp_m141e_7md74e_firmware -
hp pagewide_managed_color_e75160_j7z06a_firmware -
hp color_laserjet_enterprise_m555_7zu81a_firmware -
hp color_laserjet_enterprise_m653_j8a04a_firmware -
hp laserjet_mfp_m235_9yg09a_firmware -
hp deskjet_plus_ink_advantage_4100_4ws36c_firmware -
hp laserjet_pro_m404_w1a56a_firmware -
hp laserjet_mfp_m140e_7md70e_firmware -
hp color_laserjet_pro_mfp_m180_t6b72a_firmware -
hp color_laserjet_managed_mfp_e87660du_5rc86a_firmware -
hp laserjet_m102_g3q34a_firmware -
hp laserjet_pro_mfp_m427_c5f99a_firmware -
hp laserjet_mfp_m133_g3q60a_firmware -
hp laserjet_pro_m403_c5f94a_firmware -
hp laserjet_mfp_m132_g3q66a_firmware -
hp laserjet_mfp_m233_9yg05a_firmware -
hp laserjet_pro_m405_w1a57a_firmware -
hp pagewide_xl_5200_4vw21h_firmware -
hp color_laserjet_pro_m254_t6b59a_firmware -
hp hp_color_laserjet_enterprise_m555_7zu78a_firmware *
hp envy_6400e_223r9a_firmware -
hp laserjet_mfp_m132_g3q59a_firmware -
hp laserjet_m203_g3q50a_firmware -
hp color_laserjet_managed_mfp_e87660du_5rc88a_firmware -
hp laserjet_enterprise_m506_f2a66a_firmware -
hp laserjet_mfp_m236e_6gx05e_firmware -
hp color_laserjet_managed_mfp_e77830_x3a78a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs37a_firmware -
hp laserjet_managed_mfp_e82560_x3a71a_firmware -
hp officejet_pro_8710_j6x77a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z05a_firmware -
hp smart_tank_6000_6uu48a_firmware -
hp laserjet_pro_m17_y5s47a_firmware -
hp color_laserjet_managed_flow_e77422_5cm77a_firmware -
hp laserjet_m112_7md68a_firmware -
hp officejet_pro_6960_j7k37a_firmware -
hp laserjet_tank_mfp_2603_381u2a_firmware -
hp laserjet_pro_mfp_m30_w2g55a_firmware -
hp color_laserjet_pro_m453_w1y41a_firmware -
hp color_laserjet_pro_mfp_m282_7kw72a_firmware -
hp laserjet_pro_m403_c5j91a_firmware -
hp pagewide_xl_5200_4vw19a_firmware -
hp designjet_z9_x9d24a_firmware *
hp laserjet_managed_mfp_e82550_x3a68a_firmware -
hp deskjet_2600_y5h58a_firmware -
hp laserjet_mfp_m232_6gx05a_firmware -
hp laserjet_managed_mfp_flow_e62575_j8j67a_firmware -
hp envy_6400e_223r1a_firmware -
hp laserjet_mfp_m132_g3q67a_firmware -
hp officejet_pro_8710_m9l70a_firmware -
hp color_laserjet_managed_m553_b5l27a_firmware *
hp color_laserjet_enterprise_m653_j8a06a_firmware -
hp color_laserjet_managed_mfp_e77427_5rc92a_firmware -
hp color_laserjet_managed_mfp_e87650du_5cm63a_firmware -
hp color_laserjet_managed_flow_e77425_5rc91a_firmware -
hp laserjet_pro_m404_w1a60a_firmware -
hp laserjet_mfp_m236e_6gx09a_firmware -
hp laserjet_managed_mfp_e72425_5cm71a_firmware -
hp laserjet_managed_mfp_e82550_x3a75a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm78a_firmware -
hp designjet_z6_t8w15g_firmware *
hp laserjet_m208_6gw63a_firmware -
hp laserjet_mfp_m141_2a130a_firmware -
hp laserjet_managed_mfp_e82540_x3a74a_firmware -
hp officejet_pro_8030_1kr62a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z03a_firmware -
hp laserjet_mfp_m232_9yf95a_firmware -
hp designjet_z9+_pro_2rm82g_firmware -
hp laserjet_pro_m404_93m22a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z07a_firmware -
hp pagewide_managed_p75050dn_w1b28a_firmware -
hp laserjet_managed_mfp_e62655_3gy17a_firmware -
hp laserjet_mfp_m133_g3q58a_firmware -
hp officejet_pro_8710_m9l65a_firmware -
hp laserjet_pro_m16_w2g50a_firmware -
hp color_laserjet_managed_flow_e77424_5rc92a_firmware -
hp color_laserjet_pro_mfp_m479_w1a79a_firmware -
hp deskjet_plus_4100_7fs81b_firmware -
hp laserjet_mfp_m232_9yg02a_firmware -
hp designjet_xl_3600_mfp_6kd24n_firmware -
hp officejet_managed_color_mfp_x585_b5l04a_firmware -
hp laserjet_managed_mfp_e72535_x3a65a_firmware -
hp officejet_200_l9b95a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs25a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs36a_firmware -
hp color_laserjet_pro_mfp_m282_7kw75a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs14a_firmware -
hp laserjet_mfp_m130_g3q57a_firmware -
hp color_laserjet_managed_flow_mfp_m880zm_d7p71a_firmware *
hp smart_tank_7300_28b76a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a68a_firmware -
hp color_laserjet_managed_mfp_e67660_3gy31a_firmware -
hp color_laserjet_pro_mfp_m180_t6b70a_firmware -
hp laserjet_pro_mfp_m426_f6w14a_firmware -
hp laserjet_enterprise_mfp_m725_cf068a_firmware -
hp laserjet_managed_mfp_m630_l3u62a_firmware -
hp officejet_pro_9010_1kr55a_firmware -
hp laserjet_mfp_m232_6gw99a_firmware -
hp laserjet_managed_e60065_m0p36a_firmware -
hp laserjet_enterprise_mfp_m636_7pt01a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_z8z12a_firmware -
hp laserjet_mfp_m139_2a129a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs36a_firmware -
hp smart_tank_7000_28b52a_firmware -
hp officejet_250_n4l17a_firmware -
hp envy_inspire_7900e_242p7d_firmware -
hp color_laserjet_managed_mfp_flow_e87660_z8z16a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a82a_firmware -
hp laserjet_pro_m201_cf466a_firmware -
hp laserjet_mfp_m139_7md71a_firmware -
hp smart_tank_plus_550_3yw74a_firmware -
hp designjet_xl_3600_mfp_6kd26a_firmware -
hp laserjet_managed_mfp_m527_f2a80a_firmware -
hp deskjet_ink_advantage_3630_k4t99a_firmware -
hp laserjet_mfp_m230_g3q76a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe98a_firmware -
hp color_laserjet_pro_mfp_m280_t6b84a_firmware -
hp laserjet_mfp_m140_2a129a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a11a_firmware -
hp deskjet_2700_5ar83a_firmware -
hp laserjet_mfp_m230_g3q79a_firmware -
hp designjet_t1708_1vd84a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u66a_firmware -
hp color_laserjet_pro_mfp_m181_t6b74a_firmware -
hp color_laserjet_managed_mfp_e77428_5rc92a_firmware -
hp officejet_pro_8210_j3p68a_firmware -
hp deskjet_ink_advantage_2700_4ws04a_firmware -
hp officejet_pro_8710_k7s37a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a68a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z06a_firmware -
hp designjet_t1708_1vd85a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr99a_firmware -
hp officejet_pro_8210_j3p65a_firmware -
hp designjet_xl_3600_mfp_6kd24m_firmware -
hp color_laserjet_managed_mfp_e78224_19gsaw_firmware -
hp laserjet_managed_mfp_e82540_z8z18a_firmware -
hp laserjet_pro_mfp_m149_4pa43a_firmware -
hp laserjet_managed_mfp_e72430_5cm72a_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u70a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a77a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z01a_firmware -
hp smart_tank_plus_650_7xv38a_firmware -
hp laserjet_pro_m17_w2g51a_firmware -
hp deskjet_2600_y5h69a_firmware -
hp laserjet_mfp_m237_9yf95a_firmware -
hp deskjet_3700_t8w54a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs37a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z66a_firmware -
hp color_laserjet_managed_flow_e77424_5cm77a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z09a_firmware -
hp laserjet_m109a_2u586a_firmware -
hp color_laserjet_managed_mfp_e87650du_5rc86a_firmware -
hp pagewide_managed_color_p75250_y3z49a_firmware *
hp color_laserjet_pro_m254_t6b61a_firmware -
hp laserjet_enterprise_mfp_m527_f2a77a_firmware -
hp deskjet_3700_1lu12a_firmware -
hp color_laserjet_managed_mfp_e78330_9rt92a_firmware -
hp laserjet_managed_mfp_e62555_j8j66a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z011a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a83a_firmware -
hp laserjet_m211e_6gw62e_firmware -
hp laserjet_mfp_m237e_6gx09e_firmware -
hp color_laserjet_pro_m255_7kw68a_firmware -
hp laserjet_managed_mfp_flow_e62555_j8j67a_firmware -
hp laserjet_m105_g3q34a_firmware -
hp laserjet_mfp_m131_g3q59a_firmware -
hp laserjet_mfp_m235_9yf91a_firmware -
hp laserjet_m112a_7md67a_firmware -
hp pagewide_pro_452dw_d3q16a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm79a_firmware -
hp laserjet_enterprise_m612_7ps86a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a77a_firmware -
hp laserjet_tank_mfp_2605_381u9a_firmware -
hp envy_6000_5se20a_firmware -
hp smart_tank_750_6uu47a_firmware -
hp laserjet_managed_flow_mfp_m525_l3u59a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a69a_firmware -
hp laserjet_m211_9yf85a_firmware -
hp laserjet_managed_mfp_m725_cf067a_firmware -
hp color_laserjet_enterprise_mfp_m680_cz249a_firmware -
hp laserjet_enterprise_600_m602_ce992a_firmware -
hp laserjet_m209_9yf84a_firmware -
hp color_laserjet_enterprise_mfp_m680_cz250a_firmware -
hp color_laserjet_managed_flow_e77424_5cm79a_firmware -
hp deskjet_ink_advantage_3700_4sc29a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a62a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z08a_firmware -
hp laserjet_enterprise_m608_k0q17a_firmware -
hp laserjet_managed_mfp_flow_e62565_j8j73a_firmware -
hp laserjet_m111e_7md68e_firmware -
hp laserjet_managed_m506_f2a69a_firmware -
hp laserjet_enterprise_mfp_m631_j8j64a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z010a_firmware -
hp laserjet_m212_9yf85a_firmware -
hp deskjet_ink_advantage_3700_j9v88a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs12a_firmware -
hp designjet_t1700_w6b55c_firmware -
hp color_laserjet_managed_mfp_e87640du_5rc86a_firmware -
hp color_laserjet_enterprise_m651_cz255a_firmware *
hp laserjet_m210_9yf83a_firmware -
hp color_laserjet_pro_mfp_m285_7kw78a_firmware -
hp laserjet_enterprise_m507_1pv87a_firmware -
hp laserjet_managed_mfp_e82550du_5cm59a_firmware -
hp laserjet_mfp_m236_9yf98a_firmware -
hp laserjet_m111a_2u586a_firmware -
hp deskjet_4100e_26q91b_firmware -
hp officejet_pro_9020_1mr67a_firmware -
hp smart_tank_7000_28b79a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a79a_firmware -
hp color_laserjet_managed_flow_e77426_5cm79a_firmware -
hp laserjet_mfp_m234_9yf88a_firmware -
hp color_laserjet_pro_mfp_m283_7kw72a_firmware -
hp color_laserjet_managed_mfp_e87650du_5rc87a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z02a_firmware -
hp laserjet_tank_mfp_2602_381u0a_firmware -
hp color_laserjet_managed_flow_e77426_5cm77a_firmware -
hp designjet_xl_3600_mfp_6kd26m_firmware -
hp laserjet_tank_1502_2r3e1a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a79a_firmware -
hp laserjet_pro_200_m251_cf147a_firmware -
hp color_laserjet_pro_mfp_m285_7kw72a_firmware -
hp deskjet_ink_advantage_3830_f5r97a_firmware -
hp laserjet_pro_200_color_mfp_m276_cf145a_firmware -
hp color_laserjet_enterprise_m750_d3l10a_firmware -
hp laserjet_mfp_m237_6gx06a_firmware -
hp laserjet_managed_e60055_m0p36a_firmware -
hp laserjet_mfp_m233e_6gx09e_firmware -
hp laserjet_enterprise_mfp_m633_j8j76a_firmware -
hp laserjet_tank_1503_2r3e2a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm77a_firmware -
hp laserjet_m209e_6gw62e_firmware -
hp laserjet_m101_g3q35a_firmware -
hp laserjet_managed_mfp_m725_cf069a_firmware -
hp pagewide_enterprise_color_556_g1w47a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_z8z16a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a82a_firmware -
hp laserjet_mfp_m237_9yg11a_firmware -
hp laserjet_pro_mfp_m31_w2g54a_firmware -
hp laserjet_pro_m404_w1a57a_firmware -
hp deskjet_2700_5ar85a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a63a_firmware -
hp laserjet_mfp_m142_2a130a_firmware -
hp laserjet_mfp_m140e_7md76e_firmware -
hp color_laserjet_pro_mfp_m183_7kw56a_firmware -
hp designjet_xl_3600_mfp_6kd24l_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z08a_firmware -
hp laserjet_pro_m402_g3v21a_firmware -
hp smart_tank_720_28b50a_firmware -
hp laserjet_tank_mfp_1603_381l0a_firmware -
hp color_laserjet_managed_mfp_e78225_17f27aw_firmware -
hp color_laserjet_managed_e65050_l3u55a_firmware -
hp laserjet_enterprise_flow_mfp_m634_7ps94a_firmware -
hp pagewide_color_755_4pz47a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z00a_firmware -
hp laserjet_managed_e60155_3gy10a_firmware -
hp laserjet_pro_mfp_m28_w2g56a_firmware -
hp designjet_z6_t8w18c_firmware *
hp color_laserjet_pro_mfp_m277_m6d61a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z18a_firmware -
hp laserjet_pro_m404_w1a58a_firmware -
hp smart_tank_plus_650_3yw51a_firmware -
hp designjet_z9_x9d24c_firmware *
hp color_laserjet_managed_flow_mfp_e77830_z8z05a_firmware -
hp laserjet_m112a_7md65a_firmware -
hp deskjet_ink_advantage_2600_v1n02a_firmware -
hp laserjet_pro_m202_cf467a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr94a_firmware -
hp laserjet_enterprise_mfp_m528_1pv67a_firmware -
hp color_laserjet_cm5525_mfp_ce708a_firmware *
hp laserjet_tank_mfp_2602_381u9a_firmware -
hp laserjet_tank_mfp_2603_381u9a_firmware -
hp color_laserjet_pro_m252_b4a21a_firmware -
hp laserjet_mfp_m234e_6gx02e_firmware -
hp laserjet_enterprise_500_color_m551_cf082a_firmware -
hp laserjet_mfp_m235e_6gx09e_firmware -
hp laserjet_tank_mfp_1602_2r3e8a_firmware -
hp laserjet_tank_2505_2r3e3a_firmware -
hp laserjet_pro_m703_b6s01a_firmware -
hp smart_tank_610_y0f71a_firmware -
hp laserjet_managed_mfp_m527_f2a79a_firmware -
hp color_laserjet_enterprise_m651_cz257a_firmware *
hp color_laserjet_pro_mfp_m478_w1a75a_firmware -
hp color_laserjet_pro_mfp_m282_7kw79a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a69a_firmware -
hp laserjet_enterprise_flow_mfp_m830_l3u65a_firmware -
hp smart_tank_720_28b52a_firmware -
hp laserjet_mfp_m232_9yf90a_firmware -
hp color_laserjet_managed_e75245_t3u64a_firmware -
hp color_laserjet_managed_mfp_m680_firmware -
hp laserjet_m206_g3q47a_firmware -
hp laserjet_managed_mfp_e82550du_5cm61a_firmware -
hp laserjet_m109_2u587a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a59a_firmware -
hp designjet_t1700_1vd87f_firmware *
hp pagewide_xl_5200_4vw20f_firmware -
hp color_laserjet_enterprise_flow_mfp_m880z_d7p71a_firmware *
hp color_laserjet_managed_mfp_e78226_8gs14a_firmware -
hp laserjet_mfp_m234_9yf96a_firmware -
hp color_laserjet_pro_m254_t6b64a_firmware -
hp officejet_pro_8030_5lj19a_firmware -
hp color_laserjet_pro_mfp_m185_7kw59a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs36a_firmware -
hp laserjet_pro_m703_k9g91a_firmware -
hp smart_tank_790_28b98a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_x3a87a_firmware -
hp laserjet_enterprise_m507_1pv89a_firmware -
hp laserjet_mfp_m132_g3q68a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr96a_firmware -
hp laserjet_managed_e60075_m0p39a_firmware -
hp officejet_6950_p4c85a_firmware -
hp laserjet_pro_mfp_m428_w1a35a_firmware -
hp laserjet_mfp_m140_7md75a_firmware -
hp laserjet_pro_mfp_m428_w1a32a_firmware -
hp deskjet_4100e_26q92b_firmware -
hp color_laserjet_managed_mfp_e78227_8gs12a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs29a_firmware -
hp laserjet_mfp_m236_9yf89a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z00a_firmware -
hp laserjet_pro_mfp_m29_y5s55a_firmware -
hp laserjet_mfp_m142_1y7d4a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs50a_firmware -
hp designjet_t1700_1vd88f_firmware *
hp laserjet_pro_m304_w1a66a_firmware -
hp envy_inspire_7900e_2h2p0d_firmware -
hp color_laserjet_pro_mfp_m185_7kw54a_firmware -
hp laserjet_mfp_m237_9yf97a_firmware -
hp laserjet_mfp_m129_g3q67a_firmware -
hp color_laserjet_managed_flow_e77422_5rc92a_firmware -
hp laserjet_m111a_2u581a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a83a_firmware -
hp color_laserjet_m578_mfp_7zu85a_firmware *
hp laserjet_managed_mfp_e82560_x3a69a_firmware -
hp designjet_z9+_pro_2rm82a_firmware -
hp laserjet_m103_g3q39a_firmware -
hp laserjet_pro_m402_c5f96a_firmware -
hp laserjet_m110e_2u582e_firmware -
hp pagewide_xl_5200_4vw17a_firmware -
hp designjet_xl_3600_mfp_6kd25f_firmware -
hp laserjet_m110e_7md68e_firmware -
hp color_laserjet_enterprise_flow_mfp_m880z_l3u51a_firmware *
hp color_laserjet_managed_mfp_flow_e87640_x3a92a_firmware -
hp deskjet_ink_advantage_3630_k4u02a_firmware -
hp laserjet_mfp_m232e_6gx09e_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a83a_firmware -
hp color_laserjet_managed_flow_e77422_5rc91a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z23a_firmware -
hp deskjet_3630_v3f22a_firmware -
hp color_laserjet_managed_mfp_e77423_5rc92a_firmware -
hp laserjet_pro_m704_k9g90a_firmware -
hp deskjet_plus_4100_7mr23a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z63a_firmware -
hp officejet_pro_9020_1mr76a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z13a_firmware -
hp officejet_enterprise_color_mfp_x585_b5l04a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r67a_firmware -
hp laserjet_mfp_m234e_6gx01a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs13a_firmware -
hp color_laserjet_enterprise_mfp_m680_ca251a_firmware -
hp laserjet_m104_g3q35a_firmware -
hp pagewide_enterprise_color_flow_mfp_586z_g1w41a_firmware -
hp laserjet_managed_mfp_e72530_x3a62a_firmware -
hp laserjet_managed_mfp_e72535_x3a63a_firmware -
hp laserjet_tank_mfp_2604_381u2a_firmware -
hp laserjet_mfp_m233_9yf91a_firmware -
hp smart_tank_7300_28b71a_firmware -
hp laserjet_mfp_m234e_9yg05e_firmware -
hp designjet_t1700_w6b56e_firmware -
hp color_laserjet_pro_mfp_m285_7kw77a_firmware -
hp laserjet_managed_mfp_flow_e62575_j8j79a_firmware -
hp laserjet_mfp_m237_9yg05a_firmware -
hp laserjet_m208_9yf84a_firmware -
hp designjet_t2600_36"_mfp_3ek15a_firmware *
hp color_laserjet_managed_e65060_l3u57a_firmware -
hp smart_tank_510_1tj11a_firmware -
hp smart_tank_6000_28c12a_firmware -
hp laserjet_enterprise_mfp_m632_j8j71a_firmware -
hp laserjet_mfp_m232_9yf88a_firmware -
hp deskjet_4100e_26q93b_firmware -
hp smart_tank_670_2h5s3a_firmware -
hp laserjet_managed_flow_mfp_m630_p7z48a_firmware -
hp laserjet_pro_mfp_m149_4pa44a_firmware -
hp color_laserjet_pro_m256_7kw63a_firmware -
hp designjet_z9_w3z72a_firmware *
hp laserjet_managed_mfp_flow_e62575_j8j80a_firmware -
hp deskjet_2700_7fr53a_firmware -
hp laserjet_enterprise_500_color_mfp_m575_cd645a_firmware -
hp laserjet_managed_mfp_e82540_x3a82a_firmware -
hp officejet_pro_8035e_1l0h8a_firmware -
hp color_laserjet_pro_m253_t6b60a_firmware -
hp laserjet_managed_color_flow_mfp_m575_l3u46a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a65a_firmware -
hp officejet_7110_h812a_firmware -
hp laserjet_mfp_m133_g3q67a_firmware -
hp color_laserjet_pro_mfp_m182_7kw57a_firmware -
hp designjet_z6_t8w15h_firmware *
hp laserjet_managed_mfp_e82560du_5rc85a_firmware -
hp deskjet_plus_4100_7fs74d_firmware -
hp laserjet_managed_mfp_e72425_5rc90a_firmware -
hp laserjet_m209_6gw63a_firmware -
hp deskjet_plus_ink_advantage_4100_7fs97b_firmware -
hp color_laserjet_managed_flow_e77423_5cm76a_firmware -
hp designjet_t1700_w6b55f_firmware *
hp color_laserjet_managed_flow_mfp_e77825_z8z04a_firmware -
hp laserjet_mfp_m132_g3q58a_firmware -
hp laserjet_managed_mfp_e72530_z8z07a_firmware -
hp laserjet_managed_e60075_m0p36a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z07a_firmware -
hp laserjet_mfp_m234e_9yg02e_firmware -
hp officejet_pro_8030e_3uc66a_firmware -
hp pagewide_managed_p55250dw_j6u51b_firmware -
hp laserjet_enterprise_m608_k0q18a_firmware -
hp laserjet_m212_9yf80a_firmware -
hp envy_6000_8qq99a_firmware -
hp color_laserjet_enterprise_mfp_m776_t3u55a_firmware -
hp color_laserjet_enterprise_flow_mfp_m682_j8a17a_firmware -
hp laserjet_mfp_m234_6gx03a_firmware -
hp color_laserjet_pro_mfp_m377_cf379a_firmware -
hp laserjet_pro_mfp_m28_w2g54a_firmware -
hp laserjet_mfp_m140_7md74a_firmware -
hp laserjet_tank_mfp_2606_2r3f0a_firmware -
hp laserjet_mfp_m232e_6gx02e_firmware -
hp color_laserjet_managed_mfp_e77825_x3a77a_firmware -
hp envy_6000e_2k4v8a_firmware -
hp laserjet_enterprise_flow_mfp_m527z_firmware -
hp deskjet_4100e_26q93a_firmware -
hp pagewide_managed_color_mfp_e77650_z5g77a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z02a_firmware -
hp designjet_xl_3600_mfp_6kd24h_firmware -
hp color_laserjet_pro_mfp_m181_t6b75a_firmware -
hp laserjet_managed_mfp_e42540_3pz75a_firmware -
hp color_laserjet_pro_m256_7kw67a_firmware -
hp officejet_pro_8035e_1l0h7a_firmware -
hp pagewide_managed_p77740dw_w1b33a_firmware -
hp laserjet_m210_6gw63a_firmware -
hp laserjet_tank_mfp_2606_381u2a_firmware -
hp smart_tank_750_28b75a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs43a_firmware -
hp smart_tank_7000_28b72a_firmware -
hp laserjet_m209_9yf80a_firmware -
hp deskjet_2700e_26k67a_firmware -
hp laserjet_m210_9yf80a_firmware -
hp officejet_pro_9020_1mr66a_firmware -
hp laserjet_mfp_m141e_7md72e_firmware -
hp deskjet_2600_5sf02a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe95a_firmware -
hp color_laserjet_managed_mfp_e78223_19gsaw_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z010a_firmware -
hp envy_inspire_7900e_31k30d_firmware -
hp color_laserjet_managed_mfp_e78223_8gs14a_firmware -
hp deskjet_2600_y5h67a_firmware -
hp laserjet_m103_g3q34a_firmware -
hp smart_tank_670_6uu48a_firmware -
hp smart_tank_plus_550_4sb23a_firmware -
hp laserjet_pro_m701_k9g91a_firmware -
hp laserjet_tank_1504_2r3e1a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a81a_firmware -
hp laserjet_pro_m16_y5s47a_firmware -
hp laserjet_tank_1504_2r7f3a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z06a_firmware -
hp laserjet_pro_m305_w1a66a_firmware -
hp laserjet_managed_e60155_3gy09a_firmware -
hp laserjet_mfp_m232_9yf91a_firmware -
hp laserjet_pro_mfp_m29_w2g56a_firmware -
hp laserjet_m210_9yf82a_firmware -
hp laserjet_enterprise_600_m602_ce991a_firmware -
hp laserjet_managed_mfp_e72535_x3a66a_firmware -
hp deskjet_3700_t8w92a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_z8z12a_firmware -
hp officejet_pro_8710_t0g48a_firmware -
hp color_laserjet_pro_mfp_m183_7kw54a_firmware -
hp color_laserjet_pro_m255_7kw65a_firmware -
hp color_laserjet_managed_mfp_e78330_9rt91a_firmware -
hp color_laserjet_pro_mfp_m183_7kw58a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l48a_firmware -
hp designjet_xl_3600_mfp_2yb64a_firmware -
hp pagewide_xl_5200_4vw19h_firmware -
hp laserjet_m101_g3q34a_firmware -
hp designjet_z6_t8w15c_firmware *
hp laserjet_pro_m701_b6s00a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z23a_firmware -
hp laserjet_m102_g3q36a_firmware -
hp color_laserjet_pro_m154_t6b47a_firmware -
hp laserjet_managed_mfp_e62565_j8j79a_firmware -
hp envy_inspire_7200e_349u8d_firmware -
hp laserjet_managed_e60165_3gy10a_firmware -
hp color_laserjet_pro_m153_t6b51a_firmware -
hp designjet_z6_t8w18e_firmware *
hp laserjet_tank_2503_2r7f4a_firmware -
hp laserjet_pro_m201_cf456a_firmware -
hp smart_tank_7600_28c02a_firmware -
hp officejet_pro_8740_d9l21a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z68a_firmware -
hp laserjet_managed_e60075_m0p35a_firmware -
hp laserjet_mfp_m139_7md70a_firmware -
hp laserjet_enterprise_m806_cz244a_firmware -
hp laserjet_pro_m14_w2g53a_firmware -
hp smart_tank_790_28c02a_firmware -
hp designjet_z9_x9d24f_firmware *
hp laserjet_m106_g3q36a_firmware -
hp laserjet_mfp_m234_9yg09a_firmware -
hp deskjet_ink_advantage_3700_t8w36a_firmware -
hp designjet_t1600_36"_3ek08a_firmware *
hp deskjet_plus_4100_7fs76a_firmware -
hp laserjet_pro_m402_c5f94a_firmware -
hp pagewide_managed_color_mfp_p77940_5zn99a_firmware -
hp smart_tank_610_y0f74a_firmware -
hp pagewide_xl_4700_4vw15a_firmware -
hp smart_tank_670_2h0b9a_firmware -
hp laserjet_mfp_m233_9yf88a_firmware -
hp pagewide_managed_color_mfp_p77440_y3z60a_firmware -
hp officejet_pro_8710_m9l67a_firmware -
hp laserjet_enterprise_m4555_mfp_ce502a_firmware -
hp laserjet_pro_mfp_m29_y5s54a_firmware -
hp laserjet_m207_6gw63a_firmware -
hp laserjet_tank_mfp_2604_381u7a_firmware -
hp laserjet_tank_mfp_2602_381v1a_firmware -
hp laserjet_pro_mfp_m427_f6w14a_firmware -
hp laserjet_tank_2505_381v4a_firmware -
hp deskjet_3700_t8w59a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_x3a90a_firmware -
hp laserjet_managed_mfp_e72530_z8z08a_firmware -
hp deskjet_plus_4100_7fs88d_firmware -
hp deskjet_plus_4100_3xv14b_firmware -
hp laserjet_pro_mfp_m428_w1a30a_firmware -
hp laserjet_managed_flow_mfp_m630_l3u61a_firmware -
hp laserjet_pro_mfp_m149_4pa42a_firmware -
hp smart_tank_7600_28b96a_firmware -
hp laserjet_mfp_m234_6gw71a_firmware -
hp laserjet_m109a_7md65a_firmware -
hp officejet_pro_8740_k7s39a_firmware -
hp laserjet_mfp_m235e_9yg02e_firmware -
hp color_laserjet_managed_mfp_e78323_8gr99a_firmware -
hp color_laserjet_enterprise_m856_t3u51a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a78a_firmware -
hp deskjet_3700_t8w88a_firmware -
hp color_laserjet_managed_flow_e67650_3gy32a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr97a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a66a_firmware -
hp laserjet_mfp_m129_g3q59a_firmware -
hp laserjet_pro_mfp_m148_4pa43a_firmware -
hp color_laserjet_enterprise_mfp_m680_cz248a_firmware -
hp color_laserjet_pro_m154_t6b50a_firmware -
hp color_laserjet_managed_mfp_e78228_17f27aw_firmware -
hp laserjet_mfp_m232e_9yf91e_firmware -
hp laserjet_mfp_m139e_7md74e_firmware -
hp laserjet_m209_9yf83a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_z8z15a_firmware -
hp color_laserjet_pro_m452_cf394a_firmware -
hp officejet_pro_9020_1mr72a_firmware -
hp color_laserjet_pro_m252_b4a22a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_z8z17a_firmware -
hp officejet_pro_9010_3uk83a_firmware -
hp laserjet_tank_mfp_2605_2r7f5a_firmware -
hp designjet_xl_3600_mfp_2yb64c_firmware -
hp laserjet_managed_mfp_e62655_3gy16a_firmware -
hp color_laserjet_pro_m453_w1y46a_firmware -
hp laserjet_m109e_2u582e_firmware -
hp color_laserjet_managed_flow_e67650_3gy31a_firmware -
hp color_laserjet_managed_flow_e77422_5cm76a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs01a_firmware -
hp laserjet_m112a_2u586a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs12a_firmware -
hp color_laserjet_pro_mfp_m182_7kw58a_firmware -
hp designjet_z6_t8w18g_firmware *
hp laserjet_managed_mfp_e82550_z8z19_firmware -
hp officejet_8010e_228f5a_firmware -
hp deskjet_ink_advantage_3700_dt61a_firmware -
hp laserjet_pro_m14_w2g50a_firmware -
hp color_laserjet_managed_m651_cz257a_firmware *
hp pagewide_managed_color_mfp_p77940_y3z62a_firmware -
hp laserjet_pro_mfp_m426_f6w19a_firmware -
hp pagewide_managed_color_mfp_p77960_5zn01a_firmware -
hp laserjet_tank_mfp_1604_2r3e8a_firmware -
hp laserjet_pro_m521_a8p79a_firmware -
hp designjet_t1700_1vd88a_firmware *
hp pagewide_managed_color_mfp_p77940_2gp25a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a81a_firmware -
hp laserjet_mfp_m129_g3q63a_firmware -
hp color_laserjet_managed_m651_h0dc9a_firmware *
hp laserjet_managed_flow_mfp_e72530_z8z010a_firmware -
hp laserjet_mfp_m235e_6gx01a_firmware -
hp laserjet_mfp_m232e_6gx05e_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a12a_firmware -
hp laserjet_mfp_m234_9yf94a_firmware -
hp laserjet_mfp_m233e_6gx01a_firmware -
hp laserjet_mfp_m130_g3q60a_firmware -
hp laserjet_pro_m402_c5f95a_firmware -
hp color_laserjet_pro_m153_t6b48a_firmware -
hp laserjet_mfp_m134_g3q64a_firmware -
hp color_laserjet_pro_mfp_m281_t6b80a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z18a_firmware -
hp laserjet_mfp_m234e_6gw99e_firmware -
hp deskjet_2600_4uj28a_firmware -
hp color_laserjet_managed_mfp_e77425_5rc91a_firmware -
hp laserjet_mfp_m233_9yf90a_firmware -
hp laserjet_mfp_m141_2u589a_firmware -
hp laserjet_managed_mfp_e72535_z8z06a_firmware -
hp laserjet_m209_6gw62a_firmware -
hp laserjet_mfp_m142_7md71a_firmware -
hp laserjet_mfp_m235_9yf97a_firmware -
hp laserjet_m109a_2u581a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe94a_firmware -
hp smart_tank_670_2h1w2a_firmware -
hp laserjet_pro_m402_f6j44a_firmware -
hp laserjet_pro_mfp_m429_w1a29a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a83a_firmware -
hp designjet_t1600_36"_3ek11f_firmware *
hp laserjet_managed_mfp_e62555_j8j80a_firmware -
hp smart_tank_510_4sb23a_firmware -
hp color_laserjet_managed_mfp_m775_cc522a_firmware -
hp color_laserjet_enterprise_m555_7zu78a_firmware -
hp laserjet_mfp_m235_6gx06a_firmware -
hp officejet_8010_1kr69a_firmware -
hp laserjet_m111_2u582a_firmware -
hp laserjet_mfp_m131_g3q63a_firmware -
hp laserjet_m106_g3q34a_firmware -
hp laserjet_mfp_m233_9yf96a_firmware -
hp laserjet_pro_m225_c6n23a_firmware -
hp laserjet_managed_mfp_m630_p7z48a_firmware -
hp laserjet_pro_m16_w2g51a_firmware -
hp laserjet_enterprise_m608_m0p32a_firmware -
hp laserjet_mfp_m237_9yf98a_firmware -
hp laserjet_pro_m405_w1a59a_firmware -
hp laserjet_mfp_m142_7md70a_firmware -
hp color_laserjet_managed_m651_l8z07a_firmware *
hp color_laserjet_pro_m253_t6b56a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l54a_firmware -
hp laserjet_mfp_m237_6gw99a_firmware -
hp laserjet_mfp_m130_g3q68a_firmware -
hp smart_tank_plus_650_y0f74a_firmware -
hp smart_tank_7600_4wf66a_firmware -
hp pagewide_managed_p77760z_w1b38a_firmware -
hp laserjet_mfp_m236_6gx00a_firmware -
hp laserjet_managed_mfp_e82550du_5cm58a_firmware -
hp laserjet_mfp_m236_9yg08a_firmware -
hp laserjet_enterprise_m612_7ps88a_firmware -
hp color_laserjet_managed_mfp_e67650_3gy31a_firmware -
hp smart_tank_plus_550_1tj12a_firmware -
hp laserjet_pro_mfp_m31_w2g55a_firmware -
hp smart_tank_510_1tj09a_firmware -
hp color_laserjet_pro_mfp_m283_7kw78a_firmware -
hp color_laserjet_managed_flow_e77423_5rc91a_firmware -
hp laserjet_enterprise_flow_mfp_m634_7ps96a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm64a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs28a_firmware -
hp officejet_pro_6970_t0f39a_firmware -
hp laserjet_managed_mfp_e72525_x3a60a_firmware -
hp laserjet_mfp_m131_g3q68a_firmware -
hp laserjet_mfp_m236e_9yg02e_firmware -
hp color_laserjet_managed_flow_mfp_e57540_3gy26a_firmware -
hp officejet_pro_6230_e3e03a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a82a_firmware -
hp laserjet_enterprise_m507_1pv86a_firmware -
hp deskjet_3700_j9v86a_firmware -
hp laserjet_managed_e60055_m0p39a_firmware -
hp color_laserjet_managed_mfp_e77425_5cm77a_firmware -
hp laserjet_enterprise_mfp_m630_b3g84a_firmware -
hp deskjet_plus_ink_advantage_4100_7fs98b_firmware -
hp color_laserjet_managed_mfp_e77426_5rc91a_firmware -
hp pagewide_managed_p57750dw_multifunction_printer_j9v82a_firmware *
hp color_laserjet_pro_mfp_m181_t6b73a_firmware -
hp designjet_t1700_w6b55d_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm66a_firmware -
hp color_laserjet_pro_m254_t6b58a_firmware -
hp color_laserjet_pro_mfp_m181_t6b72a_firmware -
hp color_laserjet_pro_m154_t6b48a_firmware -
hp laserjet_managed_mfp_e82540_x3a69a_firmware -
hp smart_tank_6000_28c13a_firmware -
hp color_laserjet_pro_m254_t6b60a_firmware -
hp color_laserjet_pro_m255_7kw66a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp22a_firmware -
hp pagewide_managed_p75050dn_y3z47a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs50a_firmware -
hp color_laserjet_pro_mfp_m180_t6b73a_firmware -
hp laserjet_managed_mfp_e72535_x3a62a_firmware -
hp laserjet_m109e_2u584e_firmware -
hp laserjet_pro_mfp_m427_f6w16a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_x3a92a_firmware -
hp laserjet_managed_mfp_flow_e62565_j8j66a_firmware -
hp color_laserjet_managed_m651_cz256a_firmware *
hp color_laserjet_managed_flow_mfp_e77830_z8z04a_firmware -
hp laserjet_m111e_2u584e_firmware -
hp laserjet_mfp_m134_g3q67a_firmware -
hp pagewide_pro_577dw_d3q21a_firmware -
hp officejet_pro_8710_t0g46a_firmware -
hp laserjet_pro_m201_cf455a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_z8z14a_firmware -
hp deskjet_ink_advantage_2600_y5z00a_firmware -
hp laserjet_mfp_m236_9yf94a_firmware -
hp designjet_z6_t8w18b_firmware *
hp color_laserjet_managed_mfp_e78227_8gs14a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z18a_firmware -
hp color_laserjet_pro_mfp_m280_t6b85a_firmware -
hp laserjet_tank_mfp_2606_381u9a_firmware -
hp color_laserjet_managed_flow_mfp_m880zm_a2w75a_firmware *
hp laserjet_mfp_m237_6gw71a_firmware -
hp laserjet_tank_2503_2r3e3a_firmware -
hp laserjet_mfp_m235_9yg11a_firmware -
hp laserjet_pro_m402_f6j42a_firmware -
hp laserjet_mfp_m235e_6gx05e_firmware -
hp color_laserjet_managed_mfp_e78223_17f27aw_firmware -
hp laserjet_tank_1504_2r3e2a_firmware -
hp envy_inspire_7900e_242p8d_firmware -
hp color_laserjet_pro_mfp_m281_t6b85a_firmware -
hp smart_tank_720_28b55a_firmware -
hp laserjet_mfp_m237_9yf92a_firmware -
hp color_laserjet_pro_mfp_m284_7kw79a_firmware -
hp hp_color_laserjet_enterprise_m554_7zu78a_firmware *
hp laserjet_tank_mfp_2603_2r3f0a_firmware -
hp laserjet_m101_g3q36a_firmware -
hp laserjet_enterprise_m605_e6b71a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a62a_firmware -
hp deskjet_plus_ink_advantage_4100_7fs95b_firmware -
hp color_laserjet_managed_mfp_e77424_5cm77a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs13a_firmware -
hp laserjet_pro_m305_w1a48a_firmware -
hp laserjet_enterprise_m806_cz245a_firmware -
hp designjet_t1708_1vd83a_firmware -
hp laserjet_mfp_m236_9yf88a_firmware -
hp smart_tank_750_28b70a_firmware -
hp color_laserjet_enterprise_m651_cz256a_firmware *
hp designjet_xl_3600_mfp_6kd23a_firmware -
hp pagewide_managed_p77740dn_y3z57a_firmware -
hp laserjet_mfp_m232_6gx00a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r64a_firmware -
hp deskjet_2700e_297w8a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr96a_firmware -
hp laserjet_managed_mfp_e72525_z8z06a_firmware -
hp deskjet_plus_4100_7fs86a_firmware -
hp color_laserjet_managed_mfp_e87660du_5rc87a_firmware -
hp deskjet_2700e_26k70a_firmware -
hp laserjet_managed_mfp_e82550du_5rc85a_firmware -
hp color_laserjet_pro_mfp_m180_t6b75a_firmware -
hp laserjet_mfp_m235_9yg08a_firmware -
hp color_laserjet_pro_mfp_m283_7kw75a_firmware -
hp laserjet_m109_2u582a_firmware -
hp laserjet_pro_m15_y5s47a_firmware -
hp laserjet_pro_m501_j8h61a_firmware -
hp deskjet_plus_ink_advantage_4100_7ft01b_firmware -
hp smart_tank_7300_28b70a_firmware -
hp deskjet_2700e_26k69a_firmware -
hp designjet_xl_3600_mfp_6kd23n_firmware -
hp laserjet_mfp_m234e_6gx09a_firmware -
hp laserjet_managed_mfp_m630_l3u61a_firmware -
hp color_laserjet_enterprise_flow_mfp_m680_cz250a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm76a_firmware -
hp pagewide_xl_4700_4vw15g_firmware -
hp laserjet_tank_mfp_2604_381u1a_firmware -
hp laserjet_pro_m15_w2g52a_firmware -
hp laserjet_pro_m17_y5s43a_firmware -
hp officejet_200_cz993a_firmware -
hp laserjet_mfp_m227_g3q78a_firmware -
hp laserjet_enterprise_mfp_m634_7ps96a_firmware -
hp officejet_pro_9020_1mr79a_firmware -
hp pagewide_352dw_j6u57a_firmware -
hp deskjet_2600_5sf04a_firmware -
hp pagewide_managed_color_mfp_p77940_5zn01a_firmware -
hp deskjet_3700_j9v92a_firmware -
hp officejet_pro_8710_k7s38a_firmware -
hp laserjet_pro_mfp_m429_w1a33a_firmware -
hp laserjet_managed_e50145_1pu52a_firmware -
hp deskjet_3630_f5s47a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z60a_firmware -
hp laserjet_mfp_m232e_9yg05e_firmware -
hp laserjet_mfp_m140e_2u589e_firmware -
hp officejet_pro_9020_1mr78a_firmware -
hp laserjet_m111a_7md67a_firmware -
hp color_laserjet_managed_e65060_l3u56a_firmware -
hp designjet_t1700_1vd88a_firmware -
hp color_laserjet_enterprise_m553_b5l39a_firmware *
hp color_laserjet_managed_flow_e67660_3gy32a_firmware -
hp color_laserjet_pro_m454_w1y47a_firmware -
hp laserjet_mfp_m234_9yg11a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs12a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z22a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_z8z12a_firmware -
hp laserjet_pro_m405_w1a60a_firmware -
hp color_laserjet_managed_flow_mfp_m880zm_a2w76a_firmware *
hp laserjet_m206_g3q50a_firmware -
hp laserjet_mfp_m234_9yf95a_firmware -
hp laserjet_pro_m706_b6s02a_firmware -
hp pagewide_xl_4700_4vw15h_firmware -
hp laserjet_enterprise_mfp_m725_cf069a_firmware -
hp laserjet_managed_mfp_e82550du_5rc84a_firmware -
hp color_laserjet_managed_mfp_e77423_5cm79a_firmware -
hp laserjet_m118_4pa39a_firmware -
hp hp_color_laserjet_enterprise_m555_7zu81a_firmware *
hp designjet_t1700_w6b56g_firmware *
hp color_laserjet_pro_mfp_m184_7kw56a_firmware -
hp laserjet_mfp_m235_9yg10a_firmware -
hp smart_tank_7000_2h1t6a_firmware -
hp smart_tank_790_28b96a_firmware -
hp color_laserjet_managed_flow_e77424_5cm76a_firmware -
hp officejet_pro_9010_1kr54a_firmware -
hp laserjet_m101_g3q39a_firmware -
hp laserjet_mfp_m233e_9yg05e_firmware -
hp color_laserjet_pro_mfp_m479_w1a76a_firmware -
hp color_laserjet_pro_mfp_m478_w1a77a_firmware -
hp laserjet_tank_mfp_2606_381u7a_firmware -
hp laserjet_m210e_6gw62e_firmware -
hp color_laserjet_managed_mfp_e67650_3gy32a_firmware -
hp laserjet_pro_mfp_m28_y5s50a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z66a_firmware -
hp color_laserjet_pro_mfp_m477_m5h23a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r76a_firmware -
hp pagewide_xl_4700_4vw14a_firmware -
hp designjet_xl_3600_mfp_2yb64b_firmware -
hp color_laserjet_managed_mfp_e78330_8gs30a_firmware -
hp officejet_pro_8740_k7s40a_firmware -
hp laserjet_mfp_m234_9yf90a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z14a_firmware -
hp laserjet_enterprise_500_color_m551_cf081a_firmware -
hp laserjet_pro_mfp_m28_y5s55a_firmware -
hp laserjet_tank_mfp_1005_381u3a_firmware -
hp laserjet_tank_mfp_2605_381u0a_firmware -
hp color_laserjet_managed_flow_mfp_m880zm_l3u51a_firmware *
hp laserjet_pro_m705_b6s01a_firmware -
hp color_laserjet_enterprise_m855_a2w78a_firmware -
hp laserjet_pro_mfp_m426_c5f98a_firmware -
hp laserjet_m209_6gw61a_firmware -
hp laserjet_managed_mfp_e82560_z8z23a_firmware -
hp laserjet_managed_mfp_e72525_x3a65a_firmware -
hp officejet_6950_p4c82a_firmware -
hp laserjet_pro_m226_cf484a_firmware -
hp laserjet_enterprise_mfp_m630_p7z47a_firmware -
hp laserjet_enterprise_500_color_mfp_m575_cd646a_firmware -
hp designjet_t1700_w6b55b_firmware -
hp laserjet_pro_200_m251_cf146a_firmware -
hp officejet_pro_6970_j7k42a_firmware -
hp designjet_z9_x9d24d_firmware *
hp envy_inspire_7900e_2z1c2a_firmware -
hp officejet_pro_8035e_1l0h6a_firmware -
hp laserjet_tank_2506_2r7f4a_firmware -
hp pagewide_enterprise_color_556_g1w47v_firmware -
hp envy_inspire_7900e_2h2n7d_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a72a_firmware -
hp laserjet_mfp_m234_9yg10a_firmware -
hp deskjet_plus_ink_advantage_4100_4ws37b_firmware -
hp laserjet_managed_m506_f2a68a_firmware -
hp officejet_pro_9020_1mr69a_firmware -
hp color_laserjet_pro_mfp_m377_m5h23a_firmware -
hp laserjet_m103_g3q35a_firmware -
hp smart_tank_750_28b76a_firmware -
hp designjet_t1700_w6b55g_firmware *
hp laserjet_m203_g3q46a_firmware -
hp color_laserjet_pro_m454_w1y43a_firmware -
hp laserjet_mfp_m140e_7md72e_firmware -
hp laserjet_pro_m226_c6n23a_firmware -
hp laserjet_mfp_m234_9yf89a_firmware -
hp officejet_pro_9010_1kr49a_firmware -
hp laserjet_mfp_m233_9yg11a_firmware -
hp deskjet_3700_j9v91a_firmware -
hp laserjet_m207_9yf84a_firmware -
hp deskjet_2700e_26k68b_firmware -
hp laserjet_enterprise_700_color_mfp_m775_l3u49a_firmware -
hp smart_tank_510_3yw72a_firmware -
hp smart_tank_plus_550_1tj09a_firmware -
hp laserjet_enterprise_flow_mfp_m636_7pt00a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u69a_firmware -
hp laserjet_enterprise_m605_e6b70a_firmware -
hp color_laserjet_pro_m253_t6b57a_firmware -
hp color_laserjet_pro_mfp_m479_w1a77a_firmware -
hp laserjet_mfp_m233_9yg08a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr98a_firmware -
hp laserjet_mfp_m235e_6gx09a_firmware -
hp color_laserjet_enterprise_m653_j8a05a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z01a_firmware -
hp laserjet_m102_g3q39a_firmware -
hp color_laserjet_pro_mfp_m284_7kw75a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a10a_firmware -
hp officejet_250_cz992a_firmware -
hp laserjet_mfp_m139e_2u589e_firmware -
hp envy_6000_7cz37a_firmware -
hp laserjet_managed_mfp_e62555_j8j74a_firmware -
hp color_laserjet_pro_mfp_m285_7kw79a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe96a_firmware -
hp laserjet_managed_mfp_flow_e62575_j8j74a_firmware -
hp color_laserjet_pro_m256_7kw64a_firmware -
hp laserjet_managed_mfp_e82560du_5fm78a_firmware -
hp designjet_xl_3600_mfp_6kd23l_firmware -
hp color_laserjet_managed_e65060_l3u55a_firmware -
hp laserjet_managed_mfp_e82560_z8z18a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z02a_firmware -
hp color_laserjet_managed_flow_mfp_m680_l3u48a_firmware -
hp color_laserjet_managed_flow_mfp_m577_b5l50a_firmware -
hp laserjet_mfp_m232e_6gx09a_firmware -
hp color_laserjet_pro_m454_w1y45a_firmware -
hp laserjet_tank_mfp_2606_381u6a_firmware -
hp laserjet_mfp_m236_9yg11a_firmware -
hp laserjet_pro_m15_w2g53a_firmware -
hp laserjet_pro_mfp_m31_y5s55a_firmware -
hp laserjet_pro_m702_b6s01a_firmware -
hp color_laserjet_managed_mfp_e78226_17f27aw_firmware -
hp color_laserjet_managed_mfp_e77425_5cm78a_firmware -
hp laserjet_tank_mfp_2602_2r3f0a_firmware -
hp designjet_xl_3600_mfp_6dh33i_firmware -
hp color_laserjet_managed_mfp_e78330_8gr98a_firmware -
hp laserjet_enterprise_600_m602_ce993a_firmware -
hp color_laserjet_managed_e75245_t3u44a_firmware -
hp laserjet_pro_mfp_m426_c5f99a_firmware -
hp deskjet_3700_t8w56a_firmware -
hp laserjet_managed_mfp_flow_e62555_j8j66a_firmware -
hp color_laserjet_managed_e85055_t3u66a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a84a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs50a_firmware -
hp laserjet_pro_mfp_m427_c5f98a_firmware -
hp laserjet_enterprise_flow_mfp_m635_7ps99a_firmware -
hp officejet_202_n4l14c_firmware -
hp designjet_z9_x9d24h_firmware *
hp laserjet_mfp_m139_7md72a_firmware -
hp laserjet_managed_mfp_e82540_x3a71a_firmware -
hp smart_tank_plus_650_y0f71a_firmware -
hp laserjet_pro_m305_w1a47a_firmware -
hp pagewide_pro_477dw_d3q20a_firmware -
hp designjet_t1700_w6b55e_firmware -
hp designjet_z9_x9d24b_firmware *
hp laserjet_m204_g3q46a_firmware -
hp laserjet_mfp_m233e_6gx09a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a83a_firmware -
hp laserjet_m209_9yf85a_firmware -
hp color_laserjet_managed_flow_e77426_5cm78a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z06a_firmware -
hp deskjet_ink_advantage_3700_3yz74a_firmware -
hp laserjet_mfp_m139e_7md70e_firmware -
hp laserjet_enterprise_mfp_m528_1pv64a_firmware -
hp laserjet_pro_m521_a8p80a_firmware -
hp color_laserjet_pro_mfp_m479_w1a81a_firmware -
hp laserjet_m112_2u582a_firmware -
hp laserjet_enterprise_m507_1pv88a_firmware -
hp color_laserjet_enterprise_m553_b5l26a_firmware *
hp officejet_pro_8710_j6x78a_firmware -
hp laserjet_tank_2504_2r7f4a_firmware -
hp laserjet_mfp_m233_6gw99a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z63a_firmware -
hp laserjet_mfp_m139_7md76a_firmware -
hp pagewide_enterprise_color_mfp_780_j7z10a_firmware -
hp laserjet_mfp_m139e_2a130e_firmware -
hp pagewide_managed_color_mfp_p77960_5zn00a_firmware -
hp laserjet_pro_mfp_m428_w1a31a_firmware -
hp color_laserjet_managed_flow_e77423_5cm78a_firmware -
hp scanjet_enterprise_8500_fn1_l2719a_firmware -
hp pagewide_enterprise_color_556_g1w46a_firmware -
hp laserjet_enterprise_500_color_m551_cf083a_firmware -
hp laserjet_mfp_m131_g3q67a_firmware -
hp smart_tank_510_6hf11a_firmware -
hp designjet_t1700_w6b56d_firmware *
hp laserjet_enterprise_mfp_m633_j8j78a_firmware -
hp laserjet_managed_mfp_e72535_z8z07a_firmware -
hp color_laserjet_managed_mfp_e77424_5cm79a_firmware -
hp laserjet_managed_mfp_e72425_5cm70a_firmware -
hp laserjet_pro_m225_c6n22a_firmware -
hp laserjet_mfp_m133_g3q57a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z02a_firmware -
hp laserjet_pro_mfp_m28_w2g55a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a72a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a74a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs14a_firmware -
hp laserjet_enterprise_mfp_m527_f2a78a_firmware -
hp deskjet_2600_v1n04a_firmware -
hp laserjet_mfp_m133_g3q63a_firmware -
hp deskjet_2600_y5h62a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a10a_firmware -
hp smart_tank_720_28b51a_firmware -
hp laserjet_mfp_m233_9yf94a_firmware -
hp deskjet_3630_f5s57a_firmware -
hp laserjet_pro_mfp_m428_w1a29a_firmware -
hp color_laserjet_managed_flow_e77423_5cm77a_firmware -
hp deskjet_3700_t8w94a_firmware -
hp laserjet_managed_500_color_mfp_m575_l3u45a_firmware -
hp officejet_pro_9020_1mr77a_firmware -
hp deskjet_ink_advantage_3700_4sc30a_firmware -
hp pagewide_managed_p75050dw_y3z47a_firmware -
hp smart_tank_670_2h1w1a_firmware -
hp designjet_t1700_w6b56a_firmware *
hp laserjet_enterprise_600_m603_ce995a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z65a_firmware -
hp laserjet_m103_g3q37a_firmware -
hp laserjet_tank_mfp_1602_2r3e7a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_firmware -
hp color_laserjet_managed_e65160_3gy04a_firmware -
hp color_laserjet_pro_mfp_m479_w1a78a_firmware -
hp pagewide_xl_8200_4vw18f_firmware -
hp color_laserjet_managed_mfp_e78225_8gs15a_firmware -
hp laserjet_mfp_m236e_6gx09e_firmware -
hp laserjet_m209_9yf82a_firmware -
hp designjet_t1700_w6b56b_firmware *
hp laserjet_managed_e60075_m0p40a_firmware -
hp color_laserjet_managed_mfp_e77426_5cm78a_firmware -
hp laserjet_enterprise_mfp_m527_f2a81a_firmware -
hp laserjet_mfp_m233e_6gx02e_firmware -
hp pagewide_managed_color_mfp_e77650_j7z05a_firmware -
hp pagewide_managed_color_mfp_e77650_z5g79a_firmware -
hp laserjet_enterprise_700_color_mfp_m775_cc524a_firmware -
hp laserjet_tank_mfp_2606_2r7f5a_firmware -
hp laserjet_mfp_m236e_6gx02e_firmware -
hp laserjet_mfp_m141_7md75a_firmware -
hp color_laserjet_managed_mfp_e77427_5cm75a_firmware -
hp officejet_6950_p4c84a_firmware -
hp color_laserjet_pro_m254_t6b56a_firmware -
hp laserjet_mfp_m129_g3q66a_firmware -
hp designjet_t1700_w6b55d_firmware *
hp color_laserjet_pro_mfp_m184_7kw58a_firmware -
hp pagewide_enterprise_color_flow_mfp_780f_firmware -
hp pagewide_managed_color_mfp_p77950_y3z62a_firmware -
hp smart_tank_720_28b54a_firmware -
hp smart_tank_610_3yw51a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs43a_firmware -
hp officejet_8022e_1k7k6a_firmware -
hp laserjet_tank_mfp_2604_381v0a_firmware -
hp color_laserjet_pro_m153_t6b47a_firmware -
hp envy_inspire_7900e_31k22d_firmware -
hp laserjet_managed_flow_mfp_m525_l3u60a_firmware -
hp color_laserjet_pro_mfp_m478_w1a79a_firmware -
hp color_laserjet_managed_mfp_e77427_5cm78a_firmware -
hp laserjet_mfp_m133_g3q61a_firmware -
hp laserjet_pro_m403_f6j43a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z09a_firmware -
hp color_laserjet_managed_mfp_e77427_5cm79a_firmware -
hp color_laserjet_pro_m255_7kw64a_firmware -
hp color_laserjet_managed_flow_e77424_5cm78a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z68a_firmware -
hp designjet_z9_x9d24e_firmware *
hp designjet_t1600_36"_3ek13f_firmware *
hp deskjet_ink_advantage_ultra_5730_f5s60a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z0a_firmware -
hp laserjet_managed_mfp_e82550_x3a79a_firmware -
hp color_laserjet_pro_mfp_m283_7kw73a_firmware -
hp laserjet_mfp_m232_6gw71a_firmware -
hp pagewide_xl_8200_4vw18a_firmware -
hp deskjet_2700e_2a9q5a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm76a_firmware -
hp color_laserjet_managed_mfp_m577_b5l49a_firmware -
hp designjet_z9_w3z72d_firmware *
hp laserjet_mfp_m134_g3q61a_firmware -
hp laserjet_mfp_m134_g3q66a_firmware -
hp designjet_z6_t8w16e_firmware *
hp designjet_z6_t8w18h_firmware *
hp officejet_pro_6970_t0f33a_firmware -
hp laserjet_mfp_m131_g3q65a_firmware -
hp color_laserjet_pro_m453_w1y43a_firmware -
hp laserjet_mfp_m233_9yf97a_firmware -
hp laserjet_managed_mfp_e82540du_5rc84a_firmware -
hp pagewide_managed_color_e55650_l3u44a_firmware -
hp color_laserjet_pro_mfp_m285_7kw74a_firmware -
hp laserjet_managed_e60055_m0p40a_firmware -
hp pagewide_managed_color_mfp_p77950_5zn99a_firmware -
hp laserjet_managed_mfp_e82540_z8z23a_firmware -
hp officejet_managed_color_mfp_x585_l3u40a_firmware -
hp color_laserjet_pro_m154_t6b55a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs50a_firmware -
hp color_laserjet_pro_mfp_m479_w1a82a_firmware -
hp laserjet_pro_m226_c6n22a_firmware -
hp laserjet_pro_m404_w1a59a_firmware -
hp laserjet_m109_2u584a_firmware -
hp laserjet_pro_m704_k9g91a_firmware -
hp laserjet_enterprise_mfp_m630_j7x28a_firmware -
hp laserjet_enterprise_m604_e6b67a_firmware -
hp laserjet_enterprise_m609_k0q21a_firmware -
hp laserjet_enterprise_m609_k0q20a_firmware -
hp laserjet_pro_mfp_m427_f6w18a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z08a_firmware -
hp color_laserjet_pro_mfp_m181_t6b70a_firmware -
hp color_laserjet_pro_mfp_m184_7kw54a_firmware -
hp laserjet_pro_mfp_m426_f6w18a_firmware -
hp officejet_3830_f5r95a_firmware -
hp color_laserjet_managed_e65150_3gy03a_firmware -
hp pagewide_enterprise_color_flow_mfp_785_j7z12a_firmware -
hp laserjet_mfp_m134_g3q60a_firmware -
hp laserjet_mfp_m142_2a129a_firmware -
hp color_laserjet_pro_mfp_m282_7kw77a_firmware -
hp deskjet_2700e_26k67b_firmware -
hp designjet_z6_t8w15f_firmware *
hp laserjet_managed_flow_mfp_e72530_x3a63a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs13a_firmware -
hp laserjet_mfp_m234_9yg02a_firmware -
hp laserjet_mfp_m232_9yg05a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr94a_firmware -
hp deskjet_plus_4100_7mr24a_firmware -
hp deskjet_3700_t8w96a_firmware -
hp laserjet_managed_mfp_e62655_3gy18a_firmware -
hp smart_tank_7000_2g9q2a_firmware -
hp laserjet_pro_m225_cf485a_firmware -
hp laserjet_pro_mfp_m28_w2g57a_firmware -
hp designjet_t1700_1vd88b_firmware *
hp color_laserjet_pro_mfp_m184_7kw59a_firmware -
hp laserjet_managed_mfp_e62655_3gy14a_firmware -
hp laserjet_mfp_m235_9yg02a_firmware -
hp laserjet_pro_m702_b6s02a_firmware -
hp color_laserjet_pro_mfp_m277_b3q11a_firmware -
hp color_laserjet_pro_mfp_m274_b3q17a_firmware -
hp laserjet_mfp_m237_9yf94a_firmware -
hp laserjet_m203_g3q47a_firmware -
hp laserjet_tank_mfp_2603_2r7f5a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z68a_firmware -
hp color_laserjet_enterprise_flow_mfp_m880z_l3u52a_firmware *
hp laserjet_m111_7md66a_firmware -
hp pagewide_pro_772dn_y3z54a_firmware -
hp smart_tank_670_28c12a_firmware -
hp laserjet_pro_m403_f6j42a_firmware -
hp laserjet_pro_m704_b6s01a_firmware -
hp digital_sender_flow_8500_fn2_l2762a_firmware -
hp color_laserjet_pro_m452_cf388v_firmware -
hp laserjet_pro_m14_w2g51a_firmware -
hp laserjet_mfp_m232_9yf89a_firmware -
hp laserjet_managed_mfp_e52545_3gy19a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a65a_firmware -
hp laserjet_mfp_m236_9yg09a_firmware -
hp laserjet_mfp_m141_2a129a_firmware -
hp laserjet_pro_m435_a3e42a_firmware -
hp color_laserjet_managed_flow_e77425_5cm77a_firmware -
hp color_laserjet_enterprise_m651_h0dc9a_firmware *
hp laserjet_managed_mfp_e82540du_5fm76a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a78a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z0a_firmware -
hp designjet_z6+_pro_2qu25a_firmware *
hp color_laserjet_pro_mfp_m282_7kw73a_firmware -
hp laserjet_managed_500_mfp_m525_l3u60a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z04a_firmware -
hp envy_inspire_7900e_31k21d_firmware -
hp laserjet_managed_e60165_3gy12a_firmware -
hp laserjet_pro_m15_w2g50a_firmware -
hp laserjet_mfp_m129_g3q60a_firmware -
hp color_laserjet_managed_mfp_e77422_5rc91a_firmware -
hp color_laserjet_pro_mfp_m479_w1a75a_firmware -
hp deskjet_plus_4100_7fs88a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a78a_firmware -
hp color_laserjet_pro_mfp_m478_w1a76a_firmware -
hp laserjet_managed_500_mfp_m525_l3u59a_firmware -
hp laserjet_pro_mfp_m426_1gp80a_firmware -
hp color_laserjet_pro_m254_t6b62a_firmware -
hp laserjet_mfp_m142_7md75a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z04a_firmware -
hp deskjet_2600_y5h64a_firmware -
hp deskjet_3700_t8w52a_firmware -
hp laserjet_managed_mfp_e72525_z8z07a_firmware -
hp envy_6000e_223n2a_firmware -
hp deskjet_ink_advantage_3700_t8w38a1_firmware -
hp officejet_pro_8210_d9l63a_firmware -
hp laserjet_m207_6gw62a_firmware -
hp deskjet_3630_k4t94a_firmware -
hp color_laserjet_enterprise_flow_mfp_m880z_a2w75a_firmware *
hp color_laserjet_managed_mfp_e87640du_5rc87a_firmware -
hp laserjet_pro_m706_k9g90a_firmware -
hp laserjet_tank_mfp_2602_381v0a_firmware -
hp officejet_pro_8030e_5lj14a_firmware -
hp laserjet_mfp_m140_7md70f_firmware -
hp laserjet_managed_mfp_e72525_z8z08a_firmware -
hp pagewide_managed_p75050dn_y3z45a_firmware -
hp smart_tank_7600_28b99a_firmware -
hp laserjet_pro_m14_w2g52a_firmware -
hp laserjet_m211_9yf84a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe98a_firmware -
hp officejet_enterprise_color_mfp_x585_b5l05a_firmware -
hp designjet_t2600_36"_mfp_3xb78a_firmware *
hp laserjet_managed_mfp_e72530_x3a66a_firmware -
hp laserjet_managed_m506_f2a66a_firmware -
hp pagewide_xl_5200_4vw17f_firmware -
hp laserjet_managed_mfp_flow_e62565_j8j79a_firmware -
hp envy_6000_5se19a_firmware -
hp laserjet_mfp_m141_7md73a_firmware -
hp laserjet_managed_mfp_e62565_j8j67a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a80a_firmware -
hp laserjet_mfp_m234e_6gx00e_firmware -
hp laserjet_managed_mfp_e82540du_5cm59a_firmware -
hp smart_tank_6000_30s82a_firmware -
hp laserjet_m105_g3q39a_firmware -
hp deskjet_plus_ink_advantage_4100_4ws36b_firmware -
hp smart_tank_510_3yw71a_firmware -
hp laserjet_managed_mfp_e72535_x3a60a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z61a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm63a_firmware -
hp designjet_t1700_w6b55h_firmware -
hp color_laserjet_managed_mfp_e78330_8pe97a_firmware -
hp laserjet_mfp_m232_9yg11a_firmware -
hp pagewide_managed_p77740z_w1b39a_firmware -
hp smart_tank_6000_2h1w2a_firmware -
hp laserjet_m206_g3q46a_firmware -
hp color_laserjet_pro_m253_t6b62a_firmware -
hp deskjet_3630_f5s43a_firmware -
hp color_laserjet_managed_flow_e77425_5rc92a_firmware -
hp laserjet_pro_m705_k9g91a_firmware -
hp laserjet_tank_2506_381v4a_firmware -
hp laserjet_managed_mfp_flow_e62555_j8j74a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe94a_firmware -
hp laserjet_mfp_m142_2u589a_firmware -
hp laserjet_pro_m706_b6s01a_firmware -
hp laserjet_mfp_m229_g3q78a_firmware -
hp color_laserjet_managed_m553_b5l24a_firmware *
hp laserjet_pro_mfp_m30_w2g54a_firmware -
hp laserjet_managed_e60065_m0p35a_firmware -
hp officejet_pro_8020e_1k7k7a_firmware -
hp deskjet_plus_4100_7fs79a_firmware -
hp officejet_pro_8740_k7s42a_firmware -
hp laserjet_enterprise_flow_mfp_m525_firmware -
hp laserjet_enterprise_flow_mfp_m636_7pt01a_firmware -
hp color_laserjet_pro_m454_w1y44a_firmware -
hp smart_tank_720_28b79a_firmware -
hp deskjet_plus_ink_advantage_4100_7fs99b_firmware -
hp color_laserjet_pro_m153_t6b46a_firmware -
hp deskjet_3630_k4t97a_firmware -
hp deskjet_ink_advantage_3830_f5r96a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a11a_firmware -
hp laserjet_mfp_m227_q3q75a_firmware -
hp laserjet_managed_flow_mfp_e82540_az8z20a_firmware -
hp color_laserjet_pro_m155_7kw48a_firmware -
hp laserjet_m104_g3q39a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a84a_firmware -
hp color_laserjet_managed_m553_b5l38a_firmware *
hp officejet_enterprise_color_x555_l1h45a_firmware -
hp officejet_3830_k7v36a_firmware -
hp laserjet_m119_4pa39a_firmware -
hp designjet_z9_w3z71c_firmware *
hp laserjet_enterprise_m604_e6b68a_firmware -
hp laserjet_managed_mfp_e82540du_5rc83a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_z8z13a_firmware -
hp laserjet_m105_g3q36a_firmware -
hp laserjet_m111_2u584a_firmware -
hp designjet_xl_3600_mfp_6dh33c_firmware -
hp pagewide_enterprise_color_556_g1w46v_firmware -
hp designjet_t1700_w6b56h_firmware *
hp officejet_pro_6970_t0f34a_firmware -
hp laserjet_managed_flow_mfp_m527z_f2a80a_firmware -
hp designjet_xl_3600_mfp_6kd26l_firmware -
hp color_laserjet_managed_mfp_flow_e87640_z8z15a_firmware -
hp designjet_t1700_w6b55b_firmware *
hp laserjet_enterprise_600_m603_ce996a_firmware -
hp color_laserjet_pro_mfp_m284_7kw78a_firmware -
hp color_laserjet_pro_mfp_m477_cf379a_firmware -
hp laserjet_mfp_m236_6gw71a_firmware -
hp laserjet_managed_mfp_e82560du_5fm77a_firmware -
hp laserjet_m207_9yf82a_firmware -
hp color_laserjet_managed_mfp_e87650du_5fm81a_firmware -
hp deskjet_2600_y5h60a_firmware -
hp deskjet_3700_j9v90a_firmware -
hp laserjet_managed_mfp_e62565_j8j80a_firmware -
hp laserjet_mfp_m234e_6gx09e_firmware -
hp color_laserjet_managed_mfp_e77830_z8z01a_firmware -
hp laserjet_enterprise_m611_7ps85a_firmware -
hp color_laserjet_managed_mfp_e57540_3gy25a_firmware -
hp designjet_xl_3600_mfp_6kd23g_firmware -
hp color_laserjet_managed_mfp_e78330_8gs27a_firmware -
hp laserjet_enterprise_flow_mfp_m632_j8j71a_firmware -
hp laserjet_pro_m403_g3v21a_firmware -
hp color_laserjet_pro_mfp_m280_t6b86a_firmware -
hp officejet_pro_8020_5lj18a_firmware -
hp laserjet_pro_m702_b6s00a_firmware -
hp envy_inspire_7900e_349v2b_firmware -
hp pagewide_enterprise_color_flow_mfp_586z_g1w39a_firmware -
hp color_laserjet_managed_mfp_e77428_5rc91a_firmware -
hp laserjet_managed_mfp_e82560_x3a82a_firmware -
hp officejet_pro_8030e_5lj23a_firmware -
hp laserjet_mfp_m233_9yg10a_firmware -
hp laserjet_mfp_m234_6gx04a_firmware -
hp deskjet_2700e_26k70b_firmware -
hp laserjet_m111e_2u582e_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l46a_firmware -
hp officejet_pro_8740_j6x83a_firmware -
hp laserjet_tank_mfp_2602_381u1a_firmware -
hp laserjet_pro_mfp_m429_w1a31a_firmware -
hp pagewide_managed_color_mfp_p77950_5zn00a_firmware -
hp laserjet_enterprise_mfp_m634_7ps95a_firmware -
hp color_laserjet_pro_m454_w1y46a_firmware -
hp pagewide_enterprise_color_flow_mfp_785_j7z11a_firmware -
hp laserjet_pro_m702_k9g91a_firmware -
hp officejet_pro_9010_1kr46a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs15a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z65a_firmware -
hp laserjet_mfp_m129_g3q68a_firmware -
hp deskjet_plus_ink_advantage_6400_5sd79a_firmware -
hp color_laserjet_managed_mfp_e77426_5cm77a_firmware -
hp laserjet_managed_mfp_e82540_az8z20a_firmware -
hp laserjet_mfp_m228_g3q76a_firmware -
hp laserjet_mfp_m141_7md76a_firmware -
hp smart_tank_670_2h3n3a_firmware -
hp laserjet_m110e_7md66e_firmware -
hp laserjet_mfp_m232e_6gx01a_firmware -
hp color_laserjet_pro_mfp_m284_7kw72a_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u69a_firmware -
hp color_laserjet_managed_flow_e77426_5cm75a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z23a_firmware -
hp designjet_z9w3z72f_firmware *
hp laserjet_enterprise_mfp_m631_j8j65a_firmware -
hp deskjet_2700e_297x0a_firmware -
hp color_laserjet_pro_m452_cf389a_firmware -
hp color_laserjet_pro_m153_t6b49a_firmware -
hp color_laserjet_managed_flow_e77424_5cm75a_firmware -
hp laserjet_managed_mfp_e72530_x3a65a_firmware -
hp laserjet_pro_m404_w1a63a_firmware -
hp designjet_z6_t8w16c_firmware *
hp color_laserjet_managed_mfp_e78224_8gs43a_firmware -
hp laserjet_tank_1503_2r7f3a_firmware -
hp smart_tank_510_3yw75a_firmware -
hp designjet_t2600_36"_mfp_3ek15b_firmware *
hp laserjet_mfp_m230_g3q77a_firmware -
hp color_laserjet_managed_flow_e77423_5cm75a_firmware -
hp laserjet_pro_m405_w1a51a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs13a_firmware -
hp color_laserjet_enterprise_m855_d7p72a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a71a_firmware -
hp smart_tank_510_3yw74a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs13a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l47a_firmware -
hp laserjet_mfp_m233_6gx06a_firmware -
hp laserjet_enterprise_mfp_m634_7ps94a_firmware -
hp pagewide_managed_p75050dw_y3z45a_firmware -
hp envy_6000_5se18a_firmware -
hp deskjet_plus_ink_advantage_4100_7hz76b_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a80a_firmware -
hp color_laserjet_pro_mfp_m280_t6b83a_firmware -
hp laserjet_mfp_m134_g3q63a_firmware -
hp laserjet_enterprise_m506_f2a68a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l48a_firmware -
hp laserjet_managed_mfp_flow_e62555_j8j79a_firmware -
hp laserjet_mfp_m140e_7md74e_firmware -
hp laserjet_enterprise_flow_mfp_m633_j8j78a_firmware -
hp laserjet_tank_mfp_2602_381u8a_firmware -
hp laserjet_managed_mfp_e72430_5cm68a_firmware -
hp designjet_z9_w3z72e_firmware *
hp color_laserjet_managed_flow_mfp_e77825_z8z0a_firmware -
hp laserjet_managed_500_color_mfp_m575_l3u46a_firmware -
hp laserjet_mfp_m132_g3q64a_firmware -
hp designjet_z6_t8w15e_firmware *
hp laserjet_pro_mfp_m30_y5s54a_firmware -
hp deskjet_4100e_2a9t7a_firmware -
hp pagewide_xl_5200_4vw21a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs15a_firmware -
hp color_laserjet_pro_m256_7kw65a_firmware -
hp laserjet_managed_flow_mfp_m630_l3u62a_firmware -
hp laserjet_mfp_m236_6gw99a_firmware -
hp laserjet_mfp_m234_9yf92a_firmware -
hp laserjet_mfp_m237e_6gx01a_firmware -
hp deskjet_3700_t8w95a_firmware -
hp color_laserjet_managed_mfp_e47528_3qa75a_firmware -
hp deskjet_ink_advantage_2700_7fr20a_firmware -
hp deskjet_plus_4100_7fs75d_firmware -
hp color_laserjet_managed_mfp_e77822_x3a78a_firmware -
hp laserjet_mfp_m139_2a130a_firmware -
hp laserjet_mfp_m139_7md73a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z0a_firmware -
hp laserjet_mfp_m139_2u589f_firmware -
hp laserjet_managed_mfp_e82540_x3a79a_firmware -
hp color_laserjet_managed_mfp_e77423_5rc91a_firmware -
hp deskjet_ink_advantage_3630_f5s44a_firmware -
hp officejet_8022_3uc65a_firmware -
hp laserjet_pro_m402_c5f92a_firmware -
hp laserjet_mfp_m131_g3q61a_firmware -
hp laserjet_managed_mfp_e82560_x3a74a_firmware -
hp laserjet_enterprise_600_m601_ce989a_firmware -
hp deskjet_2700_3xv19a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs44a_firmware -
hp envy_6000e_223n1a_firmware -
hp laserjet_enterprise_flow_mfp_m830_cf367a_firmware -
hp laserjet_mfp_m237_9yg08a_firmware -
hp laserjet_mfp_m140_2a130a_firmware -
hp color_laserjet_managed_mfp_e77425_5cm79a_firmware -
hp laserjet_enterprise_m407_3pz16a_firmware -
hp smart_tank_6000_2h0b9a_firmware -
hp color_laserjet_managed_mfp_e78224_8gs36a_firmware -
hp laserjet_managed_mfp_e82560_x3a79a_firmware -
hp designjet_t1700_w6b56c_firmware -
hp color_laserjet_pro_mfp_m284_7kw73a_firmware -
hp smart_tank_7000_6uu46a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs43a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_x3a90a_firmware -
hp laserjet_managed_flow_mfp_m527z_f2a79a_firmware -
hp laserjet_mfp_m237e_6gx02e_firmware -
hp officejet_pro_6970_j7k41a_firmware -
hp laserjet_mfp_m141e_2a130e_firmware -
hp laserjet_mfp_m227_g3q74a_firmware -
hp hp_color_laserjet_enterprise_m555_7zu79a_firmware *
hp laserjet_managed_m506_f2a71a_firmware -
hp color_laserjet_managed_mfp_e78227_19gsaw_firmware -
hp deskjet_2700_7fr58a_firmware -
hp smart_tank_610_7xv38a_firmware -
hp deskjet_ink_advantage_3630_f5s45a_firmware -
hp laserjet_pro_m405_w1a52a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs00a_firmware -
hp laserjet_managed_mfp_e72525_x3a63a_firmware -
hp laserjet_managed_mfp_e82560_az8z20a_firmware -
hp laserjet_tank_2502_2r3e3a_firmware -
hp designjet_t1700_w6b56g_firmware -
hp color_laserjet_managed_mfp_e67660_3gy32a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_x3a89a_firmware -
hp color_laserjet_pro_mfp_m281_t6b82a_firmware -
hp laserjet_managed_e50045_3gn19a_firmware -
hp laserjet_pro_mfp_m429_w1a34a_firmware -
hp officejet_6950_p4c81a_firmware -
hp laserjet_mfp_m237_9yf90a_firmware -
hp deskjet_2600_v1n05a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs01a_firmware -
hp color_laserjet_pro_mfp_m477_cf378a_firmware -
hp laserjet_managed_e60065_m0p33a_firmware -
hp laserjet_managed_e40040_3pz35a_firmware -
hp laserjet_pro_m701_b6s01a_firmware -
hp designjet_t1700_1vd87f_firmware -
hp laserjet_tank_mfp_1604_2r3e7a_firmware -
hp smart_tank_plus_550_3yw72a_firmware -
hp color_laserjet_enterprise_m751_t3u64a_firmware -
hp laserjet_mfp_m233_9yf95a_firmware -
hp deskjet_3630_k4t93a_firmware -
hp laserjet_m211_6gw63a_firmware -
hp laserjet_managed_mfp_e82550du_5fm78a_firmware -
hp laserjet_pro_m405_w1a56a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a12a_firmware -
hp designjet_t2600_36"_mfp_3ek15k_firmware *
hp laserjet_enterprise_m506_f2a67a_firmware -
hp laserjet_pro_m17_w2g53a_firmware -
hp color_laserjet_pro_m254_t6b65a_firmware -
hp laserjet_pro_m17_w2g52a_firmware -
hp laserjet_pro_mfp_m428_w1a33a_firmware -
hp laserjet_managed_mfp_e82550_x3a69a_firmware -
hp color_laserjet_managed_flow_e77425_5cm75a_firmware -
hp laserjet_managed_mfp_e82550du_5fm77a_firmware -
hp laserjet_managed_color_flow_mfp_m575_l3u45a_firmware -
hp laserjet_mfp_m235_6gw99a_firmware -
hp laserjet_mfp_m235_6gx03a_firmware -
hp laserjet_managed_mfp_e62565_j8j66a_firmware -
hp deskjet_plus_4100_3xv13a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a60a_firmware -
hp laserjet_mfp_m134_g3q59a_firmware -
hp laserjet_pro_mfp_m30_w2g57a_firmware -
hp envy_6000_5se17a_firmware -
hp designjet_z6+_pro_2qu25f_firmware -
hp color_laserjet_cm5525_mfp_ce709a_firmware *
hp officejet_pro_8210_j3p66a_firmware -
hp deskjet_3700_t8w83a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a79a_firmware -
hp color_laserjet_pro_mfp_m182_7kw56a_firmware -
hp laserjet_tank_mfp_2606_381u8a_firmware -
hp laserjet_enterprise_flow_mfp_m634_7ps95a_firmware -
hp laserjet_managed_mfp_e72525_z8z010a_firmware -
hp laserjet_tank_mfp_2605_381u6a_firmware -
hp laserjet_pro_m304_w1a47a_firmware -
hp laserjet_pro_mfp_m30_w2g56a_firmware -
hp laserjet_m111e_7md66e_firmware -
hp officejet_pro_6970_t0f35a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z011a_firmware -
hp designjet_z9_w3z71d_firmware *
hp laserjet_pro_m402_f6j41a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z01a_firmware -
hp deskjet_2700e_26k72a_firmware -
hp laserjet_pro_mfp_m29_w2g54a_firmware -
hp laserjet_tank_mfp_2604_381v1a_firmware -
hp designjet_xl_3600_mfp_6dh33f_firmware -
hp laserjet_enterprise_mfp_m725_cf066a_firmware -
hp laserjet_mfp_m234_6gx06a_firmware -
hp laserjet_mfp_m133_g3q64a_firmware -
hp laserjet_mfp_m237e_6gx05e_firmware -
hp laserjet_managed_mfp_e72425_5cm72a_firmware -
hp pagewide_color_mfp_774_4pa44a_firmware -
hp color_laserjet_managed_flow_e67660_3gy31a_firmware -
hp laserjet_m105_g3q35a_firmware -
hp laserjet_tank_mfp_1005_381u4a_firmware -
hp deskjet_2600_y5h66a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_x3a87a_firmware -
hp laserjet_pro_m15_w2g51a_firmware -
hp designjet_z9_w3z72c_firmware *
hp laserjet_mfp_m237_9yg10a_firmware -
hp laserjet_tank_mfp_2605_2r3f0a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr95a_firmware -
hp color_laserjet_managed_mfp_flow_e87660_x3a89a_firmware -
hp officejet_6960_t0g26a_firmware -
hp officejet_pro_8020_5lj19a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r66a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs36a_firmware -
hp color_laserjet_enterprise_m652_j7z98a_firmware -
hp designjet_t2600_36"_mfp_y3t75a_firmware *
hp laserjet_mfp_m140_7md69a_firmware -
hp laserjet_tank_mfp_2605_381u7a_firmware -
hp designjet_t1700_1vd87a_firmware *
hp pagewide_enterprise_color_765_j7z04a_firmware -
hp smart_tank_7600_28c03a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs25a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp26a_firmware -
hp laserjet_managed_mfp_e72530_z8z09a_firmware -
hp laserjet_mfp_m142_7md69a_firmware -
hp pagewide_enterprise_color_mfp_586_g1w39a_firmware -
hp laserjet_managed_mfp_e72530_x3a59a_firmware -
hp laserjet_mfp_m129_g3q61a_firmware -
hp laserjet_tank_1502_2r3e2a_firmware -
hp deskjet_ink_advantage_ultra_4800_25r69a_firmware -
hp smart_tank_720_2h1t6a_firmware -
hp deskjet_3700_t8w58a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs50a_firmware -
hp color_laserjet_pro_m154_t6b53a_firmware -
hp deskjet_3700_t8w93a_firmware -
hp designjet_t1600_36"_3ek12a_firmware *
hp color_laserjet_managed_flow_mfp_e67560_l3u66a_firmware -
hp laserjet_managed_mfp_flow_e62565_j8j74a_firmware -
hp deskjet_4100e_26q94a_firmware -
hp color_laserjet_managed_flow_e77422_5cm79a_firmware -
hp laserjet_mfp_m236_9yf90a_firmware -
hp envy_inspire_7900e_2h2m8a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a59a_firmware -
hp laserjet_m110_7md66a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm75a_firmware -
hp hp_color_laserjet_enterprise_m554_7zu81a_firmware *
hp laserjet_managed_mfp_e72425_5cm68a_firmware -
hp deskjet_2600_y5h68a_firmware -
hp color_laserjet_enterprise_flow_mfp_m680_cz248a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_z8z14a_firmware -
hp laserjet_m210_6gw61a_firmware -
hp laserjet_mfp_m236e_9yf91e_firmware -
hp laserjet_mfp_m233e_9yg02e_firmware -
hp officejet_6950_p4c78a_firmware -
hp smart_tank_7600_28b97a_firmware -
hp pagewide_enterprise_color_mfp_780_j7z09a_firmware -
hp laserjet_m112_7md66a_firmware -
hp color_laserjet_managed_mfp_e87660du_5fm82a_firmware -
hp laserjet_managed_flow_mfp_e52545c_firmware -
hp color_laserjet_managed_mfp_e57540_3gy26a_firmware -
hp color_laserjet_managed_mfp_e77423_5cm77a_firmware -
hp color_laserjet_managed_mfp_e77424_5cm76a_firmware -
hp laserjet_m109e_7md68e_firmware -
hp color_laserjet_enterprise_mfp_m682_j8a17a_firmware -
hp pagewide_managed_color_mfp_p77940_5zn00a_firmware -
hp laserjet_tank_mfp_1603_2r3e7a_firmware -
hp color_laserjet_managed_mfp_e77426_5cm79a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a80a_firmware -
hp deskjet_plus_ink_advantage_4100_7ft02b_firmware -
hp laserjet_mfp_m234e_6gx05e_firmware -
hp officejet_8010_1kr58a_firmware -
hp color_laserjet_m578_mfp_7zu87a_firmware *
hp smart_tank_6000_2h3n3a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z08a_firmware -
hp laserjet_mfp_m236_6gx05a_firmware -
hp laserjet_pro_mfp_m29_w2g55a_firmware -
hp laserjet_enterprise_flow_mfp_m635_7ps97a_firmware -
hp laserjet_mfp_m142_7md73a_firmware -
hp laserjet_tank_mfp_2606_381u1a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs15a_firmware -
hp laserjet_pro_mfp_m427_f6w19a_firmware -
hp designjet_z6_t8w18d_firmware *
hp laserjet_mfp_m233e_9yf91e_firmware -
hp color_laserjet_enterprise_m554_7zu79a_firmware -
hp officejet_pro_6970_t0f37a_firmware -
hp smart_tank_510_1tj12a_firmware -
hp pagewide_enterprise_color_flow_mfp_586z_g1w40a_firmware -
hp color_laserjet_pro_mfp_m282_7kw74a_firmware -
hp laserjet_pro_m226_cf485a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm77a_firmware -
hp laserjet_enterprise_mfp_m632_j8j70a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z63a_firmware -
hp laserjet_m208_6gw61a_firmware -
hp laserjet_mfp_m234e_9yf91e_firmware -
hp pagewide_managed_color_mfp_e58650dn_l3u43a_firmware -
hp laserjet_managed_flow_mfp_e82560_az8z20a_firmware -
hp smart_tank_plus_650_3yw48a_firmware -
hp laserjet_mfp_m140_2u589f_firmware -
hp color_laserjet_managed_mfp_e77424_5rc92a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z05a_firmware -
hp color_laserjet_enterprise_flow_mfp_m680_cz249a_firmware -
hp laserjet_m208_9yf80a_firmware -
hp deskjet_plus_ink_advantage_4100_7ft03b_firmware -
hp smart_tank_720_2h0a6a_firmware -
hp officejet_managed_color_mfp_x585_b5l05a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u70a_firmware -
hp laserjet_m210e_6gw62er_firmware -
hp laserjet_tank_2502_2r7f4a_firmware -
hp deskjet_3755_j9v90a_firmware -
hp deskjet_3755_1lu12a_firmware -
hp smart_tank_720_2g9q2a_firmware -
hp color_laserjet_managed_mfp_e77427_5cm77a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs30a_firmware -
hp laserjet_m110_2u582a_firmware -
hp laserjet_mfp_m236_9yf97a_firmware -
hp laserjet_mfp_m130_g3q62a_firmware -
hp laserjet_tank_1020_381v6a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs12a_firmware -
hp smart_tank_plus_550_1tj11a_firmware -
hp laserjet_m112e_7md66e_firmware -
hp laserjet_pro_mfp_m30_y5s55a_firmware -
hp laserjet_enterprise_flow_mfp_m630_p7z47a_firmware -
hp laserjet_pro_m225_cf486a_firmware -
hp color_laserjet_pro_mfp_m185_7kw57a_firmware -
hp deskjet_2600_v1n03a_firmware -
hp laserjet_managed_mfp_e82550du_5rc83a_firmware -
hp laserjet_mfp_m237_9yg02a_firmware -
hp laserjet_mfp_m235e_6gx02e_firmware -
hp laserjet_m104_g3q34a_firmware -
hp laserjet_pro_m705_b6s00a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs43a_firmware -
hp color_laserjet_pro_m453_w1y45a_firmware -
hp pagewide_xl_5200_4vw19f_firmware -
hp color_laserjet_managed_mfp_e77822_z8z04a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a77a_firmware -
hp laserjet_enterprise_700_m712_cf236a_firmware -
hp laserjet_managed_mfp_flow_e62555_j8j80a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z00a_firmware -
hp laserjet_enterprise_mfp_m630_b3g85a_firmware -
hp laserjet_mfp_m237e_6gx00e_firmware -
hp officejet_pro_8710_j6x76a_firmware -
hp officejet_pro_9020_1mr73a_firmware -
hp laserjet_managed_mfp_flow_e62565_j8j67a_firmware -
hp laserjet_m109_7md66a_firmware -
hp laserjet_mfp_m233_9yf98a_firmware -
hp color_laserjet_pro_m153_t6b50a_firmware -
hp laserjet_mfp_m235_6gx05a_firmware -
hp laserjet_mfp_m141_7md71a_firmware -
hp laserjet_managed_mfp_e72530_z8z06a_firmware -
hp officejet_pro_6960_t0f28a_firmware -
hp designjet_xl_3600_mfp_6kd24f_firmware -
hp color_laserjet_pro_mfp_m284_7kw76a_firmware -
hp laserjet_enterprise_flow_mfp_m633_j8j76a_firmware -
hp pagewide_pro_577z_k9z76a_firmware -
hp designjet_t1700_w6b56b_firmware -
hp color_laserjet_managed_mfp_e78323_8pe97a_firmware -
hp laserjet_enterprise_flow_mfp_m632_j8j72a_firmware -
hp officejet_pro_9010_1kr42a_firmware -
hp pagewide_enterprise_color_mfp_586_g1w40a_firmware -
hp laserjet_mfp_m227_g3q77a_firmware -
hp laserjet_pro_mfp_m427_f6w17a_firmware -
hp color_laserjet_pro_mfp_m185_7kw56a_firmware -
hp color_laserjet_managed_flow_e77423_5cm79a_firmware -
hp officejet_pro_9020_1mr74a_firmware -
hp officejet_pro_8710_j6x81a_firmware -
hp color_laserjet_pro_m154_t6b52a_firmware -
hp color_laserjet_managed_mfp_m775_l3u50a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z61a_firmware -
hp deskjet_2700e_26k72b_firmware -
hp laserjet_pro_mfp_m31_w2g56a_firmware -
hp laserjet_pro_m405_93m22a_firmware -
hp laserjet_pro_mfp_m426_f6w15a_firmware -
hp envy_6000_5se16a_firmware -
hp laserjet_mfp_m129_g3q65a_firmware -
hp designjet_z6_t8w15d_firmware *
hp laserjet_managed_mfp_e82560du_5cm61a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a84a_firmware -
hp laserjet_mfp_m228_g3q79a_firmware -
hp laserjet_pro_m202_c6n21a_firmware -
hp color_laserjet_managed_mfp_e87650du_5fm82a_firmware -
hp laserjet_pro_mfp_m429_w1a30a_firmware -
hp laserjet_managed_mfp_e72535_z8z010a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a83a_firmware -
hp designjet_z6_t8w16h_firmware *
hp deskjet_2600_v1n08a_firmware -
hp laserjet_enterprise_color_flow_mfp_m575_cd644_firmware -
hp designjet_t1700_w6b55h_firmware *
hp laserjet_pro_m202_c6n20a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a74a_firmware -
hp laserjet_managed_mfp_e72530_x3a63a_firmware -
hp color_laserjet_managed_mfp_e78323_9rt91a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z19_firmware -
hp designjet_t1600_36"_3ek13a_firmware *
hp color_laserjet_pro_m453_w1y44a_firmware -
hp laserjet_managed_e50145_1pu51a_firmware -
hp laserjet_enterprise_mfp_m528_1pv66a_firmware -
hp laserjet_pro_m304_w1a48a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u66a_firmware -
hp laserjet_managed_mfp_e82540du_5fm78a_firmware -
hp laserjet_m210_9yf84a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs13a_firmware -
hp color_laserjet_managed_mfp_flow_e87640_x3a89a_firmware -
hp laserjet_pro_mfp_m429_w1a32a_firmware -
hp color_laserjet_managed_mfp_e77425_5cm76a_firmware -
hp pagewide_xl_4200_4vw13f_firmware -
hp designjet_t1700_w6b55e_firmware *
hp envy_6000_6wd35a_firmware -
hp designjet_t1700_w6b55c_firmware *
hp color_laserjet_pro_mfp_m182_7kw59a_firmware -
hp designjet_z6_t8w16a_firmware *
hp deskjet_2600_5sf03a_firmware -
hp designjet_t1700_w6b56f_firmware *
hp laserjet_m112a_2u581a_firmware -
hp laserjet_enterprise_700_m712_cf235a_firmware -
hp laserjet_managed_mfp_e82560du_5cm58a_firmware -
hp color_laserjet_pro_mfp_m184_7kw57a_firmware -
hp color_laserjet_pro_mfp_m477_cf377a_firmware -
hp color_laserjet_enterprise_flow_mfp_m680_ca251a_firmware -
hp color_laserjet_managed_mfp_m775_cf304a_firmware -
hp laserjet_pro_m402_c5j91a_firmware -
hp deskjet_ink_advantage_3700_1dt62a_firmware -
hp officejet_pro_9020e_1g5m0a_firmware -
hp laserjet_mfp_m132_g3q61a_firmware -
hp deskjet_2700e_297x1a_firmware -
hp laserjet_m212e_6gw62er_firmware -
hp designjet_xl_3600_mfp_6dh33h_firmware -
hp pagewide_managed_color_mfp_p77950_y3z65a_firmware -
hp color_laserjet_pro_m153_t6b53a_firmware -
hp deskjet_3630_k4t95a_firmware -
hp laserjet_enterprise_m607_k0q15a_firmware -
hp laserjet_pro_m404_w1a52a_firmware -
hp color_laserjet_pro_mfp_m277_b3q17a_firmware -
hp deskjet_3755_j9v91a_firmware -
hp deskjet_4100e_26q97a_firmware -
hp color_laserjet_managed_flow_mfp_m577_b5l49a_firmware -
hp officejet_pro_6970_j7k34a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm65a_firmware -
hp laserjet_enterprise_m4555_mfp_ce504a_firmware -
hp laserjet_mfp_m236_6gx04a_firmware -
hp laserjet_m210_9yf85a_firmware -
hp color_laserjet_pro_m155_7kw49a_firmware -
hp officejet_pro_8030_5lj17a_firmware -
hp laserjet_mfp_m133_g3q68a_firmware -
hp laserjet_tank_mfp_2605_381u5a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs27a_firmware -
hp officejet_pro_6970_j7k36a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp23a_firmware -
hp laserjet_managed_mfp_e62555_j8j79a_firmware -
hp laserjet_m105_g3q37a_firmware -
hp laserjet_mfp_m234_9yg05a_firmware -
hp laserjet_mfp_m232_9yg08a_firmware -
hp laserjet_managed_mfp_e62565_j8j73a_firmware -
hp color_laserjet_pro_m253_t6b61a_firmware -
hp laserjet_managed_e60065_m0p39a_firmware -
hp laserjet_tank_mfp_2603_381u7a_firmware -
hp laserjet_mfp_m129_g3q64a_firmware -
hp pagewide_managed_p55250dw_j6u55a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs37a_firmware -
hp laserjet_mfp_m236_9yf95a_firmware -
hp laserjet_m110_2u584a_firmware -
hp laserjet_mfp_m133_g3q65a_firmware -
hp deskjet_2700_8rk11a_firmware -
hp laserjet_mfp_m139e_7md76e_firmware -
hp deskjet_plus_4100_7fs77b_firmware -
hp laserjet_mfp_m235_9yf95a_firmware -
hp laserjet_m206_g3q48a_firmware -
hp laserjet_pro_mfp_m427_f6w13a_firmware -
hp officejet_pro_9020e_226y9a_firmware -
hp laserjet_m110_7md68a_firmware -
hp laserjet_managed_mfp_e82560du_5cm59a_firmware -
hp laserjet_pro_m705_k9g90a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a66a_firmware -
hp color_laserjet_pro_mfp_m284_7kw74a_firmware -
hp laserjet_mfp_m235e_6gw99e_firmware -
hp laserjet_tank_mfp_2604_381u8a_firmware -
hp laserjet_managed_flow_mfp_m830_l3u65a_firmware -
hp designjet_z9_w3z71f_firmware *
hp laserjet_managed_flow_mfp_e82550_x3a71a_firmware -
hp laserjet_pro_m226_cf486a_firmware -
hp laserjet_managed_mfp_e62665_3gy14a_firmware -
hp laserjet_mfp_m234_9yf91a_firmware -
hp smart_tank_7000_28b50a_firmware -
hp envy_inspire_7900e_242p6b_firmware -
hp laserjet_managed_mfp_e82560_x3a72a_firmware -
hp officejet_enterprise_color_x555_c2s12a_firmware -
hp deskjet_plus_4100_7fs79b_firmware -
hp deskjet_plus_ink_advantage_6400_5sd78a_firmware -
hp color_laserjet_pro_m254_t6b57a_firmware -
hp color_laserjet_managed_e75245_t3u43a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a69a_firmware -
hp laserjet_m110a_7md67a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_x3a90a_firmware -
hp deskjet_2700e_26k68a_firmware -
hp color_laserjet_enterprise_flow_mfp_m880z_a2w76a_firmware *
hp laserjet_mfp_m134_g3q58a_firmware -
hp laserjet_tank_mfp_1602_381l0a_firmware -
hp officejet_pro_6960_j7k38a_firmware -
hp officejet_252_n4l16c_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u66a_firmware -
hp pagewide_pro_750dw_a7w93a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr95a_firmware -
hp color_laserjet_cm4540_mfp_cc420a_firmware *
hp envy_inspire_7900e_2h2n1b_firmware -
hp envy_inspire_7900e_1w2y9a_firmware -
hp laserjet_m208e_6gw62e_firmware -
hp laserjet_managed_mfp_e82560du_5rc84a_firmware -
hp color_laserjet_enterprise_mfp_m682_j8a16a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs36a_firmware -
hp laserjet_enterprise_mfp_m725_l3u64a_firmware -
hp designjet_xl_3600_mfp_6kd25h_firmware -
hp laserjet_m102_g3q37a_firmware -
hp laserjet_mfp_m235_9yf96a_firmware -
hp officejet_pro_8740_t0g65a_firmware -
hp laserjet_pro_mfp_m28_y5s53a_firmware -
hp laserjet_managed_mfp_e62555_j8j73a_firmware -
hp laserjet_managed_mfp_e82560_z8z22a_firmware -
hp color_laserjet_managed_mfp_e78226_8gs44a_firmware -
hp laserjet_enterprise_m609_k0q22a_firmware -
hp laserjet_managed_mfp_e82560du_5rc83a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a81a_firmware -
hp color_laserjet_pro_mfp_m478_w1a80a_firmware -
hp laserjet_enterprise_500_mfp_m525f_cf116a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp26a_firmware -
hp laserjet_managed_mfp_e82560_z8z19_firmware -
hp color_laserjet_managed_mfp_e78330_8gs26a_firmware -
hp color_laserjet_managed_flow_mfp_m680_l3u47a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z61a_firmware -
hp officejet_6950_t3p03a_firmware -
hp color_laserjet_pro_mfp_m184_7kw55a_firmware -
hp officejet_pro_8030e_5lj16a_firmware -
hp laserjet_mfp_m227_g3q79a_firmware -
hp laserjet_mfp_m229_g3q77a_firmware -
hp laserjet_pro_mfp_m428_w1a28a_firmware -
hp color_laserjet_enterprise_flow_mfp_m776_t3u56a_firmware -
hp officejet_3830_f5r99a_firmware -
hp laserjet_mfp_m140e_2a130e_firmware -
hp laserjet_mfp_m129_g3q58a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a66a_firmware -
hp designjet_t1600_36"_3ek13b_firmware *
hp laserjet_m212_9yf82a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z05a_firmware -
hp laserjet_tank_mfp_2602_381u5a_firmware -
hp laserjet_mfp_m141_7md74a_firmware -
hp laserjet_pro_mfp_m427_c5f97a_firmware -
hp laserjet_mfp_m235_6gx04a_firmware -
hp color_laserjet_pro_mfp_m478_w1a82a_firmware -
hp laserjet_pro_mfp_m428_w1a34a_firmware -
hp laserjet_managed_e60155_3gy12a_firmware -
hp laserjet_mfp_m229_g3q79a_firmware -
hp laserjet_managed_mfp_e82560_x3a75a_firmware -
hp deskjet_4100e_26q90a_firmware -
hp laserjet_managed_mfp_flow_e62565_j8j80a_firmware -
hp laserjet_pro_m403_c5f93a_firmware -
hp color_laserjet_pro_m253_t6b64a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l54a_firmware -
hp color_laserjet_managed_flow_e77422_5cm75a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_x3a93a_firmware -
hp laserjet_mfp_m230_q3q75a_firmware -
hp designjet_z6+_pro_2qu25f_firmware *
hp laserjet_managed_mfp_e82550du_5fm76a_firmware -
hp color_laserjet_pro_m453_w1y47a_firmware -
hp laserjet_managed_mfp_e82540du_5fm77a_firmware -
hp laserjet_m208_9yf85a_firmware -
hp color_laserjet_pro_m256_7kw68a_firmware -
hp laserjet_pro_m403_f6j44a_firmware -
hp laserjet_pro_m703_b6s00a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs12a_firmware -
hp pagewide_pro_750dn_y3z44a_firmware -
hp laserjet_tank_mfp_2604_2r3f0a_firmware -
hp laserjet_pro_mfp_m426_f6w17a_firmware -
hp color_laserjet_pro_mfp_m377_cf377a_firmware -
hp laserjet_tank_mfp_2604_381u9a_firmware -
hp color_laserjet_m578_mfp_7zu88a_firmware *
hp officejet_pro_6960_t0f38a_firmware -
hp laserjet_managed_mfp_e72425_5cm69a_firmware -
hp laserjet_m207e_6gw62er_firmware -
hp color_laserjet_pro_mfp_m280_t6b82a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_z8z15a_firmware -
hp color_laserjet_pro_m452_cf388a_firmware -
hp laserjet_m211_9yf80a_firmware -
hp laserjet_m110a_7md65a_firmware -
hp color_laserjet_managed_mfp_e87660du_5fm81a_firmware -
hp laserjet_mfp_m232_6gx03a_firmware -
hp color_laserjet_pro_mfp_m282_7kw78a_firmware -
hp laserjet_enterprise_flow_mfp_m631_j8j64a_firmware -
hp officejet_pro_8210_j3p67a_firmware -
hp laserjet_mfp_m227_g3q76a_firmware -
hp laserjet_pro_mfp_m31_y5s54a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a60a_firmware -
hp pagewide_managed_color_mfp_p77950_5zn01a_firmware -
hp deskjet_2600_v1n07a_firmware -
hp officejet_pro_8030_1kr61a_firmware -
hp laserjet_tank_mfp_2606_381v1a_firmware -
hp laserjet_managed_mfp_e72530_x3a60a_firmware -
hp officejet_enterprise_color_x555_c2s11a_firmware -
hp laserjet_m112e_2u582e_firmware -
hp designjet_xl_3600_mfp_2yb64h_firmware -
hp pagewide_xl_4200_4vw13h_firmware -
hp color_laserjet_managed_mfp_e77822_x3a81a_firmware -
hp laserjet_mfp_m236_9yg10a_firmware -
hp laserjet_managed_mfp_e72430_5cm70a_firmware -
hp smart_tank_plus_550_3yw73a_firmware -
hp laserjet_mfp_m130_g3q63a_firmware -
hp laserjet_mfp_m230_g3q78a_firmware -
hp color_laserjet_pro_mfp_m478_w1a81a_firmware -
hp pagewide_managed_color_mfp_p77950_2gp25a_firmware -
hp designjet_xl_3600_mfp_6kd25m_firmware -
hp smart_tank_plus_550_3yw75a_firmware -
hp designjet_t1700_w6b55f_firmware -
hp laserjet_enterprise_m607_k0q14a_firmware -
hp laserjet_mfp_m131_g3q64a_firmware -
hp laserjet_pro_mfp_m428_w1a38a_firmware -
hp deskjet_2700e_26k71a_firmware -
hp laserjet_pro_m403_c5f95a_firmware -
hp laserjet_mfp_m232_9yf97a_firmware -
hp laserjet_pro_mfp_m426_f6w13a_firmware -
hp laserjet_enterprise_mfp_m430_3pz55a_firmware -
hp laserjet_mfp_m228_g3q77a_firmware -
hp laserjet_enterprise_mfp_m635_7ps98a_firmware -
hp officejet_pro_8740_k7s43a_firmware -
hp laserjet_mfp_m235_9yf98a_firmware -
hp pagewide_managed_p77750z_w1b37a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs44a_firmware -
hp pagewide_pro_452dn_d3q15a_firmware -
hp laserjet_managed_mfp_e72430_5rc89a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a59a_firmware -
hp laserjet_tank_mfp_2605_381u8a_firmware -
hp designjet_xl_3600_mfp_2yb64i_firmware -
hp laserjet_m205_g3q50a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm64a_firmware -
hp deskjet_plus_4100_3xv15d_firmware -
hp laserjet_mfp_m237_6gx04a_firmware -
hp smart_tank_6000_2h5s3a_firmware -
hp laserjet_managed_mfp_e82550_z8z18a_firmware -
hp officejet_pro_8020_1kr62a_firmware -
hp deskjet_3755_j9v92a_firmware -
hp laserjet_mfp_m142_7md70f_firmware -
hp laserjet_pro_m706_b6s00a_firmware -
hp laserjet_m112_2u587a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z22a_firmware -
hp laserjet_managed_e60165_3gy09a_firmware -
hp laserjet_m205_g3q47a_firmware -
hp designjet_t2600_36"_mfp_3xb78f_firmware *
hp laserjet_mfp_m233_6gx03a_firmware -
hp color_laserjet_managed_mfp_e77426_5rc92a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z02a_firmware -
hp laserjet_tank_mfp_1604_381l0a_firmware -
hp deskjet_plus_4100_3xv15a_firmware -
hp laserjet_enterprise_m611_7ps83a_firmware -
hp laserjet_pro_mfp_m429_w1a28a_firmware -
hp smart_tank_510_3yw70a_firmware -
hp pagewide_pro_750dw_y3z46a_firmware -
hp color_laserjet_managed_mfp_e87650du_5rc88a_firmware -
hp laserjet_enterprise_mfp_m631_j8j63a_firmware -
hp laserjet_enterprise_flow_mfp_m631_j8j63a_firmware -
hp laserjet_pro_mfp_m429_w1a38a_firmware -
hp designjet_z9_w3z72f_firmware *
hp color_laserjet_cm4540_mfp_cc421a_firmware *
hp laserjet_m204_g3q50a_firmware -
hp laserjet_pro_m704_b6s02a_firmware -
hp laserjet_pro_mfp_m426_f6w16a_firmware -
hp officejet_pro_9020_1mr70a_firmware -
hp laserjet_mfp_m131_g3q60a_firmware -
hp laserjet_tank_mfp_2602_381u6a_firmware -
hp color_laserjet_managed_mfp_flow_e87650_z8z16a_firmware -
hp laserjet_m212_6gw63a_firmware -
hp deskjet_plus_4100_7fs87a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm75a_firmware -
hp laserjet_pro_mfp_m31_w2g57a_firmware -
hp laserjet_m112e_2u584e_firmware -
hp deskjet_3700_t8w51a_firmware -
hp color_laserjet_managed_flow_e77425_5cm78a_firmware -
hp laserjet_managed_mfp_e82540du_5cm58a_firmware -
hp laserjet_mfp_m140_7md73a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a74a_firmware -
hp pagewide_managed_color_mfp_p77940_5zn98a_firmware -
hp color_laserjet_managed_e65160_3gy03a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs00a_firmware -
hp smart_tank_plus_650_y0f73a_firmware -
hp officejet_pro_6960_j7k35a_firmware -
hp laserjet_mfp_m237_6gx03a_firmware -
hp laserjet_enterprise_mfp_m725_l3u63a_firmware -
hp color_laserjet_enterprise_m751_t3u44a_firmware -
hp laserjet_m204_g3q48a_firmware -
hp laserjet_mfp_m131_g3q57a_firmware -
hp smart_tank_plus_550_1tj10a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a62a_firmware -
hp laserjet_enterprise_m506_f2a69a_firmware -
hp laserjet_managed_mfp_flow_e62555_j8j73a_firmware -
hp laserjet_managed_mfp_e62665_3gy17a_firmware -
hp laserjet_tank_mfp_2603_381u0a_firmware -
hp pagewide_managed_color_flow_mfp_e58650z_firmware -
hp pagewide_enterprise_color_mfp_586_g1w41a_firmware -
hp laserjet_m112e_7md68e_firmware -
hp laserjet_pro_mfp_m426_c5f97a_firmware -
hp laserjet_mfp_m235_9yf89a_firmware -
hp laserjet_mfp_m141_1y7d4a_firmware -
hp color_laserjet_managed_flow_mfp_e57540_3gy25a_firmware -
hp deskjet_plus_ink_advantage_4100_7hz75b_firmware -
hp laserjet_mfp_m142_2u589f_firmware -
hp designjet_t1700_1vd88b_firmware -
hp laserjet_mfp_m234_9yg08a_firmware -
hp officejet_enterprise_color_mfp_x585_l3u40a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a81a_firmware -
hp pagewide_managed_color_mfp_p77960_5zn98a_firmware -
hp laserjet_m109e_2u587e_firmware -
hp deskjet_2700_3xv17a_firmware -
hp smart_tank_720_28b72a_firmware -
hp officejet_pro_9020_1mr71a_firmware -
hp smart_tank_790_2g9q9a_firmware -
hp laserjet_enterprise_700_m712_cf238a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a84a_firmware -
hp officejet_pro_8216_t0g70a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z64a_firmware -
hp laserjet_pro_m225_cf484a_firmware -
hp laserjet_pro_m404_w1a51a_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u70a_firmware -
hp color_laserjet_managed_m651_cz255a_firmware *
hp color_laserjet_enterprise_flow_mfp_m577_b5l47a_firmware -
hp laserjet_mfp_m131_g3q66a_firmware -
hp laserjet_enterprise_mfp_m635_7ps99a_firmware -
hp laserjet_mfp_m236_6gx03a_firmware -
hp laserjet_mfp_m129_g3q62a_firmware -
hp color_laserjet_pro_m452_cf389v_firmware -
hp laserjet_pro_mfp_m148_4pa42a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe96a_firmware -
hp laserjet_managed_mfp_flow_e62575_j8j66a_firmware -
hp officejet_pro_6970_t0f29a_firmware -
hp laserjet_enterprise_m606_e6b72a_firmware -
hp laserjet_mfp_m230_g3q74a_firmware -
hp designjet_t1700_1vd88f_firmware -
hp designjet_z9_x9d24g_firmware *
hp laserjet_managed_e60175_3gy12a_firmware -
hp color_laserjet_pro_m253_t6b65a_firmware -
hp smart_tank_6000_28c15a_firmware -
hp pagewide_managed_p75050dw_w1b29a_firmware -
hp deskjet_plus_4100_7fs74a_firmware -
hp color_laserjet_managed_mfp_e77423_5cm78a_firmware -
hp officejet_pro_8710_t0g47a_firmware -
hp laserjet_mfp_m130_g3q61a_firmware -
hp color_laserjet_managed_mfp_e77425_5cm75a_firmware -
hp laserjet_tank_mfp_2603_381v0a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a68a_firmware -
hp laserjet_managed_mfp_e72525_z8z011a_firmware -
hp color_laserjet_managed_mfp_e78227_8gs44a_firmware -
hp laserjet_managed_mfp_e62565_j8j74a_firmware -
hp color_laserjet_pro_mfp_m285_7kw75a_firmware -
hp color_laserjet_managed_e45028_3qa35a_firmware -
hp laserjet_enterprise_m612_7ps87a_firmware -
hp officejet_pro_8030_1kr57a_firmware -
hp color_laserjet_managed_mfp_e87650du_5cm66a_firmware -
hp color_laserjet_pro_m253_t6b58a_firmware -
hp color_laserjet_pro_m253_t6b59a_firmware -
hp laserjet_m211_9yf82a_firmware -
hp officejet_pro_6960_j7k33a_firmware -
hp officejet_pro_6960_j7k39a_firmware -
hp laserjet_enterprise_m608_k0q19a_firmware -
hp laserjet_managed_mfp_e82540_z8z22a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z64a_firmware -
hp designjet_t1700_w6b56e_firmware *
hp laserjet_managed_mfp_e62665_3gy15a_firmware -
hp laserjet_enterprise_mfp_m636_7pt00a_firmware -
hp laserjet_managed_e60055_m0p33a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z011a_firmware -
hp color_laserjet_cm4540_mfp_cc419a_firmware *
hp laserjet_managed_flow_mfp_e82540_x3a75a_firmware -
hp smart_tank_7300_6uu47a_firmware -
hp laserjet_mfp_m234_9yf98a_firmware -
hp designjet_z6_t8w15a_firmware *
hp laserjet_mfp_m232_9yg10a_firmware -
hp deskjet_ink_advantage_ultra_5730_f5s61a_firmware -
hp smart_tank_510_1tj10a_firmware -
hp laserjet_pro_m405_w1a53a_firmware -
hp deskjet_plus_4100_8qb70a_firmware -
hp color_laserjet_enterprise_m651_l8z07a_firmware *
hp laserjet_m207_6gw61a_firmware -
hp designjet_xl_3600_mfp_2yb64f_firmware -
hp officejet_pro_8710_t0g49a_firmware -
hp laserjet_pro_m15_y5s43a_firmware -
hp smart_tank_plus_550_6hf11a_firmware -
hp pagewide_xl_5200_4vw20a_firmware -
hp designjet_t1700_w6b55a_firmware *
hp officejet_pro_8710_m9l66a_firmware -
hp color_laserjet_enterprise_m553_b5l24a_firmware *
hp color_laserjet_managed_mfp_e78323_8gs26a_firmware -
hp color_laserjet_managed_mfp_m577_b5l50a_firmware -
hp officejet_pro_8730_k7s32a_firmware -
hp designjet_t1700_w6b56f_firmware -
hp color_laserjet_pro_m454_w1y41a_firmware -
hp designjet_z6_t8w16b_firmware *
hp laserjet_pro_mfp_m29_y5s53a_firmware -
hp laserjet_mfp_m236_6gx06a_firmware -
hp laserjet_managed_mfp_e52645_1ps54a_firmware -
hp color_laserjet_managed_mfp_e87660du_5fm80a_firmware -
hp laserjet_enterprise_500_mfp_m525f_cf117a_firmware -
hp color_laserjet_managed_mfp_e77425_5rc92a_firmware -
hp laserjet_pro_m704_b6s00a_firmware -
hp color_laserjet_pro_m153_t6b55a_firmware -
hp laserjet_managed_mfp_e72425_5rc89a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u70a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs37a_firmware -
hp officejet_6960_t0g25a_firmware -
hp laserjet_mfp_m132_g3q60a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp25a_firmware -
hp color_laserjet_managed_flow_mfp_m880zm_l3u52a_firmware *
hp laserjet_mfp_m232_9yf94a_firmware -
hp designjet_z9_w3z72b_firmware *
hp laserjet_managed_m506_f2a70a_firmware -
hp color_laserjet_managed_mfp_e78225_8gs44a_firmware -
hp deskjet_ink_advantage_3700_3yz75a_firmware -
hp deskjet_4100e_26q90b_firmware -
hp laserjet_m212_6gw62a_firmware -
hp laserjet_mfp_m235_6gw71a_firmware -
CVE-2021-3965 MEDIUM

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
hp designjet_z6810_2qu14a_firmware px8_06_05_02.1
hp designjet_z6600_f2s71a_firmware ptr6_03_07_06.1
hp designjet_t3500_b9e24b_firmware aeneas_04_09_06.1
hp designjet_z6800_f2s72a_firmware ptr8_03_07_06.1
hp designjet_t2530_l2y26a_firmware mry_07_07_04.1
hp designjet_z6810_2qu12b_firmware px8_06_05_02.1
hp designjet_z6810_2qu14b_firmware px8_06_05_02.1
hp designjet_t930_l2y22b_firmware mry_07_07_04.1
hp designjet_t3500_b9e25a_firmware aeneas_04_09_06.1
hp designjet_t920_cr355a_firmware mry_07_07_04.1
hp designjet_t920_cr355b_firmware mry_07_07_04.1
hp designjet_t1530_l2y23a_firmware mry_07_07_04.1
hp designjet_t1530_l2y24a_firmware mry_07_07_04.1
hp designjet_t920_cr354a_firmware mry_07_07_04.1
hp designjet_t2530_l2y26b_firmware mry_07_07_04.1
hp designjet_z6610_2qu13b_firmware px6_06_05_02.1
hp designjet_t930_l2y21b_firmware mry_07_07_04.1
hp designjet_z6800_f2s72b_firmware ptr8_03_07_06.1
hp designjet_t3500_b9e24a_firmware aeneas_04_09_06.1
hp designjet_z6600_f2s71ar_firmware ptr6_03_07_06.1
hp designjet_t930_l2y21a_firmware mry_07_07_04.1
hp designjet_z6800_f2s72ar_firmware ptr8_03_07_06.1
hp designjet_t1530_l2y24b_firmware mry_07_07_04.1
hp designjet_z6810_2qu12a_firmware px8_06_05_02.1
hp designjet_t930_l2y22a_firmware mry_07_07_04.1
hp designjet_t2530_l2y25a_firmware mry_07_07_04.1
hp designjet_z6610_2qu13a_firmware px6_06_05_02.1
CVE-2021-46846

Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

Products Affected

Vendor Product Version
hp integrated_lights-out_5_firmware *
CVE-2022-1038

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

Products Affected

Vendor Product Version
hp jumpstart -
CVE-2022-1602

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
hp thinpro 7.2
CVE-2022-23453

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2022-23454

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2022-23455

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2022-23456 LOW

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2022-23678

A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
hp aruba_virtual_intranet_access *
CVE-2022-23697 MEDIUM

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-23698 MEDIUM

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-23699 MEDIUM

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-23700 LOW

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-23704 MEDIUM

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp integrated_lights-out_4 *
CVE-2022-23706 MEDIUM

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-23924 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23925 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23926 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23927 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23928 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23929 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23930 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23931 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23932 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23933 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23934 HIGH

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp pc_bios *
CVE-2022-23953 MEDIUM

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_440_g8_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
CVE-2022-23954 LOW

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_440_g8_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
CVE-2022-23955 LOW

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_440_g8_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
CVE-2022-23956 MEDIUM

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_440_g8_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
CVE-2022-23957 LOW

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_440_g8_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
CVE-2022-23958 LOW

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_440_g8_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
CVE-2022-24291 HIGH

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp pagewide_managed_p55250dw_j6u55a_firmware *
hp officejet_pro_8210_j3p67a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_m304-m305_w1a56a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp pagewide_pro_477dw_d3q20a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp officejet_pro_8740_j6x83a_firmware *
hp pagewide_pro_452dw_d3q16a_firmware *
hp pagewide_pro_577dw_d3q21a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp officejet_pro_8210_d9l63a_firmware *
hp pagewide_pro_552dw_d3q17a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp officejet_pro_8730_d9l20a_firmware *
hp officejet_pro_8740_d9l21a_firmware *
hp laserjet_pro_m304-m305_w1a60a_firmware *
hp pagewide_377dw_j9v80a_firmware *
hp officejet_pro_8210_j3p65a_firmware *
hp laserjet_pro_m304-m305_w1a53a_firmware *
hp pagewide_352dw_j6u57a_firmware *
hp laserjet_pro_m304-m305_w1a57a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp officejet_pro_8740_k7s40a_firmware *
hp pagewide_managed_p55250dw_j6u55b_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp officejet_pro_8740_k7s39a_firmware *
hp laserjet_pro_m304-m305_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp officejet_pro_8216_t0g70a_firmware *
hp laserjet_pro_m304-m305_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a52a_firmware *
hp officejet_pro_8740_k7s41a_firmware *
hp pagewide_managed_p55250dw_j6u51b_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp officejet_pro_8740_k7s42a_firmware *
hp officejet_pro_8210_j3p66a_firmware *
hp laserjet_pro_m304-m305_w1a58a_firmware *
hp pagewide_managed_p57750dw_j9v82a_firmware *
hp pagewide_pro_452dn_d3q15a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp pagewide_pro_577z_k9z76a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp officejet_pro_8730_k7s32a_firmware *
hp officejet_pro_8740_t0g65a_firmware *
hp pagewide_pro_477dn_d3q19a_firmware *
hp officejet_pro_8210_d9l64a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp officejet_pro_8210_j3p68a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_m304-m305_w1a51a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
hp officejet_pro_8740_k7s43a_firmware *
CVE-2022-24292 HIGH

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp pagewide_managed_p55250dw_j6u55a_firmware *
hp officejet_pro_8210_j3p67a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_m304-m305_w1a56a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp pagewide_pro_477dw_d3q20a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp officejet_pro_8740_j6x83a_firmware *
hp pagewide_pro_452dw_d3q16a_firmware *
hp pagewide_pro_577dw_d3q21a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp officejet_pro_8210_d9l63a_firmware *
hp pagewide_pro_552dw_d3q17a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp officejet_pro_8730_d9l20a_firmware *
hp officejet_pro_8740_d9l21a_firmware *
hp laserjet_pro_m304-m305_w1a60a_firmware *
hp pagewide_377dw_j9v80a_firmware *
hp officejet_pro_8210_j3p65a_firmware *
hp laserjet_pro_m304-m305_w1a53a_firmware *
hp pagewide_352dw_j6u57a_firmware *
hp laserjet_pro_m304-m305_w1a57a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp officejet_pro_8740_k7s40a_firmware *
hp pagewide_managed_p55250dw_j6u55b_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp officejet_pro_8740_k7s39a_firmware *
hp laserjet_pro_m304-m305_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp officejet_pro_8216_t0g70a_firmware *
hp laserjet_pro_m304-m305_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a52a_firmware *
hp officejet_pro_8740_k7s41a_firmware *
hp pagewide_managed_p55250dw_j6u51b_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp officejet_pro_8740_k7s42a_firmware *
hp officejet_pro_8210_j3p66a_firmware *
hp laserjet_pro_m304-m305_w1a58a_firmware *
hp pagewide_managed_p57750dw_j9v82a_firmware *
hp pagewide_pro_452dn_d3q15a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp pagewide_pro_577z_k9z76a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp officejet_pro_8730_k7s32a_firmware *
hp officejet_pro_8740_t0g65a_firmware *
hp pagewide_pro_477dn_d3q19a_firmware *
hp officejet_pro_8210_d9l64a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp officejet_pro_8210_j3p68a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_m304-m305_w1a51a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
hp officejet_pro_8740_k7s43a_firmware *
CVE-2022-24293 HIGH

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp pagewide_managed_p55250dw_j6u55a_firmware *
hp officejet_pro_8210_j3p67a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_m304-m305_w1a56a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp pagewide_pro_477dw_d3q20a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp officejet_pro_8740_j6x83a_firmware *
hp pagewide_pro_452dw_d3q16a_firmware *
hp pagewide_pro_577dw_d3q21a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp officejet_pro_8210_d9l63a_firmware *
hp pagewide_pro_552dw_d3q17a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp officejet_pro_8730_d9l20a_firmware *
hp officejet_pro_8740_d9l21a_firmware *
hp laserjet_pro_m304-m305_w1a60a_firmware *
hp pagewide_377dw_j9v80a_firmware *
hp officejet_pro_8210_j3p65a_firmware *
hp laserjet_pro_m304-m305_w1a53a_firmware *
hp pagewide_352dw_j6u57a_firmware *
hp laserjet_pro_m304-m305_w1a57a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp officejet_pro_8740_k7s40a_firmware *
hp pagewide_managed_p55250dw_j6u55b_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp officejet_pro_8740_k7s39a_firmware *
hp laserjet_pro_m304-m305_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp officejet_pro_8216_t0g70a_firmware *
hp laserjet_pro_m304-m305_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a52a_firmware *
hp officejet_pro_8740_k7s41a_firmware *
hp pagewide_managed_p55250dw_j6u51b_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp officejet_pro_8740_k7s42a_firmware *
hp officejet_pro_8210_j3p66a_firmware *
hp laserjet_pro_m304-m305_w1a58a_firmware *
hp pagewide_managed_p57750dw_j9v82a_firmware *
hp pagewide_pro_452dn_d3q15a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp pagewide_pro_577z_k9z76a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp officejet_pro_8730_k7s32a_firmware *
hp officejet_pro_8740_t0g65a_firmware *
hp pagewide_pro_477dn_d3q19a_firmware *
hp officejet_pro_8210_d9l64a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp officejet_pro_8210_j3p68a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_m304-m305_w1a51a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
hp officejet_pro_8740_k7s43a_firmware *
CVE-2022-27239 HIGH

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
suse manager_retail_branch_server 4.1
suse openstack_cloud_crowbar 9.0
debian debian_linux 9.0
suse linux_enterprise_server 12
suse linux_enterprise_point_of_service 11.0
suse manager_retail_branch_server 4.3
suse manager_proxy 4.2
suse manager_retail_branch_server 4.2
suse linux_enterprise_server 15
suse openstack_cloud 8.0
suse enterprise_storage 6.0
fedoraproject fedora 36
suse manager_proxy 4.3
fedoraproject fedora 35
samba cifs-utils *
suse linux_enterprise_high_performance_computing 15.0
suse enterprise_storage 7.0
suse linux_enterprise_desktop 15
suse linux_enterprise_storage 7.1
suse manager_server 4.2
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_micro 5.2
suse linux_enterprise_high_performance_computing 12.0
suse manager_proxy 4.1
debian debian_linux 10.0
suse openstack_cloud_crowbar 8.0
debian debian_linux 11.0
suse caas_platform 4.0
hp helion_openstack 8.0
suse manager_server 4.1
suse linux_enterprise_real_time 15.0
suse manager_server 4.3
suse openstack_cloud 9.0
fedoraproject fedora 34
CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

Products Affected

Vendor Product Version
hp z1_entry_tower_g6_workstation_firmware 02.12.01
hp probook_445_g7_firmware 01.10.00
hp zbook_fury_16_g9_firmware 01.03.02
hp probook_450_g5_firmware 01.21.01
hp elitebook_836_g6_firmware 01.21.01
hp elite_slice_g2_firmware 2.59
hp elitebook_645_g9_firmware 01.08.01
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_firmware 02.21.00
hp elitedesk_880_g3_tower_firmware 2.44
hp probook_430_g6_firmware 01.21.01
hp engage_go_10_mobile_system_firmware 01.10.00
hp elitebook_845_g7_firmware 01.10.00
hp zhan_x_13_g2_firmware 01.21.01
hp eliteone_1000_g2_23.8-in_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g6_desktop_mini_firmware 02.12.01
hp probook_470_g5_firmware 01.21.01
hp elitebook_735_g6_firmware 01.21.01
hp prodesk_405_g8_desktop_mini_firmware 02.05.02
hp elitedesk_705_g5_desktop_mini_firmware 02.15.00
hp elite_x2_1013_g3_firmware 01.21.01
hp elitedesk_800_g8_desktop_mini_firmware 02.09.01
hp probook_440_g6_firmware 01.21.01
hp prodesk_405_g6_desktop_mini_firmware 02.09.01
hp engage_go_mobile_system_firmware 01.21.01
hp mt44_mobile_thin_client_firmware 01.21.01
hp elitebook_855_g7_firmware 01.10.00
hp engage_flex_mini_retail_system_firmware 02.12.01
hp prodesk_600_g5_small_form_factor_firmware 02.15.00
hp z2_tower_g8_workstation_firmware 01.06.00
hp z1_g8_tower_firmware 02.09.01
hp elitebook_850_g5_firmware 01.21.01
hp probook_430_g5_firmware 01.21.01
hp zbook_14u_g6_firmware 01.21.01
hp probook_440_g5_firmware 01.21.01
hp elitedesk_800_65w_g2_desktop_mini_firmware 2.59
hp elitebook_830_g7_firmware 01.10.00
hp zbook_15_g5_firmware 01.21.02
hp probook_440_g7_firmware 01.14.00
hp probook_fortis_g9_firmware 01.03.00
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g4_workstation_firmware 02.20.01
hp elite_x2_1012_g1_firmware 1.57
hp elite_x2_g4_firmware 01.21.01
hp elitedesk_800_35w_g2_desktop_mini_firmware 2.59
hp prodesk_405_g6_small_form_factor_firmware 02.09.01
hp elitedesk_800_g5_desktop_mini_firmware 02.15.00
hp elitedesk_880_g6_tower_firmware 02.12.01
hp probook_650_g4_firmware 01.21.01
hp prodesk_400_g4_desktop_mini_firmware 02.21.00
hp elitebook_745_g6_firmware 01.21.01
hp prodesk_405_g4_desktop_mini_firmware 02.20.00
hp prodesk_405_g4_small_form_factor_firmware 02.20.00
hp pro_mini_400_g9_firmware 02.05.00
hp elitebook_1040_g4_firmware 1.44
hp prodesk_400_g6_desktop_mini_firmware 02.12.01
hp proone_600_g5_21.5-in_all-in-one_business_firmware 02.15.00
hp elitebook_x360_1030_g8_firmware 01.10.00
hp z2_small_form_factor_g8_workstation_firmware 01.06.00
hp zhan_66_pro_14_g4_firmware 01.10.00
hp elitedesk_800_g6_tower_firmware 02.12.01
hp probook_x360_11_g4_ee_firmware 01.16.00
hp elitedesk_880_g8_tower_firmware 02.09.01
hp prodesk_600_g4_microtower_firmware 02.21.00
hp elitedesk_880_g4_tower_firmware 02.21.00
hp pro_tower_480_g9_firmware 02.05.00
hp elitebook_x360_1040_g7_firmware 01.10.00
hp zhan_66_pro_g1_firmware 01.21.01
hp zbook_17_g5_firmware 01.21.02
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_firmware 02.21.00
hp zhan_66_pro_g3_24_all-in-one_firmware 02.12.01
hp zbook_firefly_15_g7_firmware 01.10.00
hp zhan_66_pro_13_g2_firmware 01.21.01
hp prodesk_600_g3_microtower_firmware 2.44
hp prodesk_600_g6_small_form_factor_firmware 02.12.01
hp elitebook_x360_1030_g4_firmware 01.21.01
hp engage_one_pro_aio_system_firmware 02.12.01
hp elitebook_840_g7_firmware 01.10.00
hp elite_mini_600_g9_firmware 02.05.00
hp elitebook_855_g8_firmware 01.10.00
hp probook_635_aero_g8_firmware 01.10.00
hp eliteone_800_g5_23.8-inch_all-in-one_firmware 02.15.00
hp prodesk_600_g5_microtower_firmware 02.15.00
hp elitebook_835_g8_firmware 01.10.00
hp probook_640_g7_firmware 01.10.00
hp proone_440_g6_24_all-in-one_firmware 02.12.01
hp probook_455_g8_firmware 01.10.00
hp zhan_66_pro_g5_firmware 01.04.00
hp probook_450_g8_firmware 01.10.00
hp zhan_66_pro_15_g2_firmware 01.21.01
hp elitebook_1050_g1_firmware 01.22.00
hp elitebook_735_g5_firmware 01.21.01
hp eliteone_1000_g1_34-in_curved_all-in-one_business_firmware 2.44
hp elitebook_655_g9_firmware 01.08.01
hp z2_small_form_factor_g5_workstation_firmware 01.04.07
hp prodesk_480_g6_microtower_firmware 02.15.00
hp elitedesk_800_g4_tower_firmware 02.21.00
hp prodesk_400_g6_microtower_firmware 02.15.00
hp elitedesk_800_g8_tower_firmware 02.09.01
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp probook_650_g7_firmware 01.10.00
hp elitedesk_805_g6_small_form_factor_firmware 02.09.01
hp z2_mini_g4_workstation_firmware 01.08.03
hp proone_400_g2_20-inch_non-touch_all-in-one_firmware 2.59
hp elitedesk_800_65w_g4_desktop_mini_firmware 02.20.01
hp engage_flex_pro_retail_system_firmware 02.21.00
hp elitebook_x360_1040_g6_firmware 01.21.01
hp prodesk_680_g2_microtower_firmware 2.59
hp elitedesk_880_g5_tower_firmware 02.15.00
hp prodesk_600_g6_firmware 02.12.01
hp probook_x360_11_g3_ee_firmware 01.20.00
hp proone_400_g6_20_all-in-one_firmware 02.12.01
hp proone_400_g3_20-inch_non-touch_all-in-one_firmware 2.44
hp dragonfly_folio_g3_2-in-1_firmware 01.01.03
hp elitebook_845_g9_firmware 01.02.01
hp elite_sff_800_g9_firmware 02.05.01
hp prodesk_600_g3_desktop_mini_firmware 2.44
hp eliteone_800_g5_23.8-in_all-in-one_firmware 02.15.00
hp zbook_power_g7_firmware 01.10.00
hp proone_400_g5_20-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g4_21.5-inch_touch_all-in-one_business_firmware 02.21.00
hp eliteone_800_g3_23.8_non-touch_all-in-one_business_firmware 2.44
hp eliteone_800_g6_24_all-in-one_firmware 02.12.01
hp zbook_power_g9_firmware 01.03.00
hp zbook_15_g6_firmware 01.21.02
hp elite_x2_g8_firmware 01.10.00
hp elite_x360_830_g9_2-in-1_firmware 01.03.01
hp prodesk_600_g6_microtower_firmware 02.12.01
hp probook_630_g8_firmware 01.10.00
hp elitedesk_805_g8_small_form_factor_firmware 02.05.02
hp elitebook_1040_g3_firmware 1.57
hp zbook_15u_g5_firmware 01.21.01
hp prodesk_600_g6_desktop_mini_firmware 02.12.01
hp zbook_create_g7_firmware 01.10.00
hp prodesk_680_g6_firmware 02.12.01
hp elitebook_x360_1040_g5_firmware 01.21.01
hp elitebook_865_g9_firmware 01.02.01
hp elitedesk_800_g3_small_form_factor_firmware 2.44
hp elitedesk_705_g4_small_form_factor_firmware 02.20.00
hp zbook_fury_15_g7_firmware 01.10.00
hp elitebook_x360_1040_g8_firmware 01.10.00
hp mp9_g2_retail_system_firmware 2.59
hp rp9_g1_retail_system_firmware 2.59
hp prodesk_405_g8_small_form_factor_firmware 02.05.02
hp probook_445r_g6_firmware 01.21.01
hp elitebook_850_g6_firmware 01.21.01
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_firmware 02.21.00
hp elitebook_1040_g9_firmware 01.03.01
hp proone_400_g3_20-inch_touch_all-in-one_firmware 2.44
hp z2_mini_g5_workstation_firmware 01.04.07
hp elitebook_835_g9_firmware 01.02.01
hp elitebook_x360_830_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_firmware 2.44
hp proone_400_g5_23.8-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g6_22_all-in-one_firmware 02.12.01
hp elite_dragonfly_firmware 01.21.01
hp zbook_studio_x360_g5_firmware 01.21.02
hp elitedesk_800_g5_tower_firmware 02.15.00
hp probook_445_g6_firmware 01.21.01
hp eliteone_800_g8_24_all-in-one_firmware 02.09.01
hp zhan_66_pro_a_14_g5_firmware 01.08.01
hp prodesk_600_g2_small_form_factor_firmware 2.59
hp eliteone_800_g2_23-inch_non-touch_all-in-one_firmware 2.59
hp zhan_66_pro_14_g2_firmware 01.21.01
hp probook_x360_11_g7_ee_firmware 01.10.00
hp zbook_studio_g7_firmware 01.10.00
hp prodesk_600_g3_small_form_factor_firmware 2.44
hp zhan_66_pro_a_14_g4_firmware 01.10.00
hp proone_400_g4_20-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitebook_630_g9_firmware 01.04.00
hp elitebook_850_g8_firmware 01.10.00
hp proone_600_g2_21.5-inch_non-touch_all-in-one_firmware 2.59
hp elitebook_x360_830_g8_firmware 01.10.00
hp probook_640_g5_firmware 01.21.01
hp probook_640_g8_firmware 01.10.00
hp prodesk_400_g5_desktop_mini_firmware 02.15.00
hp probook_455_g9_firmware 01.08.01
hp prodesk_600_g4_small_form_factor_firmware 02.21.00
hp elitebook_840_aero_g8_firmware 01.10.00
hp elitedesk_800_g6_small_form_factor_firmware 02.12.01
hp elitedesk_800_35w_g4_desktop_mini_firmware 02.21.00
hp z2_tower_g5_workstation_firmware 01.04.07
hp elitebook_x360_830_g6_firmware 01.21.01
hp probook_645_g4_firmware 01.21.01
hp elite_x360_1040_g9_2-in-1_firmware 01.03.01
hp elitebook_830_g5_firmware 01.21.01
hp probook_455r_g6_firmware 01.21.01
hp prodesk_400_g7_small_form_factor_firmware 02.12.01
hp elitebook_830_g8_firmware 01.10.00
hp probook_x360_11_g6_ee_firmware 01.12.00
hp elitebook_830_g9_firmware 01.03.01
hp elitebook_840_g8_firmware 01.10.00
hp elitebook_840_g9_firmware 01.03.01
hp probook_x360_440_g1_firmware 01.21.01
hp elitebook_835_g7_firmware 01.10.00
hp probook_440_g8_firmware 01.10.00
hp pro_x360_fortis_g9_firmware 01.03.00
hp z1_entry_tower_g5_workstation_firmware 02.15.00
hp elitedesk_800_g2_small_form_factor_firmware 2.59
hp elitebook_840_g6_firmware 01.21.01
hp mt45_mobile_thin_client_firmware 01.21.10
hp eliteone_1000_g2_34-in_curved_all-in-one_business_firmware 02.21.00
hp prodesk_480_g4_microtower_firmware 2.44
hp zbook_studio_g9_firmware 01.03.01
hp eliteone_840_23.8_inch_g9_all-in-one_firmware 02.06.00
hp proone_440_g5_23.8-in_all-in-one_business_firmware 02.15.00
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_firmware 2.44
hp elitedesk_800_g4_small_form_factor_firmware 02.21.00
hp elite_tower_880_g9_firmware 02.05.01
hp probook_445_g9_firmware 01.08.01
hp zbook_firefly_15_g8_firmware 01.10.00
hp eliteone_800_g6_27_all-in-one_firmware 02.12.01
hp elitedesk_800_35w_g3_desktop_mini_firmware 2.44
hp probook_440_g9_firmware 01.04.00
hp proone_400_g6_24_all-in-one_firmware 02.12.01
hp prodesk_400_g5_small_form_factor_firmware 02.21.00
hp elite_dragonfly_max_firmware 01.10.00
hp elitedesk_805_g6_desktop_mini_firmware 02.09.01
hp prodesk_400_g4_microtower_firmware 2.44
hp probook_x360_11_g5_ee_firmware 01.11.00
hp probook_x360_435_g8_firmware 01.10.00
hp zhan_66_pro_14_g3_firmware 01.14.00
hp elitedesk_800_95w_g4_desktop_mini_firmware 02.20.01
hp prodesk_600_g2_desktop_mini_firmware 2.59
hp probook_455_g7_firmware 01.10.00
hp probook_x360_435_g7_firmware 01.10.01
hp eliteone_800_g4_23.8-inch_touch_all-in-one_firmware 02.21.00
hp probook_650_g5_firmware 01.21.01
hp elitedesk_800_g3_tower_firmware 2.44
hp mp9_g4_retail_system_firmware 02.21.00
hp zbook_fury_17_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_firmware 2.44
hp mt46_mobile_thin_client_firmware 01.10.00
hp zhan_66_pro_g3_22_all-in-one_firmware 02.12.01
hp elitebook_1030_g1_firmware 1.57
hp prodesk_600_g2_microtower_firmware 2.59
hp probook_fortis_g10_firmware 01.03.00
hp zbook_15u_g6_firmware 01.21.01
hp z2_tower_g4_workstation_firmware 01.08.03
hp pro_sff_400_g9_firmware 02.05.00
hp engage_flex_pro-c_retail_system_firmware 02.21.00
hp elitedesk_705_g4_workstation_firmware 02.19.01
hp eliteone_800_g8_27_all-in-one_firmware 02.09.01
hp prodesk_400_g4_small_form_factor_firmware 2.44
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_firmware 02.21.00
hp probook_650_g8_firmware 01.10.00
hp prodesk_600_g4_desktop_mini_firmware 02.21.00
hp zbook_studio_g8_firmware 01.10.00
hp elite_mini_800_g9_firmware 02.05.00
hp prodesk_480_g7_firmware 02.12.01
hp prodesk_400_g7_microtower_firmware 02.12.01
hp eliteone_800_g4_23.8-in_all-in-one_business_firmware 02.21.00
hp probook_450_g6_firmware 01.21.01
hp zbook_power_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_all-in-one_firmware 2.44
hp pro_tower_400_g9_firmware 02.05.00
hp prodesk_600_g5_desktop_mini_firmware 02.15.00
hp prodesk_400_g5_microtower_firmware 02.21.00
hp probook_455_g6_firmware 01.21.01
hp elite_slice_firmware 2.59
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_firmware 2.44
hp zhan_66_pro_a_14_g3_firmware 01.10.00
hp z1_g9_tower_firmware 02.05.01
hp elitedesk_705_g5_small_form_factor_firmware 02.15.00
hp elitebook_840r_g4_firmware 01.21.01
hp elitebook_840_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_all-in-one_business_firmware 2.44
hp prodesk_680_g3_microtower_firmware 2.44
hp elite_sff_600_g9_firmware 02.05.01
hp probook_455_g5_firmware 01.21.01
hp zbook_studio_g5_firmware 01.21.02
hp zbook_firefly_14_g9_firmware 01.03.01
hp elitedesk_705_g3_firmware 2.41
hp elite_dragonfly_g3_firmware 01.03.01
hp elitebook_745_g5_firmware 01.21.01
hp elitebook_860_g9_firmware 01.03.01
hp zhan_66_pro_15_g3_firmware 01.14.00
hp elitedesk_800_g8_small_form_factor_firmware 02.09.01
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_firmware 2.44
hp zbook_firefly_16_g9_firmware 01.03.01
hp elitebook_755_g5_firmware 01.21.01
hp pro_x360_fortis_g10_firmware 01.03.00
hp proone_480_g3_20-inch_non-touch_all-in_one_firmware 2.44
hp zbook_firefly_14_g8_firmware 01.10.00
hp elite_folio_2-in-1_firmware not_impacted
hp elite_x2_1012_g2_firmware 1.43
hp elitebook_x360_830_g7_firmware 01.10.00
hp prodesk_480_g5_microtower_firmware 02.21.00
hp elitebook_846_g5_firmware 01.21.01
hp elitebook_x360_1030_g7_firmware 01.10.00
hp prodesk_400_g3_desktop_mini_firmware 2.44
hp elite_tower_680_g9_firmware 02.05.01
hp elitebook_850_g7_firmware 01.10.00
hp elite_tower_600_g9_firmware 02.05.01
hp z2_small_form_factor_g4_workstation_firmware 01.08.03
hp zbook_17_g6_firmware 01.21.02
hp proone_400_g2_20-inch_touch_all-in-one_firmware 2.59
hp prodesk_680_g4_microtower_firmware 02.21.00
hp proone_600_g3_21.5-inch_non-touch_all-in-one_firmware 2.44
hp probook_450_g7_firmware 01.14.00
hp elite_tower_800_g9_firmware 02.05.01
hp proone_600_g2_21.5-inch_touch_all-in-one_firmware 2.59
hp prodesk_400_g6_small_form_factor_firmware 02.15.00
hp probook_430_g8_firmware 01.10.00
hp elitedesk_800_g5_small_form_factor_firmware 02.15.00
hp elitedesk_705_g4_desktop_mini_firmware 02.20.00
hp zbook_14u_g5_firmware 01.21.01
hp proone_440_23.8_inch_g9_all-in-one_firmware 02.05.00
hp probook_640_g4_firmware 01.21.01
hp engage_one_aio_system_firmware 2.44
hp probook_430_g7_firmware 01.14.00
hp elitedesk_800_65w_g3_desktop_mini_firmware 2.44
hp probook_445_g8_firmware 01.10.00
hp elite_dragonfly_g2_firmware 01.10.00
hp elitebook_845_g8_firmware 01.10.00
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_firmware 02.21.00
hp elitebook_830_g6_firmware 01.21.01
hp elitebook_x360_1030_g3_firmware 01.21.01
hp elitedesk_705_g4_microtower_firmware 02.20.00
hp elitebook_650_g9_firmware 01.04.00
hp zbook_fury_17_g7_firmware 01.10.00
hp eliteone_800_g2_23-inch_touch_all-in-one_firmware 2.59
hp zbook_fury_15_g8_firmware 01.10.00
hp probook_450_g9_firmware 01.04.00
hp elitedesk_805_g8_desktop_mini_firmware 02.05.02
hp elitebook_640_g9_firmware 01.04.00
hp elitebook_836_g5_firmware 01.21.01
hp zbook_firefly_14_g7_firmware 01.10.00
CVE-2022-27538

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp engage_flex_pro-c_retail_system_firmware *
hp elite_dragonfly_g3_firmware *
hp mp9_g4_retail_system_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp probook_635_aero_g7_firmware *
hp probook_455_g8_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_tower_800_g9_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elitebook_1040_g9_firmware *
hp elite_slice_g2_firmware *
hp probook_x360_11_g5_education_edition_firmware *
hp pro_mini_400_g9_firmware *
hp probook_645_g4_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_845_g9_firmware *
hp engage_one_all-in-one_system_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp zhan_66_pro_g5_firmware *
hp elitebook_840r_g4_firmware *
hp zbook_15u_g5_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp elitebook_x360_1040_g8_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp elitebook_830_g9_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp elitebook_835_g9_firmware *
hp proone_440_23.8_inch_g9_all-in-one_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elitebook_840_g6_firmware *
hp zhan_99_pro_23.8_inch_g9_all-in-one_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp elite_slice_firmware *
hp elitebook_640_g9_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp zbook_power_g9_firmware *
hp engage_flex_pro_retail_system_firmware *
hp elitebook_650_g9_firmware *
hp elitebook_x360_1040_g6_firmware *
hp prodesk_680_g4_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp probook_635_aero_g8_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp elite_tower_680_g9_firmware *
hp elite_mini_800_g9_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp z2_mini_g3_firmware *
hp elite_dragonfly_g2_firmware *
hp zbook_15_g6_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp elitebook_845_g7_firmware *
hp mt46_firmware *
hp elitebook_865_g9_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_450_g5_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp z1_entry_tower_g6_workstation_firmware *
hp probook_440_g9_firmware *
hp probook_fortis_g10_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp zbook_17_g5_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp elitebook_850_g5_firmware *
hp mt32_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware -
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp probook_x360_11_g6_education_edition_firmware *
hp elite_dragonfly_max_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp probook_x360_11_g4_education_edition_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp zbook_studio_16_g9_firmware *
hp pro_x360_435_g9_firmware *
hp elite_tower_600_g9_firmware *
hp zbook_fury_g8_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g8_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp elitebook_860_g9_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp zbook_fury_17_g8_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp zbook_power_g8_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp elite_tower_880_g9_firmware *
hp pro_tower_480_g9_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp pro_tower_400_g9_firmware *
hp z2_tower_g9_firmware *
hp pro_sff_400_g9_firmware *
hp probook_450_g9_firmware *
hp z2_small_form_factor_g8_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z2_mini_g4_firmware *
hp z2_small_form_factor_g4_firmware *
hp z1_all-in-one_g3_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp probook_440_g5_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp engage_one_pro_aio_system_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp elitebook_840_g9_firmware *
hp probook_450_g8_firmware *
hp elitebook_850_g6_firmware *
hp probook_455_g7_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp probook_440_g6_firmware *
hp zbook_firefly_g9_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp eliteone_840_23.8_inch_g9_all-in-one_firmware *
hp elitebook_x360_830_g8_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp elitebook_630_g9_firmware *
hp probook_470_g5_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp mt45_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp z2_small_form_factor_g5_firmware *
hp probook_fortis_g9_firmware *
hp z2_tower_g5_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp eliteone_870_27_inch_g9_all-in-one_firmware *
hp zbook_fury_15_g7_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_x360_435_g8_firmware *
hp elite_sff_800_g9_firmware *
hp mt31_mobile_thin_client_firmware *
hp pro_mt440_g3_firmware *
hp elitebook_835_g7_firmware *
hp elitebook_745_g6_firmware *
hp zhan_66_pro_14_g4_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp pro_x360_fortis_g10_firmware *
hp z240_tower_firmware *
hp probook_455_g9_firmware *
hp elite_dragonfly_firmware *
hp probook_650_g8_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp zhan_66_pro_a_14_g4_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp z2_mini_g5_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp zbook_firefly_g8_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp mt44_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp elite_x2_g8_tablet_firmware *
hp probook_445r_g6_firmware *
hp zhan_x_13_g2_firmware *
hp z2_mini_g9_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp z1_g8_tower_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zbook_fury_16_g9_firmware *
hp z238_microtower_firmware *
hp elitebook_645_g9_firmware *
hp elitebook_655_g9_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp z2_small_form_factor_g9_firmware *
hp elite_mini_600_g9_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp dragonfly_folio_g3_2-in-1_firmware *
hp zbook_firefly_15_g8_firmware *
hp pro_x360_fortis_g9_firmware *
hp elitebook_735_g5_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp zbook_power_g7_firmware -
hp probook_445_g9_firmware *
hp zbook_studio_g8_firmware *
hp zbook_15u_g6_firmware *
hp probook_430_g8_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp z1_entry_tower_g5_workstation_firmware *
hp probook_430_g5_firmware *
hp probook_x360_11_g7_education_edition_firmware *
hp probook_640_g8_firmware *
hp probook_x360_11_g3_education_edition_firmware *
hp prodesk_405_g6_small_form_factor_firmware *
hp elitebook_x360_830_g7_firmware *
hp prodesk_600_g5_microtower_pc(with_pci_slot)_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_830_g6_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp mt22_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_405_g6_desktop_mini_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp zhan_66_pro_a_14_g5_firmware *
hp z2_tower_g4_firmware *
hp z240_small_form_factor_firmware *
hp z2_tower_g8_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp zbook_firefly_16_g9_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp elite_sff_600_g9_firmware *
hp probook_455r_g6_firmware *
hp elite_x360_1040_g9_2-in-1_firmware *
CVE-2022-27539

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-27540

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp engage_flex_pro-c_retail_system_firmware *
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp probook_440_g4_firmware *
hp probook_455_g8_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp probook_450_g3_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp z2_mini_g5_workstation_firmware *
hp z6_g4_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp probook_645_g4_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp probook_430_g3_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp presence_27_all-in-one_with_zoom_rooms_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp probook_430_g4_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp elitebook_x360_1040_g8_firmware *
hp zbook_15_g4_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp pro_x360_435_13.3_inch_g9_notebook_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp elitebook_840_g5_firmware 01.28.00
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp presence_24_all-in-one_with_zoom_rooms_firmware *
hp elitebook_850_g7_firmware *
hp elite_x2_g4_firmware 01.26.0
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp zbook_studio_g3_firmware *
hp eliteone_870_27_g9_all-in-one_desktop_pc_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp probook_640_g2_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp engage_flex_pro_retail_system_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp zbook_17_g3_firmware *
hp probook_635_aero_g8_firmware *
hp elitebook_848_g3_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp zhan_99_pro_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_x360_1030_g8_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp elite_x2_1012_g2_firmware 1.48
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp mt21_mobile_thin_client_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_640_g7_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp mp9_g2_retail_system_firmware *
hp zbook_create_g7_firmware *
hp probook_640_g3_firmware *
hp elitebook_828_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp elitebook_840_g8_firmware *
hp probook_655_g3_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp zbook_17_g6_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp elitebook_846_g5_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp probook_440_g5_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp eliteone_840_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp engage_one_pro_aio_system_firmware *
hp probook_645_g3_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp probook_455_g7_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp probook_440_g6_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp elite_x2_1012_g1_tablet_firmware 1.6
hp z2_tower_g4_workstation_firmware *
hp probook_470_g5_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp z238_microtower_workstation_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp zbook_fury_15_g7_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp zbook_x2_g4_firmware *
hp probook_440_g3_firmware *
hp mt31_mobile_thin_client_firmware *
hp elitebook_835_g7_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp probook_x360_11_g5_ee_firmware *
hp mt22_mobile_thin_client_firmware *
hp mt20_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp zbook_14u_g4_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp probook_446_g3_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp probook_11_ee_g2_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp probook_650_g2_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_735_g5_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp elitebook_755_g4_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elite_mt645_g7_mobile_thin_client_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_830_g6_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware 1.6
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware 01.28.00
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-27541

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-2794

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

Products Affected

Vendor Product Version
hp pagewide_managed_p55250dw_j6u55a_firmware *
hp pagewide_377dw_j9v80a_firmware *
hp pagewide_352dw_j6u57a_firmware *
hp pagewide_managed_p55250dw_j6u51b_firmware *
hp pagewide_pro_477dn_d3q19a_firmware *
hp pagewide_managed_p57750dw_j9v82a_firmware *
hp pagewide_pro_477dw_d3q20a_firmware *
hp pagewide_managed_p55250dw_j6u55b_firmware *
hp pagewide_pro_452dn_d3q15a_firmware *
hp pagewide_pro_452dw_d3q16a_firmware *
hp pagewide_pro_577dw_d3q21a_firmware *
hp pagewide_pro_577z_k9z76a_firmware *
hp pagewide_pro_552dw_d3q17a_firmware *
CVE-2022-28616 HIGH

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-28617 HIGH

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hp oneview *
CVE-2022-28721

Certain HP Print Products are potentially vulnerable to Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp z4a54a_firmware *
hp j6u51b_firmware *
hp w1a79a_firmware *
hp y3z54a_firmware *
hp j7k38a_firmware *
hp j6u55a_firmware *
hp p4c78a_firmware *
hp y0f71a_firmware *
hp j7k33a_firmware *
hp t0f33a_firmware *
hp t0g25a_firmware *
hp 3yw73a_firmware *
hp m2u88b_firmware *
hp 1kr62a_firmware *
hp t0f39a_firmware *
hp 4kj65a_firmware *
hp k7s32a_firmware *
hp w1a76a_firmware *
hp k7r96a_firmware *
hp j6x83a_firmware *
hp 3uc65a_firmware *
hp 1kr45a_firmware *
hp t0f30a_firmware *
hp w1a60a_firmware *
hp k7s01a_firmware *
hp 3yf61a_firmware *
hp w1a75a_firmware *
hp j7k40a_firmware *
hp 3yw74a_firmware *
hp 5se45a_firmware *
hp m2u85a_firmware *
hp 3yw70a_firmware *
hp 7xv38a_firmware *
hp 3yf65a_firmware *
hp 5sd78a_firmware *
hp d3q15a_firmware *
hp 2k4v8a_firmware *
hp w1a31a_firmware *
hp j9v80a_firmware *
hp 5lj14a_firmware *
hp w1a29a_firmware *
hp m2u82a_firmware *
hp k7s39a_firmware *
hp 1mr74a_firmware *
hp p4c86a_firmware *
hp 223r9a_firmware *
hp 257g3a_firmware *
hp m2u82b_firmware *
hp t1p99a_firmware *
hp w1a58a_firmware *
hp 3uc66a_firmware *
hp w1a48a_firmware *
hp 223r3a_firmware *
hp t0f37a_firmware *
hp z4a59a_firmware *
hp 8qq99a_firmware *
hp z4b13a_firmware *
hp 1kr61a_firmware *
hp 3yf67a_firmware *
hp 1kr69a_firmware *
hp w1a56a_firmware *
hp z4b27a_firmware *
hp 5lj16a_firmware *
hp k7s42a_firmware *
hp 8qq88a_firmware *
hp p4c84a_firmware *
hp w1a66a_firmware *
hp w1a51a_firmware *
hp m2u87a_firmware *
hp k7g96a_firmware *
hp y3z57a_firmware *
hp 5se18a_firmware *
hp 6hf11a_firmware *
hp p4c81a_firmware *
hp t0g65a_firmware *
hp 3yf70a_firmware *
hp w1y47a_firmware *
hp j3p67a_firmware *
hp w1a46a_firmware *
hp 1kr46a_firmware *
hp 1mr75a_firmware *
hp 1kr48a_firmware *
hp d9l64a_firmware *
hp 5lj17a_firmware *
hp y3z45a_firmware *
hp 5se522a_firmware *
hp m2u87b_firmware *
hp 1mr72a_firmware *
hp w1y45a_firmware *
hp w1y43a_firmware *
hp w1b38a_firmware *
hp 8qq98a_firmware *
hp 1mr78a_firmware *
hp 3dp65a_firmware *
hp y0f72a_firmware *
hp w1a30a_firmware *
hp y0s18a_firmware *
hp j7k39a_firmware *
hp a7w93a_firmware *
hp m2u81a_firmware *
hp 1mr71a_firmware *
hp j7k42a_firmware *
hp k7s41a_firmware *
hp m2u92a_firmware *
hp 223r6a_firmware *
hp j3p65a_firmware *
hp m2u75a_firmware *
hp m2u94a_firmware *
hp t3p03a_firmware *
hp 6wd14a_firmware *
hp 1k7k7a_firmware *
hp 3uk83a_firmware *
hp y0f74a_firmware *
hp j6u57a_firmware *
hp 2ry54a_firmware *
hp k7s00a_firmware *
hp 5se16a_firmware *
hp 223n2a_firmware *
hp d3q21a_firmware *
hp 1kr57a_firmware *
hp 1mr66a_firmware *
hp 3yf66a_firmware *
hp t0f29a_firmware *
hp t0g70a_firmware *
hp w1a81a_firmware *
hp j9v82a_firmware *
hp w1b29a_firmware *
hp w1a63a_firmware *
hp w1b31a_firmware *
hp d3q19a_firmware *
hp j7k41a_firmware *
hp z4b18a_firmware *
hp 3yw75a_firmware *
hp j7k37a_firmware *
hp t0f34a_firmware *
hp w1a53a_firmware *
hp m2u77a_firmware *
hp 6wd16a_firmware *
hp z4b28a_firmware *
hp p4c85a_firmware *
hp w1a78a_firmware *
hp 5se46a_firmware *
hp 1k7k6a_firmware *
hp 223n6a_firmware *
hp k7d05a_firmware *
hp w1a82a_firmware *
hp 3yw71a_firmware *
hp 1kr58a_firmware *
hp 3yf69a_firmware *
hp z4a60a_firmware *
hp 3xd89a_firmware *
hp z4a71a_firmware *
hp w1y40a_firmware *
hp w1a35a_firmware *
hp t0f35a_firmware *
hp 1kr54a_firmware *
hp 228f5a_firmware *
hp m2u84b_firmware *
hp w1b33a_firmware *
hp t0f40a_firmware *
hp m2u94b_firmware *
hp 2ry55a_firmware *
hp l3t99a_firmware *
hp 5lj23a_firmware *
hp 3yf57a_firmware *
hp 5lj19a_firmware *
hp t0f38a_firmware *
hp 1tj09a_firmware *
hp 5lj18a_firmware *
hp z4a70a_firmware *
hp 3yw48a_firmware *
hp 5sd79a_firmware *
hp j3p66a_firmware *
hp t0f31a_firmware *
hp 1mr69a_firmware *
hp 3yf58a_firmware *
hp y3z44a_firmware *
hp m2u76a_firmware *
hp m2u85b_firmware *
hp 223r1a_firmware *
hp w1a52a_firmware *
hp w1a28a_firmware *
hp 223n1a_firmware *
hp m2u91b_firmware *
hp w1b28a_firmware *
hp 3yf56a_firmware *
hp 5lj15a_firmware *
hp 223n5a_firmware *
hp 3uk84a_firmware *
hp w1y44a_firmware *
hp y3z47a_firmware *
hp m2u84a_firmware *
hp k9z76a_firmware *
hp w1y41a_firmware *
hp z4b29a_firmware *
hp j3p68a_firmware *
hp 1mr73a_firmware *
hp d9l21a_firmware *
hp 1mr70a_firmware *
hp d3q20a_firmware *
hp w1a57a_firmware *
hp z3m52a_firmware *
hp 5se50a_firmware *
hp w1a33a_firmware *
hp y0s19a_firmware *
hp 3yf60a_firmware *
hp 1mr79a_firmware *
hp m2u86a_firmware *
hp 7xk12a_firmware *
hp 4sb23a_firmware *
hp y0f73a_firmware *
hp d9l63a_firmware *
hp g5j56a_firmware *
hp 1mr76a_firmware *
hp 1tj12a_firmware *
hp d3q16a_firmware *
hp 1mr77a_firmware *
hp m2u86b_firmware *
hp z4a73a_firmware *
hp 5se48a_firmware *
hp p4c82a_firmware *
hp 3yw51a_firmware *
hp w1a80a_firmware *
hp 223r2a_firmware *
hp d9l20a_firmware *
hp 2ry56a_firmware *
hp 93m22a_firmware *
hp 5se19a_firmware *
hp m2u81b_firmware *
hp 1g5m0a_firmware *
hp w1a32a_firmware *
hp w1a38a_firmware *
hp w1b37a_firmware *
hp 5se20a_firmware *
hp 3dp64a_firmware *
hp 1kr55a_firmware *
hp k7s40a_firmware *
hp 3yf59a_firmware *
hp k7g22a_firmware *
hp 1tj11a_firmware *
hp 226y9a_firmware *
hp k7s08a_firmware *
hp k7g93a_firmware *
hp 1kr49a_firmware *
hp k7g99a_firmware *
hp 1l0h8a_firmware *
hp g5j38a_firmware *
hp t0f36a_firmware *
hp 6wd35a_firmware *
hp m2u91a_firmware *
hp k7g18a_firmware *
hp k7g23a_firmware *
hp z3m37a_firmware *
hp w1a77a_firmware *
hp 8qq87a_firmware *
hp w1y46a_firmware *
hp 7cz37a_firmware *
hp j7k34a_firmware *
hp 2k4w2a_firmware *
hp 1tj10a_firmware *
hp t0g26a_firmware *
hp y3z46a_firmware *
hp k7s43a_firmware *
hp 223n9a_firmware *
hp z4a69a_firmware *
hp j7k36a_firmware *
hp 3uc64a_firmware *
hp 2k4w1a_firmware *
hp 3dp66a_firmware *
hp 3yw72a_firmware *
hp 5se47a_firmware *
hp 1l0h6a_firmware *
hp t0f28a_firmware *
hp z4b14a_firmware *
hp 2k5l5a_firmware *
hp 1kr42a_firmware *
hp z4b12a_firmware *
hp k7g95a_firmware *
hp m2u92b_firmware *
hp w1b39a_firmware *
hp z4a61b_firmware *
hp 8qq97a_firmware *
hp 1l0h7a_firmware *
hp 3yf68a_firmware *
hp y0k15a_firmware *
hp z4a61a_firmware *
hp 1mr67a_firmware *
hp 1mr68a_firmware *
hp j7k35a_firmware *
hp w1a34a_firmware *
hp m2u89b_firmware *
hp d3q17a_firmware *
hp t0f32a_firmware *
hp m2u86c_firmware *
hp z4a74a_firmware *
hp 8qq86a_firmware *
hp w1a47a_firmware *
hp 5se17a_firmware *
hp j6u55b_firmware *
hp w1a59a_firmware *
CVE-2022-28722

Certain HP Print Products are potentially vulnerable to Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp j6u51b_firmware *
hp y3z54a_firmware *
hp j7k38a_firmware *
hp j6x80a_firmware *
hp m9l66a_firmware *
hp t0f35a_firmware *
hp j6u55a_firmware *
hp p4c78a_firmware *
hp w1b33a_firmware *
hp j7k33a_firmware *
hp t0f40a_firmware *
hp t0g47a_firmware *
hp t0f33a_firmware *
hp t0g25a_firmware *
hp t0g48a_firmware *
hp l3t99a_firmware *
hp t0f38a_firmware *
hp t0f39a_firmware *
hp k7s32a_firmware *
hp j3p66a_firmware *
hp j6x83a_firmware *
hp t0f31a_firmware *
hp t0f30a_firmware *
hp y3z44a_firmware *
hp j7k40a_firmware *
hp w1b28a_firmware *
hp d3q15a_firmware *
hp y3z47a_firmware *
hp j9v80a_firmware *
hp k9z76a_firmware *
hp k7s39a_firmware *
hp p4c86a_firmware *
hp j3p68a_firmware *
hp d9l18a_firmware *
hp d9l21a_firmware *
hp j6x76a_firmware *
hp d3q20a_firmware *
hp t1p99a_firmware *
hp t0f37a_firmware *
hp y0s19a_firmware *
hp m9l67a_firmware *
hp k7s42a_firmware *
hp p4c84a_firmware *
hp y3z57a_firmware *
hp d9l63a_firmware *
hp g5j56a_firmware *
hp p4c81a_firmware *
hp t0g65a_firmware *
hp m9l70a_firmware *
hp j6x78a_firmware *
hp j3p67a_firmware *
hp d3q16a_firmware *
hp p4c82a_firmware *
hp t0g46a_firmware *
hp d9l20a_firmware *
hp d9l64a_firmware *
hp y3z45a_firmware *
hp w1b37a_firmware *
hp w1b38a_firmware *
hp k7s40a_firmware *
hp m9l65a_firmware *
hp y0s18a_firmware *
hp j7k39a_firmware *
hp a7w93a_firmware *
hp k7s38a_firmware *
hp j6x81a_firmware *
hp g5j38a_firmware *
hp t0f36a_firmware *
hp j7k42a_firmware *
hp k7s41a_firmware *
hp k7s37a_firmware *
hp j3p65a_firmware *
hp j7k34a_firmware *
hp j6x79a_firmware *
hp t3p03a_firmware *
hp t0g26a_firmware *
hp y3z46a_firmware *
hp j6u57a_firmware *
hp k7s43a_firmware *
hp j7k36a_firmware *
hp d3q21a_firmware *
hp t0f29a_firmware *
hp t0g70a_firmware *
hp j9v82a_firmware *
hp t0f28a_firmware *
hp w1b29a_firmware *
hp t0g49a_firmware *
hp w1b31a_firmware *
hp d3q19a_firmware *
hp j7k41a_firmware *
hp j7k37a_firmware *
hp t0f34a_firmware *
hp w1b39a_firmware *
hp p4c85a_firmware *
hp j7k35a_firmware *
hp d3q17a_firmware *
hp t0f32a_firmware *
hp j6x77a_firmware *
hp j6u55b_firmware *
CVE-2022-31635

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_455_g8_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp probook_440_g6_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp probook_635_aero_g8_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g5_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp probook_450_g6_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-31636

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_455_g8_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp probook_440_g6_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp probook_635_aero_g8_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g5_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp probook_450_g6_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-31637

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_455_g8_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp probook_440_g6_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp probook_635_aero_g8_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g5_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp probook_450_g6_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-31638

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_455_g8_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp probook_440_g6_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp probook_635_aero_g8_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g5_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp probook_450_g6_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-31639

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_455_g8_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp elitebook_x360_1040_g8_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp probook_450_g8_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp probook_440_g6_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp elitebook_x360_830_g8_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp probook_635_aero_g8_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp probook_630_g8_firmware *
hp probook_440_g5_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp probook_455_g5_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp probook_450_g6_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_445_g8_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-31640

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp engage_flex_pro-c_retail_system_firmware *
hp probook_470_g4_firmware *
hp elite_dragonfly_g3_firmware *
hp mp9_g4_retail_system_firmware *
hp prodesk_400_g6_firmware *
hp z1_g9_tower_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitedesk_800_g3_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp probook_440_g4_firmware *
hp probook_455_g8_firmware *
hp mt21_firmware *
hp elite_tower_800_g9_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp elitebook_1040_g9_firmware *
hp elite_slice_g2_firmware *
hp proone_440_g9_firmware *
hp pro_mini_400_g9_firmware *
hp probook_645_g4_firmware *
hp proone_600_g4_firmware *
hp elitebook_836_g6_firmware *
hp elitedesk_880_g6_firmware *
hp elitebook_1040_g4_firmware *
hp elitebook_845_g9_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp elitedesk_705_g4_firmware *
hp prodesk_405_g4_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp eliteone_800_g8_firmware *
hp eliteone_870_g9_firmware *
hp elitedesk_880_g8_firmware *
hp proone_440_g4_firmware *
hp prodesk_680_g4_firmware *
hp probook_x360_440_g1_firmware *
hp zhan_66_pro_g5_firmware *
hp elitebook_840r_g4_firmware *
hp zbook_15u_g5_firmware *
hp probook_430_g4_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_800_g4_firmware *
hp elitebook_x360_1040_g8_firmware *
hp zbook_15_g4_firmware *
hp elite_x360_1040_g9_firmware *
hp elitedesk_705_g5_firmware *
hp elitebook_830_g9_firmware *
hp elitebook_850_g7_firmware *
hp elitebook_835_g9_firmware *
hp eliteone_1000_g1_firmware *
hp eliteone_1000_g2_firmware *
hp elitebook_840_g7_firmware *
hp elitebook_840_g6_firmware *
hp probook_650_g7_firmware *
hp elitedesk_800_g6_firmware *
hp elitebook_640_g9_firmware *
hp eliteone_800_g3_healthcare_edition_firmware *
hp zbook_power_g9_firmware *
hp engage_flex_pro_retail_system_firmware *
hp elitebook_650_g9_firmware *
hp elitebook_x360_1040_g6_firmware *
hp probook_635_aero_g8_firmware *
hp proone_400_g6_firmware *
hp prodesk_480_g7_pci_firmware *
hp elite_tower_680_g9_firmware *
hp elite_mini_800_g9_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp eliteone_800_g5_healthcare_edition_firmware *
hp proone_440_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp prodesk_400_g3_firmware *
hp zhan_66_pro_g1_firmware *
hp z2_mini_g3_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp zbook_15_g6_firmware *
hp probook_445_g7_firmware *
hp elitedesk_880_g5_firmware *
hp probook_430_g6_firmware *
hp elitebook_845_g7_firmware *
hp mt46_firmware *
hp elite_x360_830_g9_firmware *
hp elitebook_865_g9_firmware *
hp proone_400_g5_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_400_g4_firmware *
hp elitedesk_800_g5_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp prodesk_405_g6_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp rp9_g1_retail_system_firmware *
hp eliteone_800_g6_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp probook_440_g9_firmware *
hp probook_fortis_g10_firmware *
hp zbook_17_g5_firmware *
hp proone_600_g5_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp elitebook_850_g5_firmware *
hp proone_480_g3_firmware *
hp mt32_firmware *
hp elitebook_846_g5_healthcare_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_g8_firmware *
hp probook_640_g7_firmware *
hp elitebook_x360_1040_g5_firmware *
hp zbook_create_g7_firmware *
hp probook_640_g3_firmware *
hp elite_tower_600_g9_firmware *
hp zbook_fury_g8_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp mt31_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_680_g3_firmware *
hp elitebook_840_g8_firmware *
hp probook_655_g3_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp eliteone_800_g3_firmware *
hp zbook_studio_g9_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitebook_860_g9_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_x360_11_g2_ee_firmware *
hp zbook_17_g6_firmware *
hp zbook_power_g8_firmware *
hp proone_400_g3_firmware *
hp elite_tower_880_g9_firmware *
hp pro_tower_480_g9_firmware *
hp pro_tower_400_g9_firmware *
hp z2_tower_g9_firmware *
hp elitedesk_880_g4_firmware *
hp pro_sff_400_g9_firmware *
hp probook_450_g9_firmware *
hp z2_small_form_factor_g8_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z2_mini_g4_firmware *
hp z2_small_form_factor_g4_firmware *
hp z1_all-in-one_g3_firmware *
hp elite_x2_g8__firmware *
hp elitebook_846_g5_firmware *
hp probook_640_g4_firmware *
hp mini_conferencing_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp probook_440_g5_firmware *
hp elitebook_835_g8_firmware *
hp zhan_66_pro_g3_firmware *
hp engage_one_pro_aio_system_firmware *
hp probook_645_g3_firmware *
hp probook_650_g3_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elitebook_840_g9_firmware *
hp probook_450_g8_firmware *
hp elitebook_850_g6_firmware *
hp probook_455_g7_firmware *
hp elitebook_745_g5_firmware *
hp elitedesk_880_g3_firmware *
hp probook_455_g5_firmware *
hp probook_440_g6_firmware *
hp zbook_firefly_g9_firmware *
hp elitebook_846r_g4_firmware *
hp elitedesk_805_g8_firmware *
hp elitebook_x360_830_g8_firmware *
hp elite_x2_1012_g2_firmware *
hp elitebook_630_g9_firmware *
hp probook_470_g5_firmware *
hp elitebook_1050_g1_firmware *
hp elite_x2_1013_g3_firmware *
hp mt45_firmware *
hp z2_small_form_factor_g5_firmware *
hp probook_fortis_g9_firmware *
hp z2_tower_g5_firmware *
hp probook_x360_435_g7_firmware *
hp mt43_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp probook_x360_435_g8_firmware *
hp elite_sff_800_g9_firmware *
hp pro_mt440_g3_firmware *
hp elitebook_835_g7_firmware *
hp elitebook_745_g6_firmware *
hp zhan_66_pro_14_g4_firmware *
hp pro_x360_fortis_g10_firmware *
hp z240_tower_firmware *
hp probook_455_g9_firmware *
hp elite_dragonfly_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp elitedesk_805_g6_firmware *
hp z1_entry_tower_g5_firmware *
hp prodesk_400_g5_firmware *
hp zhan_66_pro_a_14_g4_firmware *
hp probook_450_g4_firmware *
hp prodesk_400_g7_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitebook_845_g8_firmware *
hp probook_455_g4_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp z2_mini_g5_firmware *
hp eliteone_800_g5_firmware *
hp probook_650_g4_firmware *
hp zbook_firefly_g8_firmware *
hp proone_600_g3_firmware *
hp z1_entry_tower_g6_firmware *
hp mt44_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp prodesk_680_g6_pci_firmware *
hp zhan_x_13_g2_firmware *
hp z2_mini_g9_firmware *
hp probook_455_g6_firmware *
hp prodesk_600_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp z1_g8_tower_firmware *
hp eliteone_800_g4_healthcare_edition_firmware *
hp zbook_fury_16_g9_firmware *
hp prodesk_480_g4_firmware *
hp z238_microtower_firmware *
hp elitebook_645_g9_firmware *
hp elitebook_655_g9_firmware *
hp z2_small_form_factor_g9_firmware *
hp elite_mini_600_g9_firmware *
hp prodesk_600_g3_firmware *
hp elitebook_745_g4_firmware *
hp pro_x360_fortis_g9_firmware *
hp elitebook_735_g5_firmware *
hp zbook_studio_g4_firmware *
hp probook_445_g9_firmware *
hp zbook_studio_g8_firmware *
hp zbook_17_g4_firmware *
hp proone_400_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp probook_445_g8_firmware *
hp elitebook_755_g4_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp elitebook_830_g6_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp mt22_firmware *
hp eliteone_840_g9_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_440_g6_firmware *
hp probook_x360_11_g6_ee_firmware *
hp prodesk_480_g6_firmware *
hp prodesk_405_g8_firmware *
hp zbook_15_g5_firmware *
hp zhan_66_pro_a_14_g5_firmware *
hp prodesk_480_g5_firmware *
hp prodesk_600_g5_firmware *
hp z2_tower_g4_firmware *
hp z240_small_form_factor_firmware *
hp eliteone_800_g4_firmware *
hp z2_tower_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp probook_430_g7_firmware *
hp elite_sff_600_g9_firmware *
hp elitebook_848_g4_firmware *
hp probook_455r_g6_firmware *
hp prodesk_600_g4_firmware *
hp proone_600_g6_firmware *
CVE-2022-31641

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp engage_flex_pro-c_retail_system_firmware *
hp probook_470_g4_firmware *
hp elite_dragonfly_g3_firmware *
hp mp9_g4_retail_system_firmware *
hp prodesk_400_g6_firmware *
hp z1_g9_tower_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitedesk_800_g3_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp probook_440_g4_firmware *
hp probook_455_g8_firmware *
hp mt21_firmware *
hp elite_tower_800_g9_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp elitebook_1040_g9_firmware *
hp elite_slice_g2_firmware *
hp proone_440_g9_firmware *
hp pro_mini_400_g9_firmware *
hp probook_645_g4_firmware *
hp proone_600_g4_firmware *
hp elitebook_836_g6_firmware *
hp elitedesk_880_g6_firmware *
hp elitebook_1040_g4_firmware *
hp elitebook_845_g9_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp elitedesk_705_g4_firmware *
hp prodesk_405_g4_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp eliteone_800_g8_firmware *
hp eliteone_870_g9_firmware *
hp elitedesk_880_g8_firmware *
hp proone_440_g4_firmware *
hp prodesk_680_g4_firmware *
hp probook_x360_440_g1_firmware *
hp zhan_66_pro_g5_firmware *
hp elitebook_840r_g4_firmware *
hp zbook_15u_g5_firmware *
hp probook_430_g4_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_800_g4_firmware *
hp elitebook_x360_1040_g8_firmware *
hp zbook_15_g4_firmware *
hp elite_x360_1040_g9_firmware *
hp elitedesk_705_g5_firmware *
hp elitebook_830_g9_firmware *
hp elitebook_850_g7_firmware *
hp elitebook_835_g9_firmware *
hp eliteone_1000_g1_firmware *
hp eliteone_1000_g2_firmware *
hp elitebook_840_g7_firmware *
hp elitebook_840_g6_firmware *
hp probook_650_g7_firmware *
hp elitedesk_800_g6_firmware *
hp elitebook_640_g9_firmware *
hp eliteone_800_g3_healthcare_edition_firmware *
hp zbook_power_g9_firmware *
hp engage_flex_pro_retail_system_firmware *
hp elitebook_650_g9_firmware *
hp elitebook_x360_1040_g6_firmware *
hp probook_635_aero_g8_firmware *
hp proone_400_g6_firmware *
hp prodesk_480_g7_pci_firmware *
hp elite_tower_680_g9_firmware *
hp elite_mini_800_g9_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp eliteone_800_g5_healthcare_edition_firmware *
hp proone_440_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp prodesk_400_g3_firmware *
hp zhan_66_pro_g1_firmware *
hp z2_mini_g3_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp zbook_15_g6_firmware *
hp probook_445_g7_firmware *
hp elitedesk_880_g5_firmware *
hp probook_430_g6_firmware *
hp elitebook_845_g7_firmware *
hp mt46_firmware *
hp elite_x360_830_g9_firmware *
hp elitebook_865_g9_firmware *
hp proone_400_g5_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_400_g4_firmware *
hp elitedesk_800_g5_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp prodesk_405_g6_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp rp9_g1_retail_system_firmware *
hp eliteone_800_g6_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp probook_440_g9_firmware *
hp probook_fortis_g10_firmware *
hp zbook_17_g5_firmware *
hp proone_600_g5_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp elitebook_850_g5_firmware *
hp proone_480_g3_firmware *
hp mt32_firmware *
hp elitebook_846_g5_healthcare_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_g8_firmware *
hp probook_640_g7_firmware *
hp elitebook_x360_1040_g5_firmware *
hp zbook_create_g7_firmware *
hp probook_640_g3_firmware *
hp elite_tower_600_g9_firmware *
hp zbook_fury_g8_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp mt31_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_680_g3_firmware *
hp elitebook_840_g8_firmware *
hp probook_655_g3_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp eliteone_800_g3_firmware *
hp zbook_studio_g9_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitebook_860_g9_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_x360_11_g2_ee_firmware *
hp zbook_17_g6_firmware *
hp zbook_power_g8_firmware *
hp proone_400_g3_firmware *
hp elite_tower_880_g9_firmware *
hp pro_tower_480_g9_firmware *
hp pro_tower_400_g9_firmware *
hp z2_tower_g9_firmware *
hp elitedesk_880_g4_firmware *
hp pro_sff_400_g9_firmware *
hp probook_450_g9_firmware *
hp z2_small_form_factor_g8_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z2_mini_g4_firmware *
hp z2_small_form_factor_g4_firmware *
hp z1_all-in-one_g3_firmware *
hp elite_x2_g8__firmware *
hp elitebook_846_g5_firmware *
hp probook_640_g4_firmware *
hp mini_conferencing_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp probook_440_g5_firmware *
hp elitebook_835_g8_firmware *
hp zhan_66_pro_g3_firmware *
hp engage_one_pro_aio_system_firmware *
hp probook_645_g3_firmware *
hp probook_650_g3_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elitebook_840_g9_firmware *
hp probook_450_g8_firmware *
hp elitebook_850_g6_firmware *
hp probook_455_g7_firmware *
hp elitebook_745_g5_firmware *
hp elitedesk_880_g3_firmware *
hp probook_455_g5_firmware *
hp probook_440_g6_firmware *
hp zbook_firefly_g9_firmware *
hp elitebook_846r_g4_firmware *
hp elitedesk_805_g8_firmware *
hp elitebook_x360_830_g8_firmware *
hp elite_x2_1012_g2_firmware *
hp elitebook_630_g9_firmware *
hp probook_470_g5_firmware *
hp elitebook_1050_g1_firmware *
hp elite_x2_1013_g3_firmware *
hp mt45_firmware *
hp z2_small_form_factor_g5_firmware *
hp probook_fortis_g9_firmware *
hp z2_tower_g5_firmware *
hp probook_x360_435_g7_firmware *
hp mt43_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp probook_x360_435_g8_firmware *
hp elite_sff_800_g9_firmware *
hp pro_mt440_g3_firmware *
hp elitebook_835_g7_firmware *
hp elitebook_745_g6_firmware *
hp zhan_66_pro_14_g4_firmware *
hp pro_x360_fortis_g10_firmware *
hp z240_tower_firmware *
hp probook_455_g9_firmware *
hp elite_dragonfly_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp elitedesk_805_g6_firmware *
hp z1_entry_tower_g5_firmware *
hp prodesk_400_g5_firmware *
hp zhan_66_pro_a_14_g4_firmware *
hp probook_450_g4_firmware *
hp prodesk_400_g7_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitebook_845_g8_firmware *
hp probook_455_g4_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp z2_mini_g5_firmware *
hp eliteone_800_g5_firmware *
hp probook_650_g4_firmware *
hp zbook_firefly_g8_firmware *
hp proone_600_g3_firmware *
hp z1_entry_tower_g6_firmware *
hp mt44_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp prodesk_680_g6_pci_firmware *
hp zhan_x_13_g2_firmware *
hp z2_mini_g9_firmware *
hp probook_455_g6_firmware *
hp prodesk_600_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp z1_g8_tower_firmware *
hp eliteone_800_g4_healthcare_edition_firmware *
hp zbook_fury_16_g9_firmware *
hp prodesk_480_g4_firmware *
hp z238_microtower_firmware *
hp elitebook_645_g9_firmware *
hp elitebook_655_g9_firmware *
hp z2_small_form_factor_g9_firmware *
hp elite_mini_600_g9_firmware *
hp prodesk_600_g3_firmware *
hp elitebook_745_g4_firmware *
hp pro_x360_fortis_g9_firmware *
hp elitebook_735_g5_firmware *
hp zbook_studio_g4_firmware *
hp probook_445_g9_firmware *
hp zbook_studio_g8_firmware *
hp zbook_17_g4_firmware *
hp proone_400_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp probook_445_g8_firmware *
hp elitebook_755_g4_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp elitebook_830_g6_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp mt22_firmware *
hp eliteone_840_g9_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_440_g6_firmware *
hp probook_x360_11_g6_ee_firmware *
hp prodesk_480_g6_firmware *
hp prodesk_405_g8_firmware *
hp zbook_15_g5_firmware *
hp zhan_66_pro_a_14_g5_firmware *
hp prodesk_480_g5_firmware *
hp prodesk_600_g5_firmware *
hp z2_tower_g4_firmware *
hp z240_small_form_factor_firmware *
hp eliteone_800_g4_firmware *
hp z2_tower_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp probook_430_g7_firmware *
hp elite_sff_600_g9_firmware *
hp elitebook_848_g4_firmware *
hp probook_455r_g6_firmware *
hp prodesk_600_g4_firmware *
hp proone_600_g6_firmware *
CVE-2022-31642

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp zbook_fury_17_g7_firmware *
hp engage_flex_pro-c_retail_system_firmware *
hp probook_470_g4_firmware *
hp elite_dragonfly_g3_firmware *
hp mp9_g4_retail_system_firmware *
hp prodesk_400_g6_firmware *
hp z1_g9_tower_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elitedesk_800_g3_firmware *
hp elitebook_850_g8_firmware *
hp zbook_firefly_15_g7_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp probook_440_g4_firmware *
hp probook_455_g8_firmware *
hp mt21_firmware *
hp elite_tower_800_g9_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp elitebook_1040_g9_firmware *
hp elite_slice_g2_firmware *
hp proone_440_g9_firmware *
hp pro_mini_400_g9_firmware *
hp probook_645_g4_firmware *
hp proone_600_g4_firmware *
hp elitebook_836_g6_firmware *
hp elitedesk_880_g6_firmware *
hp elitebook_1040_g4_firmware *
hp elitebook_845_g9_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp elitedesk_705_g4_firmware *
hp prodesk_405_g4_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp eliteone_800_g8_firmware *
hp eliteone_870_g9_firmware *
hp elitedesk_880_g8_firmware *
hp proone_440_g4_firmware *
hp prodesk_680_g4_firmware *
hp probook_x360_440_g1_firmware *
hp zhan_66_pro_g5_firmware *
hp elitebook_840r_g4_firmware *
hp zbook_15u_g5_firmware *
hp probook_430_g4_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_800_g4_firmware *
hp elitebook_x360_1040_g8_firmware *
hp zbook_15_g4_firmware *
hp elite_x360_1040_g9_firmware *
hp elitedesk_705_g5_firmware *
hp elitebook_830_g9_firmware *
hp elitebook_850_g7_firmware *
hp elitebook_835_g9_firmware *
hp eliteone_1000_g1_firmware *
hp eliteone_1000_g2_firmware *
hp elitebook_840_g7_firmware *
hp elitebook_840_g6_firmware *
hp probook_650_g7_firmware *
hp elitedesk_800_g6_firmware *
hp elitebook_640_g9_firmware *
hp eliteone_800_g3_healthcare_edition_firmware *
hp zbook_power_g9_firmware *
hp engage_flex_pro_retail_system_firmware *
hp elitebook_650_g9_firmware *
hp elitebook_x360_1040_g6_firmware *
hp probook_635_aero_g8_firmware *
hp proone_400_g6_firmware *
hp prodesk_480_g7_pci_firmware *
hp elite_tower_680_g9_firmware *
hp elite_mini_800_g9_firmware *
hp zhan_66_pro_14_g2_firmware *
hp probook_640_g5_firmware *
hp eliteone_800_g5_healthcare_edition_firmware *
hp proone_440_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp prodesk_400_g3_firmware *
hp zhan_66_pro_g1_firmware *
hp z2_mini_g3_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp zbook_15_g6_firmware *
hp probook_445_g7_firmware *
hp elitedesk_880_g5_firmware *
hp probook_430_g6_firmware *
hp elitebook_845_g7_firmware *
hp mt46_firmware *
hp elite_x360_830_g9_firmware *
hp elitebook_865_g9_firmware *
hp proone_400_g5_firmware *
hp elitebook_x360_1030_g8_firmware *
hp prodesk_400_g4_firmware *
hp elitedesk_800_g5_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp prodesk_405_g6_firmware *
hp probook_450_g5_firmware *
hp elite_x2_g4_firmware *
hp rp9_g1_retail_system_firmware *
hp eliteone_800_g6_firmware *
hp probook_440_g8_firmware *
hp elitebook_x360_1040_g7_firmware *
hp probook_440_g9_firmware *
hp probook_fortis_g10_firmware *
hp zbook_17_g5_firmware *
hp proone_600_g5_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp elitebook_850_g5_firmware *
hp proone_480_g3_firmware *
hp mt32_firmware *
hp elitebook_846_g5_healthcare_edition_firmware *
hp elite_dragonfly_max_firmware *
hp elitedesk_800_g8_firmware *
hp probook_640_g7_firmware *
hp elitebook_x360_1040_g5_firmware *
hp zbook_create_g7_firmware *
hp probook_640_g3_firmware *
hp elite_tower_600_g9_firmware *
hp zbook_fury_g8_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp mt31_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_680_g3_firmware *
hp elitebook_840_g8_firmware *
hp probook_655_g3_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp eliteone_800_g3_firmware *
hp zbook_studio_g9_firmware *
hp zhan_66_pro_15_g3_firmware *
hp elitebook_860_g9_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_x360_11_g2_ee_firmware *
hp zbook_17_g6_firmware *
hp zbook_power_g8_firmware *
hp proone_400_g3_firmware *
hp elite_tower_880_g9_firmware *
hp pro_tower_480_g9_firmware *
hp pro_tower_400_g9_firmware *
hp z2_tower_g9_firmware *
hp elitedesk_880_g4_firmware *
hp pro_sff_400_g9_firmware *
hp probook_450_g9_firmware *
hp z2_small_form_factor_g8_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z2_mini_g4_firmware *
hp z2_small_form_factor_g4_firmware *
hp z1_all-in-one_g3_firmware *
hp elite_x2_g8__firmware *
hp elitebook_846_g5_firmware *
hp probook_640_g4_firmware *
hp mini_conferencing_firmware *
hp probook_630_g8_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp probook_440_g5_firmware *
hp elitebook_835_g8_firmware *
hp zhan_66_pro_g3_firmware *
hp engage_one_pro_aio_system_firmware *
hp probook_645_g3_firmware *
hp probook_650_g3_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elitebook_840_g9_firmware *
hp probook_450_g8_firmware *
hp elitebook_850_g6_firmware *
hp probook_455_g7_firmware *
hp elitebook_745_g5_firmware *
hp elitedesk_880_g3_firmware *
hp probook_455_g5_firmware *
hp probook_440_g6_firmware *
hp zbook_firefly_g9_firmware *
hp elitebook_846r_g4_firmware *
hp elitedesk_805_g8_firmware *
hp elitebook_x360_830_g8_firmware *
hp elite_x2_1012_g2_firmware *
hp elitebook_630_g9_firmware *
hp probook_470_g5_firmware *
hp elitebook_1050_g1_firmware *
hp elite_x2_1013_g3_firmware *
hp mt45_firmware *
hp z2_small_form_factor_g5_firmware *
hp probook_fortis_g9_firmware *
hp z2_tower_g5_firmware *
hp probook_x360_435_g7_firmware *
hp mt43_firmware *
hp probook_650_g5_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp probook_x360_435_g8_firmware *
hp elite_sff_800_g9_firmware *
hp pro_mt440_g3_firmware *
hp elitebook_835_g7_firmware *
hp elitebook_745_g6_firmware *
hp zhan_66_pro_14_g4_firmware *
hp pro_x360_fortis_g10_firmware *
hp z240_tower_firmware *
hp probook_455_g9_firmware *
hp elite_dragonfly_firmware *
hp probook_x360_11_g4_ee_firmware *
hp probook_650_g8_firmware *
hp elitedesk_805_g6_firmware *
hp z1_entry_tower_g5_firmware *
hp prodesk_400_g5_firmware *
hp zhan_66_pro_a_14_g4_firmware *
hp probook_450_g4_firmware *
hp prodesk_400_g7_firmware *
hp engage_flex_mini_retail_system_firmware *
hp elitebook_845_g8_firmware *
hp probook_455_g4_firmware *
hp elitebook_830_g7_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp z2_mini_g5_firmware *
hp eliteone_800_g5_firmware *
hp probook_650_g4_firmware *
hp zbook_firefly_g8_firmware *
hp proone_600_g3_firmware *
hp z1_entry_tower_g6_firmware *
hp mt44_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp probook_445r_g6_firmware *
hp prodesk_680_g6_pci_firmware *
hp zhan_x_13_g2_firmware *
hp z2_mini_g9_firmware *
hp probook_455_g6_firmware *
hp prodesk_600_g6_firmware *
hp probook_450_g6_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp z1_g8_tower_firmware *
hp eliteone_800_g4_healthcare_edition_firmware *
hp zbook_fury_16_g9_firmware *
hp prodesk_480_g4_firmware *
hp z238_microtower_firmware *
hp elitebook_645_g9_firmware *
hp elitebook_655_g9_firmware *
hp z2_small_form_factor_g9_firmware *
hp elite_mini_600_g9_firmware *
hp prodesk_600_g3_firmware *
hp elitebook_745_g4_firmware *
hp pro_x360_fortis_g9_firmware *
hp elitebook_735_g5_firmware *
hp zbook_studio_g4_firmware *
hp probook_445_g9_firmware *
hp zbook_studio_g8_firmware *
hp zbook_17_g4_firmware *
hp proone_400_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp probook_430_g8_firmware *
hp probook_445_g8_firmware *
hp elitebook_755_g4_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp elitebook_830_g6_firmware *
hp probook_445_g6_firmware *
hp elitebook_830_g8_firmware *
hp mt22_firmware *
hp eliteone_840_g9_firmware *
hp elitebook_x360_1030_g7_firmware *
hp zbook_studio_g5_firmware *
hp elitebook_836_g5_firmware *
hp proone_440_g6_firmware *
hp probook_x360_11_g6_ee_firmware *
hp prodesk_480_g6_firmware *
hp prodesk_405_g8_firmware *
hp zbook_15_g5_firmware *
hp zhan_66_pro_a_14_g5_firmware *
hp prodesk_480_g5_firmware *
hp prodesk_600_g5_firmware *
hp z2_tower_g4_firmware *
hp z240_small_form_factor_firmware *
hp eliteone_800_g4_firmware *
hp z2_tower_g8_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp probook_430_g7_firmware *
hp elite_sff_600_g9_firmware *
hp elitebook_848_g4_firmware *
hp probook_455r_g6_firmware *
hp prodesk_600_g4_firmware *
hp proone_600_g6_firmware *
CVE-2022-31643

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.

Products Affected

Vendor Product Version
hp elitedesk_805_g8_firmware 02.05.02
hp zhan_66_pro_a_14_g5_firmware 01.08.01
hp elite_x360_1040_g9_firmware 01.03.01
hp zbook_fury_16_g9_firmware 01.03.02
hp zbook_power_g8_firmware 01.10.00
hp pro_tower_400_g9_firmware 02.05.00
hp elite_mini_600_g9_firmware 02.05.00
hp elitebook_855_g8_firmware 01.10.00
hp probook_x360_11_g7_ee_firmware 01.10.00
hp probook_635_aero_g8_firmware 01.10.00
hp elitebook_835_g8_firmware 01.10.00
hp elitedesk_800_g8_firmware 02.09.01
hp elitebook_645_g9_firmware 01.08.01
hp probook_455_g8_firmware 01.10.00
hp zhan_66_pro_g5_firmware 01.04.00
hp probook_450_g8_firmware 01.10.00
hp elite_x360_830_g9_firmware 01.03.01
hp elitebook_655_g9_firmware 01.08.01
hp zhan_66_pro_a_14_g4_firmware 01.10.00
hp elitebook_630_g9_firmware 01.04.00
hp elitebook_850_g8_firmware 01.10.00
hp elitebook_x360_830_g8_firmware 01.10.00
hp z1_g9_tower_firmware 02.05.01
hp hp_z2_tower_g8_firmware 01.05.02
hp probook_640_g8_firmware 01.10.00
hp elite_mt645_g7_firmware 01.10.01
hp probook_455_g9_firmware 01.08.01
hp elitebook_840_aero_g8_firmware 01.10.00
hp hp_z2_tower_g9_firmware 01.04.00
hp dragonfly_folio_g3_firmware 01.03.01
hp elitebook_830_g8_firmware 01.10.00
hp eliteone_870_g9_firmware 02.06.00
hp elitebook_830_g9_firmware 01.03.01
hp elitebook_840_g8_firmware 01.10.00
hp elitebook_840_g9_firmware 01.03.01
hp elite_sff_600_g9_firmware 02.05.01
hp eliteone_800_g8_24_firmware 02.09.01
hp probook_440_g8_firmware 01.10.00
hp elite_dragonfly_g3_firmware 01.03.01
hp pro_x360_fortis_g9_firmware 01.03.00
hp elitebook_845_g9_firmware 01.02.01
hp z1_g8_tower_firmware 02.09.01
hp elite_sff_800_g9_firmware 02.05.01
hp eliteone_840_g9_firmware 02.06.00
hp elitebook_860_g9_firmware 01.03.01
hp zbook_firefly_g9_firmware 01.03.01
hp zbook_studio_g9_firmware 01.03.01
hp pro_x360_fortis_g10_firmware 01.03.00
hp zbook_power_g9_firmware 01.03.00
hp elite_tower_880_g9_firmware 02.05.01
hp eliteone_800_g8_27_firmware 02.09.01
hp probook_445_g9_firmware 01.08.01
hp elitedesk_880_g8_firmware 02.09.01
hp elite_x2_g8_firmware 01.10.00
hp probook_440_g9_firmware 01.04.00
hp probook_fortis_g9_firmware 01.03.00
hp elite_dragonfly_max_firmware 01.10.00
hp probook_630_g8_firmware 01.10.00
hp probook_x360_435_g8_firmware 01.10.00
hp engage_go_10_firmware 01.10.00
hp elite_tower_680_g9_firmware 02.05.01
hp elite_tower_600_g9_firmware 02.05.01
hp zbook_fury_g8_firmware 01.10.00
hp elitebook_865_g9_firmware 01.02.01
hp elite_tower_800_g9_firmware 02.05.01
hp elitebook_x360_1040_g8_firmware 01.10.00
hp hp_z2_mini_g9_firmware 01.04.00
hp hp_z2_small_form_factor_g8_firmware 01.05.02
hp probook_430_g8_firmware 01.10.00
hp prodesk_405_g8_firmware 02.05.02
hp probook_fortis_g10_firmware 01.03.00
hp pro_mini_400_g9_firmware 02.05.00
hp elitebook_x360_1030_g8_firmware 01.10.00
hp pro_sff_400_g9_firmware 02.05.00
hp zbook_firefly_g8_firmware 01.10.00
hp probook_445_g8_firmware 01.10.00
hp elite_dragonfly_g2_firmware 01.10.00
hp elitebook_1040_g9_firmware 01.03.01
hp probook_650_g8_firmware 01.10.00
hp elitebook_845_g8_firmware 01.10.00
hp pro_tower_480_g9_firmware 02.05.00
hp elitebook_650_g9_firmware 01.04.00
hp zbook_studio_g8_firmware 01.10.00
hp elite_mini_800_g9_firmware 02.05.00
hp elitebook_835_g9_firmware 01.02.01
hp pro_mt440_g3_firmware 01.05.00
hp hp_z2_small_form_factor_g9_firmware 01.04.00
hp probook_450_g9_firmware 01.04.00
hp proone_440_g9_firmware 02.05.00
hp elitebook_640_g9_firmware 01.04.00
hp mini_conferencing_pc_firmware 02.05.00
CVE-2022-31644

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp z1_entry_tower_g6_workstation_firmware 02.12.01
hp probook_445_g7_firmware 01.10.00
hp zbook_fury_16_g9_firmware 01.03.02
hp probook_450_g5_firmware 01.21.01
hp elitebook_836_g6_firmware 01.21.01
hp elite_slice_g2_firmware 2.59
hp elitebook_645_g9_firmware 01.08.01
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_firmware 02.21.00
hp elitedesk_880_g3_tower_firmware 2.44
hp probook_430_g6_firmware 01.21.01
hp engage_go_10_mobile_system_firmware 01.10.00
hp elitebook_845_g7_firmware 01.10.00
hp zhan_x_13_g2_firmware 01.21.01
hp eliteone_1000_g2_23.8-in_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g6_desktop_mini_firmware 02.12.01
hp probook_470_g5_firmware 01.21.01
hp elitebook_735_g6_firmware 01.21.01
hp prodesk_405_g8_desktop_mini_firmware 02.05.02
hp elitedesk_705_g5_desktop_mini_firmware 02.15.00
hp elite_x2_1013_g3_firmware 01.21.01
hp elitedesk_800_g8_desktop_mini_firmware 02.09.01
hp probook_440_g6_firmware 01.21.01
hp prodesk_405_g6_desktop_mini_firmware 02.09.01
hp engage_go_mobile_system_firmware 01.21.01
hp mt44_mobile_thin_client_firmware 01.21.01
hp elitebook_855_g7_firmware 01.10.00
hp engage_flex_mini_retail_system_firmware 02.12.01
hp prodesk_600_g5_small_form_factor_firmware 02.15.00
hp z2_tower_g8_workstation_firmware 01.06.00
hp z1_g8_tower_firmware 02.09.01
hp elitebook_850_g5_firmware 01.21.01
hp probook_430_g5_firmware 01.21.01
hp zbook_14u_g6_firmware 01.21.01
hp probook_440_g5_firmware 01.21.01
hp elitedesk_800_65w_g2_desktop_mini_firmware 2.59
hp elitebook_830_g7_firmware 01.10.00
hp zbook_15_g5_firmware 01.21.02
hp probook_440_g7_firmware 01.14.00
hp probook_fortis_g9_firmware 01.03.00
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g4_workstation_firmware 02.20.01
hp elite_x2_1012_g1_firmware 1.57
hp elite_x2_g4_firmware 01.21.01
hp elitedesk_800_35w_g2_desktop_mini_firmware 2.59
hp prodesk_405_g6_small_form_factor_firmware 02.09.01
hp elitedesk_800_g5_desktop_mini_firmware 02.15.00
hp elitedesk_880_g6_tower_firmware 02.12.01
hp probook_650_g4_firmware 01.21.01
hp prodesk_400_g4_desktop_mini_firmware 02.21.00
hp elitebook_745_g6_firmware 01.21.01
hp prodesk_405_g4_desktop_mini_firmware 02.20.00
hp prodesk_405_g4_small_form_factor_firmware 02.20.00
hp pro_mini_400_g9_firmware 02.05.00
hp elitebook_1040_g4_firmware 1.44
hp prodesk_400_g6_desktop_mini_firmware 02.12.01
hp proone_600_g5_21.5-in_all-in-one_business_firmware 02.15.00
hp elitebook_x360_1030_g8_firmware 01.10.00
hp z2_small_form_factor_g8_workstation_firmware 01.06.00
hp zhan_66_pro_14_g4_firmware 01.10.00
hp elitedesk_800_g6_tower_firmware 02.12.01
hp probook_x360_11_g4_ee_firmware 01.16.00
hp elitedesk_880_g8_tower_firmware 02.09.01
hp prodesk_600_g4_microtower_firmware 02.21.00
hp elitedesk_880_g4_tower_firmware 02.21.00
hp pro_tower_480_g9_firmware 02.05.00
hp elitebook_x360_1040_g7_firmware 01.10.00
hp zhan_66_pro_g1_firmware 01.21.01
hp zbook_17_g5_firmware 01.21.02
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_firmware 02.21.00
hp zhan_66_pro_g3_24_all-in-one_firmware 02.12.01
hp zbook_firefly_15_g7_firmware 01.10.00
hp zhan_66_pro_13_g2_firmware 01.21.01
hp prodesk_600_g3_microtower_firmware 2.44
hp prodesk_600_g6_small_form_factor_firmware 02.12.01
hp elitebook_x360_1030_g4_firmware 01.21.01
hp engage_one_pro_aio_system_firmware 02.12.01
hp elitebook_840_g7_firmware 01.10.00
hp elite_mini_600_g9_firmware 02.05.00
hp elitebook_855_g8_firmware 01.10.00
hp probook_635_aero_g8_firmware 01.10.00
hp eliteone_800_g5_23.8-inch_all-in-one_firmware 02.15.00
hp prodesk_600_g5_microtower_firmware 02.15.00
hp elitebook_835_g8_firmware 01.10.00
hp probook_640_g7_firmware 01.10.00
hp proone_440_g6_24_all-in-one_firmware 02.12.01
hp probook_455_g8_firmware 01.10.00
hp zhan_66_pro_g5_firmware 01.04.00
hp probook_450_g8_firmware 01.10.00
hp zhan_66_pro_15_g2_firmware 01.21.01
hp elitebook_1050_g1_firmware 01.22.00
hp elitebook_735_g5_firmware 01.21.01
hp eliteone_1000_g1_34-in_curved_all-in-one_business_firmware 2.44
hp elitebook_655_g9_firmware 01.08.01
hp z2_small_form_factor_g5_workstation_firmware 01.04.07
hp prodesk_480_g6_microtower_firmware 02.15.00
hp elitedesk_800_g4_tower_firmware 02.21.00
hp prodesk_400_g6_microtower_firmware 02.15.00
hp elitedesk_800_g8_tower_firmware 02.09.01
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp probook_650_g7_firmware 01.10.00
hp elitedesk_805_g6_small_form_factor_firmware 02.09.01
hp z2_mini_g4_workstation_firmware 01.08.03
hp proone_400_g2_20-inch_non-touch_all-in-one_firmware 2.59
hp elitedesk_800_65w_g4_desktop_mini_firmware 02.20.01
hp engage_flex_pro_retail_system_firmware 02.21.00
hp elitebook_x360_1040_g6_firmware 01.21.01
hp prodesk_680_g2_microtower_firmware 2.59
hp elitedesk_880_g5_tower_firmware 02.15.00
hp prodesk_600_g6_firmware 02.12.01
hp probook_x360_11_g3_ee_firmware 01.20.00
hp proone_400_g6_20_all-in-one_firmware 02.12.01
hp proone_400_g3_20-inch_non-touch_all-in-one_firmware 2.44
hp dragonfly_folio_g3_2-in-1_firmware 01.01.03
hp elitebook_845_g9_firmware 01.02.01
hp elite_sff_800_g9_firmware 02.05.01
hp prodesk_600_g3_desktop_mini_firmware 2.44
hp eliteone_800_g5_23.8-in_all-in-one_firmware 02.15.00
hp zbook_power_g7_firmware 01.10.00
hp proone_400_g5_20-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g4_21.5-inch_touch_all-in-one_business_firmware 02.21.00
hp eliteone_800_g3_23.8_non-touch_all-in-one_business_firmware 2.44
hp eliteone_800_g6_24_all-in-one_firmware 02.12.01
hp zbook_power_g9_firmware 01.03.00
hp zbook_15_g6_firmware 01.21.02
hp elite_x2_g8_firmware 01.10.00
hp elite_x360_830_g9_2-in-1_firmware 01.03.01
hp prodesk_600_g6_microtower_firmware 02.12.01
hp probook_630_g8_firmware 01.10.00
hp elitedesk_805_g8_small_form_factor_firmware 02.05.02
hp elitebook_1040_g3_firmware 1.57
hp zbook_15u_g5_firmware 01.21.01
hp prodesk_600_g6_desktop_mini_firmware 02.12.01
hp zbook_create_g7_firmware 01.10.00
hp prodesk_680_g6_firmware 02.12.01
hp elitebook_x360_1040_g5_firmware 01.21.01
hp elitebook_865_g9_firmware 01.02.01
hp elitedesk_800_g3_small_form_factor_firmware 2.44
hp elitedesk_705_g4_small_form_factor_firmware 02.20.00
hp zbook_fury_15_g7_firmware 01.10.00
hp elitebook_x360_1040_g8_firmware 01.10.00
hp mp9_g2_retail_system_firmware 2.59
hp rp9_g1_retail_system_firmware 2.59
hp prodesk_405_g8_small_form_factor_firmware 02.05.02
hp probook_445r_g6_firmware 01.21.01
hp elitebook_850_g6_firmware 01.21.01
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_firmware 02.21.00
hp elitebook_1040_g9_firmware 01.03.01
hp proone_400_g3_20-inch_touch_all-in-one_firmware 2.44
hp z2_mini_g5_workstation_firmware 01.04.07
hp elitebook_835_g9_firmware 01.02.01
hp elitebook_x360_830_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_firmware 2.44
hp proone_400_g5_23.8-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g6_22_all-in-one_firmware 02.12.01
hp elite_dragonfly_firmware 01.21.01
hp zbook_studio_x360_g5_firmware 01.21.02
hp elitedesk_800_g5_tower_firmware 02.15.00
hp probook_445_g6_firmware 01.21.01
hp eliteone_800_g8_24_all-in-one_firmware 02.09.01
hp zhan_66_pro_a_14_g5_firmware 01.08.01
hp prodesk_600_g2_small_form_factor_firmware 2.59
hp eliteone_800_g2_23-inch_non-touch_all-in-one_firmware 2.59
hp zhan_66_pro_14_g2_firmware 01.21.01
hp probook_x360_11_g7_ee_firmware 01.10.00
hp zbook_studio_g7_firmware 01.10.00
hp prodesk_600_g3_small_form_factor_firmware 2.44
hp zhan_66_pro_a_14_g4_firmware 01.10.00
hp proone_400_g4_20-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitebook_630_g9_firmware 01.04.00
hp elitebook_850_g8_firmware 01.10.00
hp proone_600_g2_21.5-inch_non-touch_all-in-one_firmware 2.59
hp elitebook_x360_830_g8_firmware 01.10.00
hp probook_640_g5_firmware 01.21.01
hp probook_640_g8_firmware 01.10.00
hp prodesk_400_g5_desktop_mini_firmware 02.15.00
hp probook_455_g9_firmware 01.08.01
hp prodesk_600_g4_small_form_factor_firmware 02.21.00
hp elitebook_840_aero_g8_firmware 01.10.00
hp elitedesk_800_g6_small_form_factor_firmware 02.12.01
hp elitedesk_800_35w_g4_desktop_mini_firmware 02.21.00
hp z2_tower_g5_workstation_firmware 01.04.07
hp elitebook_x360_830_g6_firmware 01.21.01
hp probook_645_g4_firmware 01.21.01
hp elite_x360_1040_g9_2-in-1_firmware 01.03.01
hp elitebook_830_g5_firmware 01.21.01
hp probook_455r_g6_firmware 01.21.01
hp prodesk_400_g7_small_form_factor_firmware 02.12.01
hp elitebook_830_g8_firmware 01.10.00
hp probook_x360_11_g6_ee_firmware 01.12.00
hp elitebook_830_g9_firmware 01.03.01
hp elitebook_840_g8_firmware 01.10.00
hp elitebook_840_g9_firmware 01.03.01
hp probook_x360_440_g1_firmware 01.21.01
hp elitebook_835_g7_firmware 01.10.00
hp probook_440_g8_firmware 01.10.00
hp pro_x360_fortis_g9_firmware 01.03.00
hp z1_entry_tower_g5_workstation_firmware 02.15.00
hp elitedesk_800_g2_small_form_factor_firmware 2.59
hp elitebook_840_g6_firmware 01.21.01
hp mt45_mobile_thin_client_firmware 01.21.10
hp eliteone_1000_g2_34-in_curved_all-in-one_business_firmware 02.21.00
hp prodesk_480_g4_microtower_firmware 2.44
hp zbook_studio_g9_firmware 01.03.01
hp eliteone_840_23.8_inch_g9_all-in-one_firmware 02.06.00
hp proone_440_g5_23.8-in_all-in-one_business_firmware 02.15.00
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_firmware 2.44
hp elitedesk_800_g4_small_form_factor_firmware 02.21.00
hp elite_tower_880_g9_firmware 02.05.01
hp probook_445_g9_firmware 01.08.01
hp zbook_firefly_15_g8_firmware 01.10.00
hp eliteone_800_g6_27_all-in-one_firmware 02.12.01
hp elitedesk_800_35w_g3_desktop_mini_firmware 2.44
hp probook_440_g9_firmware 01.04.00
hp proone_400_g6_24_all-in-one_firmware 02.12.01
hp prodesk_400_g5_small_form_factor_firmware 02.21.00
hp elite_dragonfly_max_firmware 01.10.00
hp elitedesk_805_g6_desktop_mini_firmware 02.09.01
hp prodesk_400_g4_microtower_firmware 2.44
hp probook_x360_11_g5_ee_firmware 01.11.00
hp probook_x360_435_g8_firmware 01.10.00
hp zhan_66_pro_14_g3_firmware 01.14.00
hp elitedesk_800_95w_g4_desktop_mini_firmware 02.20.01
hp prodesk_600_g2_desktop_mini_firmware 2.59
hp probook_455_g7_firmware 01.10.00
hp probook_x360_435_g7_firmware 01.10.01
hp eliteone_800_g4_23.8-inch_touch_all-in-one_firmware 02.21.00
hp probook_650_g5_firmware 01.21.01
hp elitedesk_800_g3_tower_firmware 2.44
hp mp9_g4_retail_system_firmware 02.21.00
hp zbook_fury_17_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_firmware 2.44
hp mt46_mobile_thin_client_firmware 01.10.00
hp zhan_66_pro_g3_22_all-in-one_firmware 02.12.01
hp elitebook_1030_g1_firmware 1.57
hp prodesk_600_g2_microtower_firmware 2.59
hp probook_fortis_g10_firmware 01.03.00
hp zbook_15u_g6_firmware 01.21.01
hp z2_tower_g4_workstation_firmware 01.08.03
hp pro_sff_400_g9_firmware 02.05.00
hp engage_flex_pro-c_retail_system_firmware 02.21.00
hp elitedesk_705_g4_workstation_firmware 02.19.01
hp eliteone_800_g8_27_all-in-one_firmware 02.09.01
hp prodesk_400_g4_small_form_factor_firmware 2.44
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_firmware 02.21.00
hp probook_650_g8_firmware 01.10.00
hp prodesk_600_g4_desktop_mini_firmware 02.21.00
hp zbook_studio_g8_firmware 01.10.00
hp elite_mini_800_g9_firmware 02.05.00
hp prodesk_480_g7_firmware 02.12.01
hp prodesk_400_g7_microtower_firmware 02.12.01
hp eliteone_800_g4_23.8-in_all-in-one_business_firmware 02.21.00
hp probook_450_g6_firmware 01.21.01
hp zbook_power_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_all-in-one_firmware 2.44
hp pro_tower_400_g9_firmware 02.05.00
hp prodesk_600_g5_desktop_mini_firmware 02.15.00
hp prodesk_400_g5_microtower_firmware 02.21.00
hp probook_455_g6_firmware 01.21.01
hp elite_slice_firmware 2.59
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_firmware 2.44
hp zhan_66_pro_a_14_g3_firmware 01.10.00
hp z1_g9_tower_firmware 02.05.01
hp elitedesk_705_g5_small_form_factor_firmware 02.15.00
hp elitebook_840r_g4_firmware 01.21.01
hp elitebook_840_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_all-in-one_business_firmware 2.44
hp prodesk_680_g3_microtower_firmware 2.44
hp elite_sff_600_g9_firmware 02.05.01
hp probook_455_g5_firmware 01.21.01
hp zbook_studio_g5_firmware 01.21.02
hp zbook_firefly_14_g9_firmware 01.03.01
hp elitedesk_705_g3_firmware 2.41
hp elite_dragonfly_g3_firmware 01.03.01
hp elitebook_745_g5_firmware 01.21.01
hp elitebook_860_g9_firmware 01.03.01
hp zhan_66_pro_15_g3_firmware 01.14.00
hp elitedesk_800_g8_small_form_factor_firmware 02.09.01
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_firmware 2.44
hp zbook_firefly_16_g9_firmware 01.03.01
hp elitebook_755_g5_firmware 01.21.01
hp pro_x360_fortis_g10_firmware 01.03.00
hp proone_480_g3_20-inch_non-touch_all-in_one_firmware 2.44
hp zbook_firefly_14_g8_firmware 01.10.00
hp elite_folio_2-in-1_firmware not_impacted
hp elite_x2_1012_g2_firmware 1.43
hp elitebook_x360_830_g7_firmware 01.10.00
hp prodesk_480_g5_microtower_firmware 02.21.00
hp elitebook_846_g5_firmware 01.21.01
hp elitebook_x360_1030_g7_firmware 01.10.00
hp prodesk_400_g3_desktop_mini_firmware 2.44
hp elite_tower_680_g9_firmware 02.05.01
hp elitebook_850_g7_firmware 01.10.00
hp elite_tower_600_g9_firmware 02.05.01
hp z2_small_form_factor_g4_workstation_firmware 01.08.03
hp zbook_17_g6_firmware 01.21.02
hp proone_400_g2_20-inch_touch_all-in-one_firmware 2.59
hp prodesk_680_g4_microtower_firmware 02.21.00
hp proone_600_g3_21.5-inch_non-touch_all-in-one_firmware 2.44
hp probook_450_g7_firmware 01.14.00
hp elite_tower_800_g9_firmware 02.05.01
hp proone_600_g2_21.5-inch_touch_all-in-one_firmware 2.59
hp prodesk_400_g6_small_form_factor_firmware 02.15.00
hp probook_430_g8_firmware 01.10.00
hp elitedesk_800_g5_small_form_factor_firmware 02.15.00
hp elitedesk_705_g4_desktop_mini_firmware 02.20.00
hp zbook_14u_g5_firmware 01.21.01
hp proone_440_23.8_inch_g9_all-in-one_firmware 02.05.00
hp probook_640_g4_firmware 01.21.01
hp engage_one_aio_system_firmware 2.44
hp probook_430_g7_firmware 01.14.00
hp elitedesk_800_65w_g3_desktop_mini_firmware 2.44
hp probook_445_g8_firmware 01.10.00
hp elite_dragonfly_g2_firmware 01.10.00
hp elitebook_845_g8_firmware 01.10.00
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_firmware 02.21.00
hp elitebook_830_g6_firmware 01.21.01
hp elitebook_x360_1030_g3_firmware 01.21.01
hp elitedesk_705_g4_microtower_firmware 02.20.00
hp elitebook_650_g9_firmware 01.04.00
hp zbook_fury_17_g7_firmware 01.10.00
hp eliteone_800_g2_23-inch_touch_all-in-one_firmware 2.59
hp zbook_fury_15_g8_firmware 01.10.00
hp probook_450_g9_firmware 01.04.00
hp elitedesk_805_g8_desktop_mini_firmware 02.05.02
hp elitebook_640_g9_firmware 01.04.00
hp elitebook_836_g5_firmware 01.21.01
hp zbook_firefly_14_g7_firmware 01.10.00
CVE-2022-31645

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp z1_entry_tower_g6_workstation_firmware 02.12.01
hp probook_445_g7_firmware 01.10.00
hp zbook_fury_16_g9_firmware 01.03.02
hp probook_450_g5_firmware 01.21.01
hp elitebook_836_g6_firmware 01.21.01
hp elite_slice_g2_firmware 2.59
hp elitebook_645_g9_firmware 01.08.01
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_firmware 02.21.00
hp elitedesk_880_g3_tower_firmware 2.44
hp probook_430_g6_firmware 01.21.01
hp engage_go_10_mobile_system_firmware 01.10.00
hp elitebook_845_g7_firmware 01.10.00
hp zhan_x_13_g2_firmware 01.21.01
hp eliteone_1000_g2_23.8-in_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g6_desktop_mini_firmware 02.12.01
hp probook_470_g5_firmware 01.21.01
hp elitebook_735_g6_firmware 01.21.01
hp prodesk_405_g8_desktop_mini_firmware 02.05.02
hp elitedesk_705_g5_desktop_mini_firmware 02.15.00
hp elite_x2_1013_g3_firmware 01.21.01
hp elitedesk_800_g8_desktop_mini_firmware 02.09.01
hp probook_440_g6_firmware 01.21.01
hp prodesk_405_g6_desktop_mini_firmware 02.09.01
hp engage_go_mobile_system_firmware 01.21.01
hp mt44_mobile_thin_client_firmware 01.21.01
hp elitebook_855_g7_firmware 01.10.00
hp engage_flex_mini_retail_system_firmware 02.12.01
hp prodesk_600_g5_small_form_factor_firmware 02.15.00
hp z2_tower_g8_workstation_firmware 01.06.00
hp z1_g8_tower_firmware 02.09.01
hp elitebook_850_g5_firmware 01.21.01
hp probook_430_g5_firmware 01.21.01
hp zbook_14u_g6_firmware 01.21.01
hp probook_440_g5_firmware 01.21.01
hp elitedesk_800_65w_g2_desktop_mini_firmware 2.59
hp elitebook_830_g7_firmware 01.10.00
hp zbook_15_g5_firmware 01.21.02
hp probook_440_g7_firmware 01.14.00
hp probook_fortis_g9_firmware 01.03.00
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g4_workstation_firmware 02.20.01
hp elite_x2_1012_g1_firmware 1.57
hp elite_x2_g4_firmware 01.21.01
hp elitedesk_800_35w_g2_desktop_mini_firmware 2.59
hp prodesk_405_g6_small_form_factor_firmware 02.09.01
hp elitedesk_800_g5_desktop_mini_firmware 02.15.00
hp elitedesk_880_g6_tower_firmware 02.12.01
hp probook_650_g4_firmware 01.21.01
hp prodesk_400_g4_desktop_mini_firmware 02.21.00
hp elitebook_745_g6_firmware 01.21.01
hp prodesk_405_g4_desktop_mini_firmware 02.20.00
hp prodesk_405_g4_small_form_factor_firmware 02.20.00
hp pro_mini_400_g9_firmware 02.05.00
hp elitebook_1040_g4_firmware 1.44
hp prodesk_400_g6_desktop_mini_firmware 02.12.01
hp proone_600_g5_21.5-in_all-in-one_business_firmware 02.15.00
hp elitebook_x360_1030_g8_firmware 01.10.00
hp z2_small_form_factor_g8_workstation_firmware 01.06.00
hp zhan_66_pro_14_g4_firmware 01.10.00
hp elitedesk_800_g6_tower_firmware 02.12.01
hp probook_x360_11_g4_ee_firmware 01.16.00
hp elitedesk_880_g8_tower_firmware 02.09.01
hp prodesk_600_g4_microtower_firmware 02.21.00
hp elitedesk_880_g4_tower_firmware 02.21.00
hp pro_tower_480_g9_firmware 02.05.00
hp elitebook_x360_1040_g7_firmware 01.10.00
hp zhan_66_pro_g1_firmware 01.21.01
hp zbook_17_g5_firmware 01.21.02
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_firmware 02.21.00
hp zhan_66_pro_g3_24_all-in-one_firmware 02.12.01
hp zbook_firefly_15_g7_firmware 01.10.00
hp zhan_66_pro_13_g2_firmware 01.21.01
hp prodesk_600_g3_microtower_firmware 2.44
hp prodesk_600_g6_small_form_factor_firmware 02.12.01
hp elitebook_x360_1030_g4_firmware 01.21.01
hp engage_one_pro_aio_system_firmware 02.12.01
hp elitebook_840_g7_firmware 01.10.00
hp elite_mini_600_g9_firmware 02.05.00
hp elitebook_855_g8_firmware 01.10.00
hp probook_635_aero_g8_firmware 01.10.00
hp eliteone_800_g5_23.8-inch_all-in-one_firmware 02.15.00
hp prodesk_600_g5_microtower_firmware 02.15.00
hp elitebook_835_g8_firmware 01.10.00
hp probook_640_g7_firmware 01.10.00
hp proone_440_g6_24_all-in-one_firmware 02.12.01
hp probook_455_g8_firmware 01.10.00
hp zhan_66_pro_g5_firmware 01.04.00
hp probook_450_g8_firmware 01.10.00
hp zhan_66_pro_15_g2_firmware 01.21.01
hp elitebook_1050_g1_firmware 01.22.00
hp elitebook_735_g5_firmware 01.21.01
hp eliteone_1000_g1_34-in_curved_all-in-one_business_firmware 2.44
hp elitebook_655_g9_firmware 01.08.01
hp z2_small_form_factor_g5_workstation_firmware 01.04.07
hp prodesk_480_g6_microtower_firmware 02.15.00
hp elitedesk_800_g4_tower_firmware 02.21.00
hp prodesk_400_g6_microtower_firmware 02.15.00
hp elitedesk_800_g8_tower_firmware 02.09.01
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp probook_650_g7_firmware 01.10.00
hp elitedesk_805_g6_small_form_factor_firmware 02.09.01
hp z2_mini_g4_workstation_firmware 01.08.03
hp proone_400_g2_20-inch_non-touch_all-in-one_firmware 2.59
hp elitedesk_800_65w_g4_desktop_mini_firmware 02.20.01
hp engage_flex_pro_retail_system_firmware 02.21.00
hp elitebook_x360_1040_g6_firmware 01.21.01
hp prodesk_680_g2_microtower_firmware 2.59
hp elitedesk_880_g5_tower_firmware 02.15.00
hp prodesk_600_g6_firmware 02.12.01
hp probook_x360_11_g3_ee_firmware 01.20.00
hp proone_400_g6_20_all-in-one_firmware 02.12.01
hp proone_400_g3_20-inch_non-touch_all-in-one_firmware 2.44
hp dragonfly_folio_g3_2-in-1_firmware 01.01.03
hp elitebook_845_g9_firmware 01.02.01
hp elite_sff_800_g9_firmware 02.05.01
hp prodesk_600_g3_desktop_mini_firmware 2.44
hp eliteone_800_g5_23.8-in_all-in-one_firmware 02.15.00
hp zbook_power_g7_firmware 01.10.00
hp proone_400_g5_20-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g4_21.5-inch_touch_all-in-one_business_firmware 02.21.00
hp eliteone_800_g3_23.8_non-touch_all-in-one_business_firmware 2.44
hp eliteone_800_g6_24_all-in-one_firmware 02.12.01
hp zbook_power_g9_firmware 01.03.00
hp zbook_15_g6_firmware 01.21.02
hp elite_x2_g8_firmware 01.10.00
hp elite_x360_830_g9_2-in-1_firmware 01.03.01
hp prodesk_600_g6_microtower_firmware 02.12.01
hp probook_630_g8_firmware 01.10.00
hp elitedesk_805_g8_small_form_factor_firmware 02.05.02
hp elitebook_1040_g3_firmware 1.57
hp zbook_15u_g5_firmware 01.21.01
hp prodesk_600_g6_desktop_mini_firmware 02.12.01
hp zbook_create_g7_firmware 01.10.00
hp prodesk_680_g6_firmware 02.12.01
hp elitebook_x360_1040_g5_firmware 01.21.01
hp elitebook_865_g9_firmware 01.02.01
hp elitedesk_800_g3_small_form_factor_firmware 2.44
hp elitedesk_705_g4_small_form_factor_firmware 02.20.00
hp zbook_fury_15_g7_firmware 01.10.00
hp elitebook_x360_1040_g8_firmware 01.10.00
hp mp9_g2_retail_system_firmware 2.59
hp rp9_g1_retail_system_firmware 2.59
hp prodesk_405_g8_small_form_factor_firmware 02.05.02
hp probook_445r_g6_firmware 01.21.01
hp elitebook_850_g6_firmware 01.21.01
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_firmware 02.21.00
hp elitebook_1040_g9_firmware 01.03.01
hp proone_400_g3_20-inch_touch_all-in-one_firmware 2.44
hp z2_mini_g5_workstation_firmware 01.04.07
hp elitebook_835_g9_firmware 01.02.01
hp elitebook_x360_830_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_firmware 2.44
hp proone_400_g5_23.8-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g6_22_all-in-one_firmware 02.12.01
hp elite_dragonfly_firmware 01.21.01
hp zbook_studio_x360_g5_firmware 01.21.02
hp elitedesk_800_g5_tower_firmware 02.15.00
hp probook_445_g6_firmware 01.21.01
hp eliteone_800_g8_24_all-in-one_firmware 02.09.01
hp zhan_66_pro_a_14_g5_firmware 01.08.01
hp prodesk_600_g2_small_form_factor_firmware 2.59
hp eliteone_800_g2_23-inch_non-touch_all-in-one_firmware 2.59
hp zhan_66_pro_14_g2_firmware 01.21.01
hp probook_x360_11_g7_ee_firmware 01.10.00
hp zbook_studio_g7_firmware 01.10.00
hp prodesk_600_g3_small_form_factor_firmware 2.44
hp zhan_66_pro_a_14_g4_firmware 01.10.00
hp proone_400_g4_20-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitebook_630_g9_firmware 01.04.00
hp elitebook_850_g8_firmware 01.10.00
hp proone_600_g2_21.5-inch_non-touch_all-in-one_firmware 2.59
hp elitebook_x360_830_g8_firmware 01.10.00
hp probook_640_g5_firmware 01.21.01
hp probook_640_g8_firmware 01.10.00
hp prodesk_400_g5_desktop_mini_firmware 02.15.00
hp probook_455_g9_firmware 01.08.01
hp prodesk_600_g4_small_form_factor_firmware 02.21.00
hp elitebook_840_aero_g8_firmware 01.10.00
hp elitedesk_800_g6_small_form_factor_firmware 02.12.01
hp elitedesk_800_35w_g4_desktop_mini_firmware 02.21.00
hp z2_tower_g5_workstation_firmware 01.04.07
hp elitebook_x360_830_g6_firmware 01.21.01
hp probook_645_g4_firmware 01.21.01
hp elite_x360_1040_g9_2-in-1_firmware 01.03.01
hp elitebook_830_g5_firmware 01.21.01
hp probook_455r_g6_firmware 01.21.01
hp prodesk_400_g7_small_form_factor_firmware 02.12.01
hp elitebook_830_g8_firmware 01.10.00
hp probook_x360_11_g6_ee_firmware 01.12.00
hp elitebook_830_g9_firmware 01.03.01
hp elitebook_840_g8_firmware 01.10.00
hp elitebook_840_g9_firmware 01.03.01
hp probook_x360_440_g1_firmware 01.21.01
hp elitebook_835_g7_firmware 01.10.00
hp probook_440_g8_firmware 01.10.00
hp pro_x360_fortis_g9_firmware 01.03.00
hp z1_entry_tower_g5_workstation_firmware 02.15.00
hp elitedesk_800_g2_small_form_factor_firmware 2.59
hp elitebook_840_g6_firmware 01.21.01
hp mt45_mobile_thin_client_firmware 01.21.10
hp eliteone_1000_g2_34-in_curved_all-in-one_business_firmware 02.21.00
hp prodesk_480_g4_microtower_firmware 2.44
hp zbook_studio_g9_firmware 01.03.01
hp eliteone_840_23.8_inch_g9_all-in-one_firmware 02.06.00
hp proone_440_g5_23.8-in_all-in-one_business_firmware 02.15.00
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_firmware 2.44
hp elitedesk_800_g4_small_form_factor_firmware 02.21.00
hp elite_tower_880_g9_firmware 02.05.01
hp probook_445_g9_firmware 01.08.01
hp zbook_firefly_15_g8_firmware 01.10.00
hp eliteone_800_g6_27_all-in-one_firmware 02.12.01
hp elitedesk_800_35w_g3_desktop_mini_firmware 2.44
hp probook_440_g9_firmware 01.04.00
hp proone_400_g6_24_all-in-one_firmware 02.12.01
hp prodesk_400_g5_small_form_factor_firmware 02.21.00
hp elite_dragonfly_max_firmware 01.10.00
hp elitedesk_805_g6_desktop_mini_firmware 02.09.01
hp prodesk_400_g4_microtower_firmware 2.44
hp probook_x360_11_g5_ee_firmware 01.11.00
hp probook_x360_435_g8_firmware 01.10.00
hp zhan_66_pro_14_g3_firmware 01.14.00
hp elitedesk_800_95w_g4_desktop_mini_firmware 02.20.01
hp prodesk_600_g2_desktop_mini_firmware 2.59
hp probook_455_g7_firmware 01.10.00
hp probook_x360_435_g7_firmware 01.10.01
hp eliteone_800_g4_23.8-inch_touch_all-in-one_firmware 02.21.00
hp probook_650_g5_firmware 01.21.01
hp elitedesk_800_g3_tower_firmware 2.44
hp mp9_g4_retail_system_firmware 02.21.00
hp zbook_fury_17_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_firmware 2.44
hp mt46_mobile_thin_client_firmware 01.10.00
hp zhan_66_pro_g3_22_all-in-one_firmware 02.12.01
hp elitebook_1030_g1_firmware 1.57
hp prodesk_600_g2_microtower_firmware 2.59
hp probook_fortis_g10_firmware 01.03.00
hp zbook_15u_g6_firmware 01.21.01
hp z2_tower_g4_workstation_firmware 01.08.03
hp pro_sff_400_g9_firmware 02.05.00
hp engage_flex_pro-c_retail_system_firmware 02.21.00
hp elitedesk_705_g4_workstation_firmware 02.19.01
hp eliteone_800_g8_27_all-in-one_firmware 02.09.01
hp prodesk_400_g4_small_form_factor_firmware 2.44
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_firmware 02.21.00
hp probook_650_g8_firmware 01.10.00
hp prodesk_600_g4_desktop_mini_firmware 02.21.00
hp zbook_studio_g8_firmware 01.10.00
hp elite_mini_800_g9_firmware 02.05.00
hp prodesk_480_g7_firmware 02.12.01
hp prodesk_400_g7_microtower_firmware 02.12.01
hp eliteone_800_g4_23.8-in_all-in-one_business_firmware 02.21.00
hp probook_450_g6_firmware 01.21.01
hp zbook_power_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_all-in-one_firmware 2.44
hp pro_tower_400_g9_firmware 02.05.00
hp prodesk_600_g5_desktop_mini_firmware 02.15.00
hp prodesk_400_g5_microtower_firmware 02.21.00
hp probook_455_g6_firmware 01.21.01
hp elite_slice_firmware 2.59
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_firmware 2.44
hp zhan_66_pro_a_14_g3_firmware 01.10.00
hp z1_g9_tower_firmware 02.05.01
hp elitedesk_705_g5_small_form_factor_firmware 02.15.00
hp elitebook_840r_g4_firmware 01.21.01
hp elitebook_840_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_all-in-one_business_firmware 2.44
hp prodesk_680_g3_microtower_firmware 2.44
hp elite_sff_600_g9_firmware 02.05.01
hp probook_455_g5_firmware 01.21.01
hp zbook_studio_g5_firmware 01.21.02
hp zbook_firefly_14_g9_firmware 01.03.01
hp elitedesk_705_g3_firmware 2.41
hp elite_dragonfly_g3_firmware 01.03.01
hp elitebook_745_g5_firmware 01.21.01
hp elitebook_860_g9_firmware 01.03.01
hp zhan_66_pro_15_g3_firmware 01.14.00
hp elitedesk_800_g8_small_form_factor_firmware 02.09.01
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_firmware 2.44
hp zbook_firefly_16_g9_firmware 01.03.01
hp elitebook_755_g5_firmware 01.21.01
hp pro_x360_fortis_g10_firmware 01.03.00
hp proone_480_g3_20-inch_non-touch_all-in_one_firmware 2.44
hp zbook_firefly_14_g8_firmware 01.10.00
hp elite_folio_2-in-1_firmware not_impacted
hp elite_x2_1012_g2_firmware 1.43
hp elitebook_x360_830_g7_firmware 01.10.00
hp prodesk_480_g5_microtower_firmware 02.21.00
hp elitebook_846_g5_firmware 01.21.01
hp elitebook_x360_1030_g7_firmware 01.10.00
hp prodesk_400_g3_desktop_mini_firmware 2.44
hp elite_tower_680_g9_firmware 02.05.01
hp elitebook_850_g7_firmware 01.10.00
hp elite_tower_600_g9_firmware 02.05.01
hp z2_small_form_factor_g4_workstation_firmware 01.08.03
hp zbook_17_g6_firmware 01.21.02
hp proone_400_g2_20-inch_touch_all-in-one_firmware 2.59
hp prodesk_680_g4_microtower_firmware 02.21.00
hp proone_600_g3_21.5-inch_non-touch_all-in-one_firmware 2.44
hp probook_450_g7_firmware 01.14.00
hp elite_tower_800_g9_firmware 02.05.01
hp proone_600_g2_21.5-inch_touch_all-in-one_firmware 2.59
hp prodesk_400_g6_small_form_factor_firmware 02.15.00
hp probook_430_g8_firmware 01.10.00
hp elitedesk_800_g5_small_form_factor_firmware 02.15.00
hp elitedesk_705_g4_desktop_mini_firmware 02.20.00
hp zbook_14u_g5_firmware 01.21.01
hp proone_440_23.8_inch_g9_all-in-one_firmware 02.05.00
hp probook_640_g4_firmware 01.21.01
hp engage_one_aio_system_firmware 2.44
hp probook_430_g7_firmware 01.14.00
hp elitedesk_800_65w_g3_desktop_mini_firmware 2.44
hp probook_445_g8_firmware 01.10.00
hp elite_dragonfly_g2_firmware 01.10.00
hp elitebook_845_g8_firmware 01.10.00
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_firmware 02.21.00
hp elitebook_830_g6_firmware 01.21.01
hp elitebook_x360_1030_g3_firmware 01.21.01
hp elitedesk_705_g4_microtower_firmware 02.20.00
hp elitebook_650_g9_firmware 01.04.00
hp zbook_fury_17_g7_firmware 01.10.00
hp eliteone_800_g2_23-inch_touch_all-in-one_firmware 2.59
hp zbook_fury_15_g8_firmware 01.10.00
hp probook_450_g9_firmware 01.04.00
hp elitedesk_805_g8_desktop_mini_firmware 02.05.02
hp elitebook_640_g9_firmware 01.04.00
hp elitebook_836_g5_firmware 01.21.01
hp zbook_firefly_14_g7_firmware 01.10.00
CVE-2022-31646

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp z1_entry_tower_g6_workstation_firmware 02.12.01
hp probook_445_g7_firmware 01.10.00
hp zbook_fury_16_g9_firmware 01.03.02
hp probook_450_g5_firmware 01.21.01
hp elitebook_836_g6_firmware 01.21.01
hp elite_slice_g2_firmware 2.59
hp elitebook_645_g9_firmware 01.08.01
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_firmware 02.21.00
hp elitedesk_880_g3_tower_firmware 2.44
hp probook_430_g6_firmware 01.21.01
hp engage_go_10_mobile_system_firmware 01.10.00
hp elitebook_845_g7_firmware 01.10.00
hp zhan_x_13_g2_firmware 01.21.01
hp eliteone_1000_g2_23.8-in_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g6_desktop_mini_firmware 02.12.01
hp probook_470_g5_firmware 01.21.01
hp elitebook_735_g6_firmware 01.21.01
hp prodesk_405_g8_desktop_mini_firmware 02.05.02
hp elitedesk_705_g5_desktop_mini_firmware 02.15.00
hp elite_x2_1013_g3_firmware 01.21.01
hp elitedesk_800_g8_desktop_mini_firmware 02.09.01
hp probook_440_g6_firmware 01.21.01
hp prodesk_405_g6_desktop_mini_firmware 02.09.01
hp engage_go_mobile_system_firmware 01.21.01
hp mt44_mobile_thin_client_firmware 01.21.01
hp elitebook_855_g7_firmware 01.10.00
hp engage_flex_mini_retail_system_firmware 02.12.01
hp prodesk_600_g5_small_form_factor_firmware 02.15.00
hp z2_tower_g8_workstation_firmware 01.06.00
hp z1_g8_tower_firmware 02.09.01
hp elitebook_850_g5_firmware 01.21.01
hp probook_430_g5_firmware 01.21.01
hp zbook_14u_g6_firmware 01.21.01
hp probook_440_g5_firmware 01.21.01
hp elitedesk_800_65w_g2_desktop_mini_firmware 2.59
hp elitebook_830_g7_firmware 01.10.00
hp zbook_15_g5_firmware 01.21.02
hp probook_440_g7_firmware 01.14.00
hp probook_fortis_g9_firmware 01.03.00
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitedesk_800_g4_workstation_firmware 02.20.01
hp elite_x2_1012_g1_firmware 1.57
hp elite_x2_g4_firmware 01.21.01
hp elitedesk_800_35w_g2_desktop_mini_firmware 2.59
hp prodesk_405_g6_small_form_factor_firmware 02.09.01
hp elitedesk_800_g5_desktop_mini_firmware 02.15.00
hp elitedesk_880_g6_tower_firmware 02.12.01
hp probook_650_g4_firmware 01.21.01
hp prodesk_400_g4_desktop_mini_firmware 02.21.00
hp elitebook_745_g6_firmware 01.21.01
hp prodesk_405_g4_desktop_mini_firmware 02.20.00
hp prodesk_405_g4_small_form_factor_firmware 02.20.00
hp pro_mini_400_g9_firmware 02.05.00
hp elitebook_1040_g4_firmware 1.44
hp prodesk_400_g6_desktop_mini_firmware 02.12.01
hp proone_600_g5_21.5-in_all-in-one_business_firmware 02.15.00
hp elitebook_x360_1030_g8_firmware 01.10.00
hp z2_small_form_factor_g8_workstation_firmware 01.06.00
hp zhan_66_pro_14_g4_firmware 01.10.00
hp elitedesk_800_g6_tower_firmware 02.12.01
hp probook_x360_11_g4_ee_firmware 01.16.00
hp elitedesk_880_g8_tower_firmware 02.09.01
hp prodesk_600_g4_microtower_firmware 02.21.00
hp elitedesk_880_g4_tower_firmware 02.21.00
hp pro_tower_480_g9_firmware 02.05.00
hp elitebook_x360_1040_g7_firmware 01.10.00
hp zhan_66_pro_g1_firmware 01.21.01
hp zbook_17_g5_firmware 01.21.02
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_firmware 02.21.00
hp zhan_66_pro_g3_24_all-in-one_firmware 02.12.01
hp zbook_firefly_15_g7_firmware 01.10.00
hp zhan_66_pro_13_g2_firmware 01.21.01
hp prodesk_600_g3_microtower_firmware 2.44
hp prodesk_600_g6_small_form_factor_firmware 02.12.01
hp elitebook_x360_1030_g4_firmware 01.21.01
hp engage_one_pro_aio_system_firmware 02.12.01
hp elitebook_840_g7_firmware 01.10.00
hp elite_mini_600_g9_firmware 02.05.00
hp elitebook_855_g8_firmware 01.10.00
hp probook_635_aero_g8_firmware 01.10.00
hp eliteone_800_g5_23.8-inch_all-in-one_firmware 02.15.00
hp prodesk_600_g5_microtower_firmware 02.15.00
hp elitebook_835_g8_firmware 01.10.00
hp probook_640_g7_firmware 01.10.00
hp proone_440_g6_24_all-in-one_firmware 02.12.01
hp probook_455_g8_firmware 01.10.00
hp zhan_66_pro_g5_firmware 01.04.00
hp probook_450_g8_firmware 01.10.00
hp zhan_66_pro_15_g2_firmware 01.21.01
hp elitebook_1050_g1_firmware 01.22.00
hp elitebook_735_g5_firmware 01.21.01
hp eliteone_1000_g1_34-in_curved_all-in-one_business_firmware 2.44
hp elitebook_655_g9_firmware 01.08.01
hp z2_small_form_factor_g5_workstation_firmware 01.04.07
hp prodesk_480_g6_microtower_firmware 02.15.00
hp elitedesk_800_g4_tower_firmware 02.21.00
hp prodesk_400_g6_microtower_firmware 02.15.00
hp elitedesk_800_g8_tower_firmware 02.09.01
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_firmware 02.21.00
hp probook_650_g7_firmware 01.10.00
hp elitedesk_805_g6_small_form_factor_firmware 02.09.01
hp z2_mini_g4_workstation_firmware 01.08.03
hp proone_400_g2_20-inch_non-touch_all-in-one_firmware 2.59
hp elitedesk_800_65w_g4_desktop_mini_firmware 02.20.01
hp engage_flex_pro_retail_system_firmware 02.21.00
hp elitebook_x360_1040_g6_firmware 01.21.01
hp prodesk_680_g2_microtower_firmware 2.59
hp elitedesk_880_g5_tower_firmware 02.15.00
hp prodesk_600_g6_firmware 02.12.01
hp probook_x360_11_g3_ee_firmware 01.20.00
hp proone_400_g6_20_all-in-one_firmware 02.12.01
hp proone_400_g3_20-inch_non-touch_all-in-one_firmware 2.44
hp dragonfly_folio_g3_2-in-1_firmware 01.01.03
hp elitebook_845_g9_firmware 01.02.01
hp elite_sff_800_g9_firmware 02.05.01
hp prodesk_600_g3_desktop_mini_firmware 2.44
hp eliteone_800_g5_23.8-in_all-in-one_firmware 02.15.00
hp zbook_power_g7_firmware 01.10.00
hp proone_400_g5_20-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g4_21.5-inch_touch_all-in-one_business_firmware 02.21.00
hp eliteone_800_g3_23.8_non-touch_all-in-one_business_firmware 2.44
hp eliteone_800_g6_24_all-in-one_firmware 02.12.01
hp zbook_power_g9_firmware 01.03.00
hp zbook_15_g6_firmware 01.21.02
hp elite_x2_g8_firmware 01.10.00
hp elite_x360_830_g9_2-in-1_firmware 01.03.01
hp prodesk_600_g6_microtower_firmware 02.12.01
hp probook_630_g8_firmware 01.10.00
hp elitedesk_805_g8_small_form_factor_firmware 02.05.02
hp elitebook_1040_g3_firmware 1.57
hp zbook_15u_g5_firmware 01.21.01
hp prodesk_600_g6_desktop_mini_firmware 02.12.01
hp zbook_create_g7_firmware 01.10.00
hp prodesk_680_g6_firmware 02.12.01
hp elitebook_x360_1040_g5_firmware 01.21.01
hp elitebook_865_g9_firmware 01.02.01
hp elitedesk_800_g3_small_form_factor_firmware 2.44
hp elitedesk_705_g4_small_form_factor_firmware 02.20.00
hp zbook_fury_15_g7_firmware 01.10.00
hp elitebook_x360_1040_g8_firmware 01.10.00
hp mp9_g2_retail_system_firmware 2.59
hp rp9_g1_retail_system_firmware 2.59
hp prodesk_405_g8_small_form_factor_firmware 02.05.02
hp probook_445r_g6_firmware 01.21.01
hp elitebook_850_g6_firmware 01.21.01
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_firmware 02.21.00
hp elitebook_1040_g9_firmware 01.03.01
hp proone_400_g3_20-inch_touch_all-in-one_firmware 2.44
hp z2_mini_g5_workstation_firmware 01.04.07
hp elitebook_835_g9_firmware 01.02.01
hp elitebook_x360_830_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_firmware 2.44
hp proone_400_g5_23.8-inch_all-in-one_business_firmware 02.15.00
hp proone_600_g6_22_all-in-one_firmware 02.12.01
hp elite_dragonfly_firmware 01.21.01
hp zbook_studio_x360_g5_firmware 01.21.02
hp elitedesk_800_g5_tower_firmware 02.15.00
hp probook_445_g6_firmware 01.21.01
hp eliteone_800_g8_24_all-in-one_firmware 02.09.01
hp zhan_66_pro_a_14_g5_firmware 01.08.01
hp prodesk_600_g2_small_form_factor_firmware 2.59
hp eliteone_800_g2_23-inch_non-touch_all-in-one_firmware 2.59
hp zhan_66_pro_14_g2_firmware 01.21.01
hp probook_x360_11_g7_ee_firmware 01.10.00
hp zbook_studio_g7_firmware 01.10.00
hp prodesk_600_g3_small_form_factor_firmware 2.44
hp zhan_66_pro_a_14_g4_firmware 01.10.00
hp proone_400_g4_20-inch_non-touch_all-in-one_business_firmware 02.21.00
hp elitebook_630_g9_firmware 01.04.00
hp elitebook_850_g8_firmware 01.10.00
hp proone_600_g2_21.5-inch_non-touch_all-in-one_firmware 2.59
hp elitebook_x360_830_g8_firmware 01.10.00
hp probook_640_g5_firmware 01.21.01
hp probook_640_g8_firmware 01.10.00
hp prodesk_400_g5_desktop_mini_firmware 02.15.00
hp probook_455_g9_firmware 01.08.01
hp prodesk_600_g4_small_form_factor_firmware 02.21.00
hp elitebook_840_aero_g8_firmware 01.10.00
hp elitedesk_800_g6_small_form_factor_firmware 02.12.01
hp elitedesk_800_35w_g4_desktop_mini_firmware 02.21.00
hp z2_tower_g5_workstation_firmware 01.04.07
hp elitebook_x360_830_g6_firmware 01.21.01
hp probook_645_g4_firmware 01.21.01
hp elite_x360_1040_g9_2-in-1_firmware 01.03.01
hp elitebook_830_g5_firmware 01.21.01
hp probook_455r_g6_firmware 01.21.01
hp prodesk_400_g7_small_form_factor_firmware 02.12.01
hp elitebook_830_g8_firmware 01.10.00
hp probook_x360_11_g6_ee_firmware 01.12.00
hp elitebook_830_g9_firmware 01.03.01
hp elitebook_840_g8_firmware 01.10.00
hp elitebook_840_g9_firmware 01.03.01
hp probook_x360_440_g1_firmware 01.21.01
hp elitebook_835_g7_firmware 01.10.00
hp probook_440_g8_firmware 01.10.00
hp pro_x360_fortis_g9_firmware 01.03.00
hp z1_entry_tower_g5_workstation_firmware 02.15.00
hp elitedesk_800_g2_small_form_factor_firmware 2.59
hp elitebook_840_g6_firmware 01.21.01
hp mt45_mobile_thin_client_firmware 01.21.10
hp eliteone_1000_g2_34-in_curved_all-in-one_business_firmware 02.21.00
hp prodesk_480_g4_microtower_firmware 2.44
hp zbook_studio_g9_firmware 01.03.01
hp eliteone_840_23.8_inch_g9_all-in-one_firmware 02.06.00
hp proone_440_g5_23.8-in_all-in-one_business_firmware 02.15.00
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_firmware 2.44
hp elitedesk_800_g4_small_form_factor_firmware 02.21.00
hp elite_tower_880_g9_firmware 02.05.01
hp probook_445_g9_firmware 01.08.01
hp zbook_firefly_15_g8_firmware 01.10.00
hp eliteone_800_g6_27_all-in-one_firmware 02.12.01
hp elitedesk_800_35w_g3_desktop_mini_firmware 2.44
hp probook_440_g9_firmware 01.04.00
hp proone_400_g6_24_all-in-one_firmware 02.12.01
hp prodesk_400_g5_small_form_factor_firmware 02.21.00
hp elite_dragonfly_max_firmware 01.10.00
hp elitedesk_805_g6_desktop_mini_firmware 02.09.01
hp prodesk_400_g4_microtower_firmware 2.44
hp probook_x360_11_g5_ee_firmware 01.11.00
hp probook_x360_435_g8_firmware 01.10.00
hp zhan_66_pro_14_g3_firmware 01.14.00
hp elitedesk_800_95w_g4_desktop_mini_firmware 02.20.01
hp prodesk_600_g2_desktop_mini_firmware 2.59
hp probook_455_g7_firmware 01.10.00
hp probook_x360_435_g7_firmware 01.10.01
hp eliteone_800_g4_23.8-inch_touch_all-in-one_firmware 02.21.00
hp probook_650_g5_firmware 01.21.01
hp elitedesk_800_g3_tower_firmware 2.44
hp mp9_g4_retail_system_firmware 02.21.00
hp zbook_fury_17_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_firmware 2.44
hp mt46_mobile_thin_client_firmware 01.10.00
hp zhan_66_pro_g3_22_all-in-one_firmware 02.12.01
hp elitebook_1030_g1_firmware 1.57
hp prodesk_600_g2_microtower_firmware 2.59
hp probook_fortis_g10_firmware 01.03.00
hp zbook_15u_g6_firmware 01.21.01
hp z2_tower_g4_workstation_firmware 01.08.03
hp pro_sff_400_g9_firmware 02.05.00
hp engage_flex_pro-c_retail_system_firmware 02.21.00
hp elitedesk_705_g4_workstation_firmware 02.19.01
hp eliteone_800_g8_27_all-in-one_firmware 02.09.01
hp prodesk_400_g4_small_form_factor_firmware 2.44
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_firmware 02.21.00
hp probook_650_g8_firmware 01.10.00
hp prodesk_600_g4_desktop_mini_firmware 02.21.00
hp zbook_studio_g8_firmware 01.10.00
hp elite_mini_800_g9_firmware 02.05.00
hp prodesk_480_g7_firmware 02.12.01
hp prodesk_400_g7_microtower_firmware 02.12.01
hp eliteone_800_g4_23.8-in_all-in-one_business_firmware 02.21.00
hp probook_450_g6_firmware 01.21.01
hp zbook_power_g8_firmware 01.10.00
hp eliteone_800_g3_23.8-inch_touch_all-in-one_firmware 2.44
hp pro_tower_400_g9_firmware 02.05.00
hp prodesk_600_g5_desktop_mini_firmware 02.15.00
hp prodesk_400_g5_microtower_firmware 02.21.00
hp probook_455_g6_firmware 01.21.01
hp elite_slice_firmware 2.59
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_firmware 2.44
hp zhan_66_pro_a_14_g3_firmware 01.10.00
hp z1_g9_tower_firmware 02.05.01
hp elitedesk_705_g5_small_form_factor_firmware 02.15.00
hp elitebook_840r_g4_firmware 01.21.01
hp elitebook_840_g5_firmware 01.21.01
hp eliteone_1000_g1_23.8-in_all-in-one_business_firmware 2.44
hp prodesk_680_g3_microtower_firmware 2.44
hp elite_sff_600_g9_firmware 02.05.01
hp probook_455_g5_firmware 01.21.01
hp zbook_studio_g5_firmware 01.21.02
hp zbook_firefly_14_g9_firmware 01.03.01
hp elitedesk_705_g3_firmware 2.41
hp elite_dragonfly_g3_firmware 01.03.01
hp elitebook_745_g5_firmware 01.21.01
hp elitebook_860_g9_firmware 01.03.01
hp zhan_66_pro_15_g3_firmware 01.14.00
hp elitedesk_800_g8_small_form_factor_firmware 02.09.01
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_firmware 2.44
hp zbook_firefly_16_g9_firmware 01.03.01
hp elitebook_755_g5_firmware 01.21.01
hp pro_x360_fortis_g10_firmware 01.03.00
hp proone_480_g3_20-inch_non-touch_all-in_one_firmware 2.44
hp zbook_firefly_14_g8_firmware 01.10.00
hp elite_folio_2-in-1_firmware not_impacted
hp elite_x2_1012_g2_firmware 1.43
hp elitebook_x360_830_g7_firmware 01.10.00
hp prodesk_480_g5_microtower_firmware 02.21.00
hp elitebook_846_g5_firmware 01.21.01
hp elitebook_x360_1030_g7_firmware 01.10.00
hp prodesk_400_g3_desktop_mini_firmware 2.44
hp elite_tower_680_g9_firmware 02.05.01
hp elitebook_850_g7_firmware 01.10.00
hp elite_tower_600_g9_firmware 02.05.01
hp z2_small_form_factor_g4_workstation_firmware 01.08.03
hp zbook_17_g6_firmware 01.21.02
hp proone_400_g2_20-inch_touch_all-in-one_firmware 2.59
hp prodesk_680_g4_microtower_firmware 02.21.00
hp proone_600_g3_21.5-inch_non-touch_all-in-one_firmware 2.44
hp probook_450_g7_firmware 01.14.00
hp elite_tower_800_g9_firmware 02.05.01
hp proone_600_g2_21.5-inch_touch_all-in-one_firmware 2.59
hp prodesk_400_g6_small_form_factor_firmware 02.15.00
hp probook_430_g8_firmware 01.10.00
hp elitedesk_800_g5_small_form_factor_firmware 02.15.00
hp elitedesk_705_g4_desktop_mini_firmware 02.20.00
hp zbook_14u_g5_firmware 01.21.01
hp proone_440_23.8_inch_g9_all-in-one_firmware 02.05.00
hp probook_640_g4_firmware 01.21.01
hp engage_one_aio_system_firmware 2.44
hp probook_430_g7_firmware 01.14.00
hp elitedesk_800_65w_g3_desktop_mini_firmware 2.44
hp probook_445_g8_firmware 01.10.00
hp elite_dragonfly_g2_firmware 01.10.00
hp elitebook_845_g8_firmware 01.10.00
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_firmware 02.21.00
hp elitebook_830_g6_firmware 01.21.01
hp elitebook_x360_1030_g3_firmware 01.21.01
hp elitedesk_705_g4_microtower_firmware 02.20.00
hp elitebook_650_g9_firmware 01.04.00
hp zbook_fury_17_g7_firmware 01.10.00
hp eliteone_800_g2_23-inch_touch_all-in-one_firmware 2.59
hp zbook_fury_15_g8_firmware 01.10.00
hp probook_450_g9_firmware 01.04.00
hp elitedesk_805_g8_desktop_mini_firmware 02.05.02
hp elitebook_640_g9_firmware 01.04.00
hp elitebook_836_g5_firmware 01.21.01
hp zbook_firefly_14_g7_firmware 01.10.00
CVE-2022-37018

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.

Products Affected

Vendor Product Version
hp prodesk_400_g3_dm_firmware *
hp proone_400_g3_aio_firmware *
hp elitebook_848_g3_firmware *
hp probook_470_g4_firmware *
hp pro_x2_612_g2_firmware *
hp zbook_15_g3_firmware *
hp prodesk_600_g2_sff_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp z2_mini_g3_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp elitebook_x360_1030_g2_firmware *
hp probook_440_g4_firmware *
hp probook_470_g3_firmware *
hp eliteone_800_g2_aio_firmware *
hp elitedesk_800_g2_sff_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp prodesk_600_g2_microtower_pc_firmware *
hp proone_400_g2_aio_firmware *
hp z238_microtower_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_1030_g1_firmware *
hp probook_11_g2_firmware *
hp probook_650_g2_firmware *
hp probook_650_g3_firmware *
hp elitebook_x360_1020_g2_firmware *
hp rp9_g1_retail_system_firmware *
hp elitebook_820_g3_firmware *
hp elitebook_1040_g4_firmware *
hp prodesk_600_g3_sff_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp zbook_17_g4_firmware *
hp elite_x2_1012_g2_firmware *
hp prodesk_400_g4_sff_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp proone_600_g2_aio_firmware *
hp proone_480_g3_firmware *
hp probook_430_g4_firmware *
hp elitebook_828_g4_firmware *
hp zbook_15_g4_firmware *
hp elitebook_850_g3_firmware *
hp elitebook_folio_g1_firmware *
hp probook_440_g3_firmware *
hp mp9_g2_retail_system_firmware *
hp z240_tower_firmware *
hp prodesk_600_g3_desktop_mini_firmware *
hp probook_640_g3_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp prodesk_400_g4_microtower_firmware *
hp elitebook_828_g3_firmware *
hp zbook_studio_g3_firmware *
hp z1_g3_firmware *
hp probook_x360_11_g2_firmware *
hp elitebook_840_g4_firmware *
hp engage_one_aio_system_firmware *
hp elite_slice_firmware *
hp probook_450_g4_firmware *
hp probook_640_g2_firmware *
hp zbook_15u_g4_firmware *
hp elitebook_820_g4_firmware *
hp eliteone_800_g3_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp z240_sff_firmware *
hp elitebook_850_g4_firmware *
hp prodesk_680_g2_microtower_pc_firmware *
hp proone_600_g3_firmware *
hp prodesk_600_g2_dm_firmware *
hp elitebook_1040_g3_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp zbook_17_g3_firmware *
hp zbook_studio_x2_g4_firmware *
CVE-2022-37019

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

Products Affected

Vendor Product Version
hp elitebook_848_g3_firmware *
hp zbook_15_g3_firmware *
hp z240_small_form_factor_workstation_firmware *
hp z238_microtower_workstation_firmware *
hp probook_446_g3_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_470_g3_firmware *
hp elitebook_850_g3_firmware *
hp elitebook_folio_g1_firmware *
hp probook_440_g3_firmware *
hp mp9_g2_retail_system_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_840_g3_firmware *
hp zbook_studio_g3_firmware *
hp z240_tower_workstation_firmware *
hp probook_650_g2_firmware *
hp elite_slice_firmware *
hp rp9_g1_retail_system_firmware *
hp elitebook_820_g3_firmware *
hp probook_640_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp elitebook_1040_g3_firmware *
hp zbook_15u_g3_firmware *
hp z2_mini_g3_workstation_firmware *
hp zbook_17_g3_firmware *
CVE-2022-37020

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

Products Affected

Vendor Product Version
hp elitebook_848_g3_firmware *
hp zbook_15_g3_firmware *
hp z240_small_form_factor_workstation_firmware *
hp z238_microtower_workstation_firmware *
hp probook_446_g3_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_470_g3_firmware *
hp elitebook_850_g3_firmware *
hp elitebook_folio_g1_firmware *
hp probook_440_g3_firmware *
hp mp9_g2_retail_system_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_840_g3_firmware *
hp zbook_studio_g3_firmware *
hp z240_tower_workstation_firmware *
hp probook_650_g2_firmware *
hp elite_slice_firmware *
hp rp9_g1_retail_system_firmware *
hp elitebook_820_g3_firmware *
hp probook_640_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp elitebook_1040_g3_firmware *
hp zbook_15u_g3_firmware *
hp z2_mini_g3_workstation_firmware *
hp zbook_17_g3_firmware *
CVE-2022-37931

A vulnerability in NetBatch-Plus software allows unauthorized access to the application.  HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.

Products Affected

Vendor Product Version
hp nonstop_netbatch-plus *
CVE-2022-37934

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Products Affected

Vendor Product Version
hpe officeconnect_1850_24g_2xgt_poe+_firmware *
hpe officeconnect_1850_2xgt/spf+_firmware *
hp officeconnect_1820_24g_poe+_(185w)_switch_j9983a_firmware *
hpe officeconnect_1850_48g_4xgt_firmware *
hpe officeconnect_1850_48g_4xgt_poe+_firmware *
hp officeconnect_1820_8g_poe+_(65w)_switch_j9982a_firmware *
hpe officeconnect_1850_6xgt_firmware *
hp officeconnect_1820_8g_switch_j9979a_firmware *
hp officeconnect_1820_48g_poe+_(370w)_switch_j9984a_firmware *
hpe officeconnect_1850_24g_2xgt_firmware *
CVE-2022-37935

HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hp oneview_for_vmware_vcenter 9.6
hp oneview_for_vmware_vcenter *
CVE-2022-38395

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

Products Affected

Vendor Product Version
hp support_assistant *
hp fusion *
CVE-2022-3990

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

Products Affected

Vendor Product Version
hp hpsfviewer *
CVE-2022-43777

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-43778

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Products Affected

Vendor Product Version
hp mp9_g4_retail_system_firmware *
hp zbook_15_g3_firmware *
hp z2_small_form_factor_g8_workstation_firmware *
hp pro_tower_480_g9_desktop_pc_firmware *
hp zbook_firefly_14_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_1000_g2_23.8-in_all-in-one_business_pc_firmware *
hp elite_x360_1040_14_inch_g9_2-in-1_notebook_pc_firmware *
hp elitebook_x360_1030_g4_firmware *
hp prodesk_405_g6_desktop_mini_pc_firmware *
hp zbook_firefly_15_g7_firmware *
hp elitedesk_800_35w_g2_desktop_mini_pc_firmware *
hp probook_470_g3_firmware *
hp proone_400_g3_20-inch_touch_all-in-one_pc_firmware *
hp eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware *
hp zbook_studio_16_inch_g9_mobile_workstation_pc_firmware *
hp elitebook_755_g3_firmware *
hp eliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware *
hp prodesk_600_g5_small_form_factor_pc_firmware *
hp elitedesk_880_g5_tower_pc_firmware *
hp elitedesk_705_g3_microtower_pc_firmware *
hp zbook_14u_g6_firmware *
hp zhan_66_pro_14_g3_firmware *
hp z2_mini_g5_workstation_firmware *
hp elitebook_1030_g1_firmware *
hp probook_645_g4_firmware *
hp elitebook_1040_g4_firmware *
hp engage_one_all-in-one_system_firmware *
hp zhan_66_pro_13_g2_firmware *
hp elitebook_735_g6_firmware *
hp prodesk_680_g6_pci_microtower_pc_firmware *
hp probook_430_g3_firmware *
hp proone_480_g3_20-inch_non-touch_all-in_one_pc_firmware *
hp prodesk_400_g6_desktop_mini_pc_firmware *
hp probook_445_14_inch_g9_notebook_pc_firmware *
hp elitedesk_800_95w_g4_desktop_mini_pc_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elitedesk_705_g4_workstation_edition_firmware *
hp pro_mt440_g3_mobile_thin_client_firmware *
hp zbook_15u_g5_firmware *
hp probook_fortis_14_inch_g10_notebook_pc_firmware *
hp elitebook_725_g3_firmware *
hp prodesk_600_g5_microtower_pc_(with_pci_slot)_firmware *
hp eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_desktop_mini_pc_firmware *
hp zbook_studio_g3_firmware *
hp elitebook_840_g6_firmware *
hp eliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmware *
hp probook_650_g7_firmware *
hp z1_all-in-one_g3_workstation_firmware *
hp probook_640_g2_firmware *
hp elitebook_865_16_inch_g9_notebook_pc_firmware *
hp zbook_power_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zbook_17_g3_firmware *
hp elitebook_848_g3_firmware *
hp zhan_66_pro_14_g2_firmware *
hp elitebook_x360_830_g6_firmware *
hp zbook_studio_g7_firmware *
hp eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elite_mini_600_g9_desktop_pc_firmware *
hp elite_dragonfly_g2_firmware *
hp probook_x360_11_g7_ee_firmware *
hp elitebook_845_g7_firmware *
hp prodesk_400_g7_microtower_pc_firmware *
hp elitebook_x360_1030_g8_firmware *
hp probook_450_g5_firmware *
hp mini_conferencing_pc_with_zoom_rooms_firmware *
hp rp9_g1_retail_system_firmware *
hp probook_fortis_14_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmware *
hp eliteone_870_27_inch_g9_all-in-one_desktop_pc_firmware *
hp z8_g4_workstation_firmware *
hp elitebook_640_14_inch_g9_notebook_pc_firmware *
hp probook_440_14_inch_g9_notebook_pc_firmware *
hp prodesk_480_g4_microtower_pc_firmware *
hp elite_tower_800_g9_desktop_pc_firmware *
hp zbook_17_g5_firmware *
hp prodesk_405_g6_small_form_factor_pc_firmware *
hp zhan_66_pro_a_14_g3_firmware *
hp mt21_mobile_thin_client_firmware *
hp prodesk_600_g4_small_form_factor_pc_firmware *
hp zbook_firefly_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_max_firmware *
hp probook_640_g7_firmware *
hp probook_640_g3_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_840_g8_firmware *
hp zbook_15u_g4_firmware *
hp elitedesk_800_g4_tower_pc_firmware *
hp elitebook_820_g4_firmware *
hp elitebook_830_g5_firmware *
hp proone_400_g5_20-inch_all-in-one_business_pc_firmware *
hp eliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp probook_450_15.6_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_desktop_mini_pc_firmware *
hp elitebook_1040_g3_firmware *
hp prodesk_400_g4_microtower_pc_firmware *
hp probook_x360_435_g8_notebook_pc_firmware *
hp prodesk_400_g3_desktop_mini_pc_firmware *
hp elite_sff_600_g9_desktop_pc_firmware *
hp zbook_14u_g5_firmware *
hp elitebook_855_g7_firmware *
hp z1_g8_tower_desktop_pc_firmware *
hp prodesk_600_g6_pci_microtower_pc_firmware *
hp elitedesk_800_g8_desktop_mini_pc_firmware *
hp prodesk_680_g3_microtower_pc_firmware *
hp proone_400_g5_23.8-inch_all-in-one_business_pc_firmware *
hp probook_640_g4_firmware *
hp probook_440_g7_firmware *
hp probook_450_g7_firmware *
hp elitedesk_800_g5_tower_pc_firmware *
hp z2_small_form_factor_g9_workstation_firmware *
hp prodesk_600_g3_microtower_pc_firmware *
hp elitebook_835_g8_firmware *
hp prodesk_480_g5_microtower_pc_firmware *
hp zbook_firefly_14_inch_g8_mobile_workstation_pc_firmware *
hp probook_645_g3_firmware *
hp elite_x2_1012_g1_tablet_with_travel_keyboard_firmware *
hp prodesk_405_g4_small_form_factor_pc_firmware *
hp proone_400_g6_24_all-in-one_pc_firmware *
hp proone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmware *
hp elitebook_820_g3_firmware *
hp probook_455_g7_firmware *
hp elitedesk_705_g5_desktop_mini_pc_firmware *
hp z2_tower_g4_workstation_firmware *
hp pro_sff_400_g9_desktop_pc_firmware *
hp eliteone_800_g8_24_all-in-one_pc_firmware *
hp elitedesk_800_g5_desktop_mini_pc_firmware *
hp elite_x2_1013_g3_firmware *
hp z238_microtower_workstation_firmware *
hp z2_tower_g5_workstation_firmware *
hp elitedesk_805_g8_desktop_mini_pc_firmware *
hp elite_x360_830_13_inch_g9_2-in-1_notebook_pc_firmware *
hp zbook_fury_15_g7_firmware *
hp zbook_x2_g4_firmware *
hp mt31_mobile_thin_client_firmware *
hp z840_workstation_firmware *
hp elitebook_745_g6_firmware *
hp proone_440_g6_24_all-in-one_pc_firmware *
hp eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmware *
hp elitebook_840_14_inch_g9_notebook_pc_firmware *
hp probook_455_g4_firmware *
hp zbook_power_15.6_inch_g9_mobile_workstation_pc_firmware *
hp eliteone_800_g5_23.8-inch_all-in-one_firmware *
hp elitebook_830_g7_firmware *
hp elitedesk_800_g6_desktop_mini_pc_firmware *
hp probook_650_g4_firmware *
hp elitedesk_805_g6_small_form_factor_pc_firmware *
hp prodesk_405_g4_desktop_mini_pc_firmware *
hp prodesk_600_g3_desktop_mini_pc_firmware *
hp z2_mini_g3_workstation_firmware *
hp mt22_mobile_thin_client_firmware *
hp elite_x2_g8_tablet_firmware *
hp zhan_x_13_g2_firmware *
hp pro_x360_fortis_11_inch_g9_notebook_pc_firmware *
hp probook_455_g6_firmware *
hp proone_600_g5_21.5-in_all-in-one_business_pc_firmware *
hp elitebook_1040_14_inch_g9_notebook_pc_firmware *
hp elite_tower_680_g9_desktop_pc_firmware *
hp zcentral_4r_workstation_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
hp eliteone_800_g6_27_all-in-one_pc_firmware *
hp zhan_66_pro_a_14_g4_notebook_pc_firmware *
hp prodesk_600_g5_desktop_mini_pc_firmware *
hp mt46_mobile_thin_client_firmware *
hp elitedesk_880_g3_tower_pc_firmware *
hp elitedesk_805_g6_desktop_mini_pc_firmware *
hp z240_tower_workstation_firmware *
hp elitebook_745_g4_firmware *
hp elitebook_645_14_inch_g9_notebook_pc_firmware *
hp elitebook_745_g3_firmware *
hp elite_slice_g2_with_intel_unite_firmware *
hp zbook_17_g4_firmware *
hp zbook_15u_g6_firmware *
hp zbook_power_g7_firmware *
hp elitebook_755_g4_firmware *
hp elitedesk_800_g3_small_form_factor_pc_firmware *
hp proone_400_g2_20-inch_touch_all-in-one_pc_firmware *
hp elitebook_830_g8_firmware *
hp elitebook_x360_1030_g7_firmware *
hp pro_tower_400_g9_desktop_pc_firmware *
hp elitebook_836_g5_firmware *
hp elitedesk_800_35w_g4_desktop_mini_pc_firmware *
hp proone_440_g5_23.8-in_all-in-one_business_pc_firmware *
hp prodesk_600_g4_microtower_pc_firmware *
hp zhan_66_pro_a_14_g5_notebook_pc_firmware *
hp zbook_firefly_14_g7_firmware *
hp elitebook_855_g8_firmware *
hp elitedesk_800_35w_g3_desktop_mini_pc_firmware *
hp elitedesk_800_g4_small_form_factor_pc_firmware *
hp elitedesk_800_g6_tower_pc_firmware *
hp zbook_fury_17_g7_firmware *
hp elitedesk_800_65w_g3_desktop_mini_pc_firmware *
hp prodesk_600_g2_desktop_mini_pc_firmware *
hp z2_small_form_factor_g5_workstation_firmware *
hp elitebook_850_g8_firmware *
hp probook_635_aero_g7_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmware *
hp probook_450_g3_firmware *
hp prodesk_680_g4_microtower_pc_(with_pci_slot)_firmware *
hp elitedesk_800_g8_small_form_factor_pc_firmware *
hp eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp zbook_fury_16_g9_mobile_workstation_pc_firmware *
hp probook_455_15.6_inch_g9_notebook_pc_firmware *
hp eliteone_800_g8_27_all-in-one_pc_firmware *
hp elite_slice_g2_with_zoom_rooms_firmware *
hp prodesk_405_g8_small_form_factor_pc_firmware *
hp elitebook_836_g6_firmware *
hp probook_645_g2_firmware *
hp prodesk_400_g5_small_form_factor_pc_firmware *
hp z440_workstation_firmware *
hp elite_x2_1012_g1_tablet_firmware *
hp engage_go_mobile_system_firmware *
hp engage_go_10_mobile_system_firmware *
hp zbook_studio_x360_g5_firmware *
hp elitebook_650_15.6_inch_g9_notebook_pc_firmware *
hp mt43_mobile_thin_client_firmware *
hp probook_x360_440_g1_firmware *
hp elitebook_840r_g4_firmware *
hp eliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmware *
hp dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware *
hp elitebook_828_g4_firmware *
hp elitedesk_705_g4_desktop_mini_pc_firmware *
hp zbook_15_g4_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmware *
hp prodesk_400_g6_microtower_pc_firmware *
hp pro_x360_fortis_11_inch_g10_notebook_pc_firmware *
hp elitebook_folio_g1_firmware *
hp mt44_mobile_thin_client_firmware *
hp elitedesk_705_g4_small_form_factor_pc_firmware *
hp elitebook_850_g7_firmware *
hp prodesk_600_g6_small_form_factor_pc_firmware *
hp mt42_mobile_thin_client_firmware *
hp elitebook_840_g7_firmware *
hp eliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware *
hp elite_slice_firmware *
hp z1_g9_tower_desktop_pc_firmware *
hp elitedesk_880_g4_tower_pc_firmware *
hp elitebook_x360_1040_g6_firmware *
hp z2_small_form_factor_g4_workstation_firmware *
hp zbook_fury_15.6_inch_g8_mobile_workstation_pc_firmware *
hp zhan_66_pro_14_inch_g5_notebook_pc_firmware *
hp elitedesk_800_g6_small_form_factor_pc_firmware *
hp elitedesk_800_g8_tower_pc_firmware *
hp probook_640_g5_firmware *
hp elitebook_x360_830_g5_firmware *
hp zhan_66_pro_g1_firmware *
hp proone_400_g3_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_slice_g2_-_audio_ready_with_zoom_rooms_firmware *
hp zbook_15_g6_firmware *
hp elite_mini_800_g9_desktop_pc_firmware *
hp probook_445_g7_firmware *
hp probook_430_g6_firmware *
hp mt32_mobile_thin_client_firmware *
hp elitebook_840_g3_firmware *
hp elitebook_840_aero_g8_firmware *
hp probook_x360_11_g3_ee_firmware *
hp eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmware *
hp elite_x2_g4_firmware *
hp elitebook_x360_1040_g7_firmware *
hp elite_tower_880_g9_desktop_pc_firmware *
hp eliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmware *
hp elite_dragonfly_13.5_inch_g3_notebook_pc_firmware *
hp elitedesk_705_g4_microtower_pc_firmware *
hp mt45_mobile_thin_client_firmware *
hp elitebook_850_g5_firmware *
hp elitebook_835_13_inch_g9_notebook_pc_firmware *
hp proone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp elitebook_x360_1040_g5_firmware *
hp elitedesk_800_g5_small_form_factor_pc_firmware *
hp zbook_create_g7_firmware *
hp elitebook_828_g3_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_840_g4_firmware *
hp prodesk_400_g2_desktop_mini_pc_firmware *
hp proone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmware *
hp elite_sff_800_g9_desktop_pc_firmware *
hp probook_655_g3_firmware *
hp zhan_66_pro_15_g3_firmware *
hp prodesk_600_g5_microtower_pc_firmware *
hp probook_x360_11_g2_ee_firmware *
hp proone_600_g6_22_all-in-one_pc_firmware *
hp zbook_17_g6_firmware *
hp proone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware *
hp eliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmware *
hp elitebook_830_13.3_inch_g9_notebook_pc_firmware *
hp z2_mini_g9_workstation_firmware *
hp zbook_firefly_16_inch_g9_mobile_workstation_pc_firmware *
hp z2_mini_g4_workstation_firmware *
hp zhan_66_pro_g3_24_all-in-one_pc_firmware *
hp elitebook_846_g5_firmware *
hp elitedesk_800_65w_g4_desktop_mini_pc_firmware *
hp elitedesk_805_g8_small_form_factor_pc_firmware *
hp eliteone_800_g6_24_all-in-one_pc_firmware *
hp probook_650_g3_firmware *
hp elitedesk_705_g3_desktop_mini_pc_firmware *
hp elitebook_x360_1020_g2_firmware *
hp elite_slice_for_meeting_rooms_firmware *
hp zbook_studio_15.6_inch_g8_mobile_workstation_pc_firmware *
hp elitebook_850_g6_firmware *
hp elitebook_745_g5_firmware *
hp proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmware *
hp eliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware *
hp proone_400_g2_20-inch_non-touch_all-in-one_pc_firmware *
hp elite_x2_1012_g2_firmware *
hp probook_470_g5_firmware *
hp prodesk_400_g4_desktop_mini_pc_firmware *
hp elitebook_1050_g1_firmware *
hp elitedesk_880_g8_tower_pc_firmware *
hp probook_x360_435_g7_firmware *
hp probook_650_g5_firmware *
hp z2_tower_g8_workstation_firmware *
hp elitebook_850_g3_firmware *
hp proone_400_g6_20_all-in-one_pc_firmware *
hp probook_440_g3_firmware *
hp elitebook_835_g7_firmware *
hp prodesk_600_g4_microtower_pc_(with_pci_slot)_firmware *
hp z4_g4_workstation_(xeon_w)_firmware *
hp zbook_fury_17.3_inch_g8_mobile_workstation_pc_firmware *
hp elite_dragonfly_firmware *
hp elitedesk_800_65w_g2_desktop_mini_pc_firmware *
hp probook_x360_11_g4_ee_firmware *
hp z1_entry_tower_g5_firmware *
hp proone_600_g2_21.5-inch_touch_all-in-one_pc_firmware *
hp elitebook_845_g8_firmware *
hp elitedesk_800_g3_tower_pc_firmware *
hp elitebook_840_g5_firmware *
hp elitebook_850_g4_firmware *
hp proone_440_23.8_inch_g9_all-in-one_desktop_pc_firmware *
hp prodesk_480_g7_pci_microtower_pc_firmware *
hp z640_workstation_firmware *
hp z4_g4_workstation_(core-x)_firmware *
hp prodesk_400_g5_desktop_mini_pc_firmware *
hp z1_entry_tower_g6_firmware *
hp elitedesk_800_g4_workstation_edition_firmware *
hp probook_x360_11_g5_ee_firmware *
hp pro_x2_612_g2_firmware *
hp elitedesk_705_g3_small_form_factor_pc_firmware *
hp z240_small_form_factor_workstation_firmware *
hp zbook_14u_g4_firmware *
hp probook_446_g3_firmware *
hp eliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_pc_firmware *
hp probook_11_ee_g2_firmware *
hp elitebook_630_13_inch_g9_notebook_pc_firmware *
hp elite_slice_g2_with_microsoft_teams_rooms_firmware *
hp prodesk_480_g6_microtower_pc_firmware *
hp pro_mini_400_g9_desktop_pc_firmware *
hp probook_650_g2_firmware *
hp elitebook_735_g5_firmware *
hp probook_455_g3_firmware *
hp elitebook_860_16_inch_g9_notebook_pc_firmware *
hp prodesk_600_g6_microtower_pc_firmware *
hp z2_tower_g9_workstation_firmware *
hp prodesk_400_g7_small_form_factor_pc_firmware *
hp elite_x2_1012_g1_firmware *
hp zbook_studio_g4_firmware *
hp probook_655_g2_firmware *
hp prodesk_600_g3_small_form_factor_pc_firmware *
hp probook_430_g5_firmware *
hp probook_640_g8_firmware *
hp elitebook_x360_830_g7_firmware *
hp elitebook_725_g4_firmware *
hp prodesk_400_g5_microtower_pc_firmware *
hp elitebook_845_14_inch_g9_notebook_pc_firmware *
hp elitebook_830_g6_firmware *
hp zbook_studio_g5_firmware *
hp proone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware *
hp probook_x360_11_g6_ee_firmware *
hp elite_tower_600_g9_desktop_pc_firmware *
hp prodesk_400_g6_small_form_factor_pc_firmware *
hp prodesk_405_g8_desktop_mini_pc_firmware *
hp elitedesk_705_g5_small_form_factor_pc_firmware *
hp prodesk_400_g4_small_form_factor_pc_firmware *
hp zbook_15_g5_firmware *
hp prodesk_680_g4_microtower_pc_firmware *
hp zhan_66_pro_14_g4_notebook_pc_firmware *
hp eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware *
hp elitedesk_880_g6_tower_pc_firmware *
hp probook_430_g7_firmware *
hp zhan_66_pro_g3_22_all-in-one_pc_firmware *
hp eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmware *
hp elitebook_655_15.6_inch_g9_notebook_pc_firmware *
hp elitebook_848_g4_firmware *
hp zbook_15u_g3_firmware *
hp probook_455r_g6_firmware *
CVE-2022-43779

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
hp desktop_pro_300_g3_firmware *
hp zhan_66_pro_g1_r_microtower_firmware *
hp 280_g3_microtower_pc_firmware *
hp 290_g1_microtower_firmware *
hp desktop_pro_g3_microtower_firmware *
hp desktop_pro_a_g3_microtower_firmware *
hp desktop_pro_a_300_g3_firmware *
hp 260_g3_desktop_mini_firmware *
hp zhan_66_pro_a_g1_r_microtower_firmware *
hp 260_g4_desktop_mini_firmware *
hp 280_g3_pci_microtower_pc_firmware *
hp rp2_retail_system_2020_firmware *
hp 348_g4_firmware *
hp desktop_pro_a_g2_microtower_firmware *
hp desktop_pro_microtower_firmware *
hp rp2_retail_system_2000_firmware *
hp 260_g2_desktop_mini_firmware *
hp zhan_66_pro_a_g1_microtower_firmware *
hp zhan_86_pro_g1_microtower_firmware *
hp 288_pro_g3_microtower_pc_firmware *
hp 218_pro_g5_mt_firmware *
hp rp2_retail_system_2030_firmware *
hp desktop_pro_g3_firmware *
hp desktop_pro_a_g3_firmware *
hp desktop_pro_a_g2_firmware *
CVE-2022-43780

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

Products Affected

Vendor Product Version
hp m2u86b_firmware *
hp z4a54a_firmware *
hp z4a73a_firmware *
hp z4a69a_firmware *
hp z4a71a_firmware *
hp m2u84a_firmware *
hp m2u84b_firmware *
hp m2u81b_firmware *
hp m2u82a_firmware *
hp m2u87b_firmware *
hp z4b14a_firmware *
hp z4b29a_firmware *
hp m2u94b_firmware *
hp z4b12a_firmware *
hp m2u88b_firmware *
hp z4b18a_firmware *
hp m2u82b_firmware *
hp m2u92b_firmware *
hp z4a61b_firmware *
hp m2u77a_firmware *
hp z4a70a_firmware *
hp z4a59a_firmware *
hp m2u81a_firmware *
hp z4b13a_firmware *
hp z4a61a_firmware *
hp z4b28a_firmware *
hp m2u76a_firmware *
hp m2u85b_firmware *
hp m2u89b_firmware *
hp m2u86a_firmware *
hp m2u91a_firmware *
hp z4b27a_firmware *
hp m2u86c_firmware *
hp m2u92a_firmware *
hp m2u87a_firmware *
hp m2u91b_firmware *
hp m2u75a_firmware *
hp z4a74a_firmware *
hp m2u94a_firmware *
hp m2u85a_firmware *
hp z4a60a_firmware *
CVE-2022-46356

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Products Affected

Vendor Product Version
hp security_manager *
CVE-2022-46357

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Products Affected

Vendor Product Version
hp security_manager *
CVE-2022-46358

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Products Affected

Vendor Product Version
hp security_manager *
CVE-2022-46359

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Products Affected

Vendor Product Version
hp security_manager *
CVE-2022-48219

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

Products Affected

Vendor Product Version
hp z2_tower_g9_firmware *
hp pro_sff_400_g9_firmware *
hp elite_tower_680_g9_firmware *
hp z2_small_form_factor_g8_firmware *
hp z2_mini_g9_firmware *
hp elite_mini_800_g9_firmware *
hp z1_g9_tower_firmware *
hp eliteone_800_g8_24_all-in-one_firmware *
hp pro_mini_260_g9_firmware *
hp elitedesk_800_g8_desktop_mini_firmware *
hp elite_sff_800_g9_firmware *
hp z1_g8_tower_firmware *
hp eliteone_800_g8_27_all-in-one_firmware *
hp elitedesk_800_g8_small_form_factor_firmware *
hp elite_tower_600_g9_firmware *
hp z2_small_form_factor_g9_firmware *
hp elite_mini_600_g9_firmware *
hp elite_tower_800_g9_firmware *
hp elitedesk_880_g8_tower_firmware *
hp z2_tower_g8_firmware *
hp pro_mini_400_g9_firmware *
hp elite_sff_600_g9_firmware *
hp elitedesk_800_g8_tower_firmware *
hp elite_tower_880_g9_firmware *
hp pro_tower_480_g9_firmware *
hp pro_tower_400_g9_firmware *
hp mini_conferencing_pc_firmware *
CVE-2022-48220

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

Products Affected

Vendor Product Version
hp z2_tower_g9_firmware *
hp pro_sff_400_g9_firmware *
hp elite_tower_680_g9_firmware *
hp z2_small_form_factor_g8_firmware *
hp z2_mini_g9_firmware *
hp elite_mini_800_g9_firmware *
hp z1_g9_tower_firmware *
hp eliteone_800_g8_24_all-in-one_firmware *
hp pro_mini_260_g9_firmware *
hp elitedesk_800_g8_desktop_mini_firmware *
hp elite_sff_800_g9_firmware *
hp z1_g8_tower_firmware *
hp eliteone_800_g8_27_all-in-one_firmware *
hp elitedesk_800_g8_small_form_factor_firmware *
hp elite_tower_600_g9_firmware *
hp z2_small_form_factor_g9_firmware *
hp elite_mini_600_g9_firmware *
hp elite_tower_800_g9_firmware *
hp elitedesk_880_g8_tower_firmware *
hp z2_tower_g8_firmware *
hp pro_mini_400_g9_firmware *
hp elite_sff_600_g9_firmware *
hp elitedesk_800_g8_tower_firmware *
hp elite_tower_880_g9_firmware *
hp pro_tower_480_g9_firmware *
hp pro_tower_400_g9_firmware *
hp mini_conferencing_pc_firmware *
CVE-2022-48311

**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
hp deskjet_2540_a9u23b_firmware cep1fn1418br
CVE-2022-4894

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
hp 714z9a_firmware -
samsung ss153f_firmware -
samsung ss397p_firmware -
samsung 7gf48a#ab1_firmware -
samsung ss210h_firmware -
samsung ss229a_firmware -
samsung ss272f_firmware -
samsung ss359k_firmware -
samsung ss398d_firmware -
samsung ss380b_firmware -
samsung ss211d_firmware -
samsung ss271k_firmware -
samsung ss404c_firmware -
samsung 7fq97a#ab1_firmware -
samsung ss257q_firmware -
samsung ss041c_firmware -
samsung ss353c_firmware -
samsung ss272d_firmware -
samsung ss107f_firmware -
hp 6hu12a_firmware -
samsung ss378b_firmware -
samsung ss106j_firmware -
samsung ss383l_firmware -
samsung ss152d_firmware -
samsung ss391e_firmware -
samsung st679c_firmware -
samsung ss388l_firmware -
samsung ss256z_firmware -
samsung 3b0c5a#ab1_firmware -
samsung ss343g_firmware -
samsung ss397h_firmware -
samsung ss107c_firmware -
samsung ss388b_firmware -
samsung 7fr02a#ab1_firmware -
samsung ss033c_firmware -
samsung ss230h_firmware -
samsung ss378d_firmware -
samsung ss257f_firmware -
samsung ss230z_firmware -
samsung ss204m_firmware -
samsung ss043c_firmware -
samsung ss204j_firmware -
samsung ss272p_firmware -
samsung 7gf49a#ab1_firmware -
samsung ss058b_firmware -
samsung ss359j_firmware -
samsung ss377h_firmware -
samsung sw176b_firmware -
samsung ss234a_firmware -
hp 6hu10a_firmware -
samsung ss340a_firmware -
samsung ss335a_firmware -
samsung ss378e_firmware -
samsung ss335f_firmware -
samsung ss390h_firmware -
samsung ss389h_firmware -
samsung ss205a_firmware -
samsung ss150s_firmware -
samsung ss044d_firmware -
samsung ss043k_firmware -
samsung ss033m_firmware -
samsung ss377j_firmware -
samsung ss357a_firmware -
samsung ss395k_firmware -
samsung ss076d_firmware -
samsung ss210e_firmware -
samsung ss368a_firmware -
samsung ss033d_firmware -
samsung ss353b_firmware -
samsung ss389j_firmware -
samsung ss106a_firmware -
samsung ss044f_firmware -
samsung ss153l_firmware -
samsung ss367d_firmware -
samsung ss106g_firmware -
samsung ss153k_firmware -
samsung ss108a_firmware -
samsung ss352j_firmware -
samsung ss265a_firmware -
samsung 7fq87a#ab1_firmware -
hp 715a0a_firmware -
samsung ss389n_firmware -
samsung st693a_firmware -
samsung sw116b_firmware -
samsung ss398f_firmware -
samsung ss041d_firmware -
samsung ss353e_firmware -
hp 6hu11a_firmware -
samsung ss107l_firmware -
samsung ss352k_firmware -
samsung ss108j_firmware -
samsung ss059j_firmware -
samsung ss404m_firmware -
hp 8af50a_firmware -
samsung ss198a_firmware -
samsung ss342e_firmware -
samsung ss150m_firmware -
samsung ss353k_firmware -
samsung 7fq88a#ab1_firmware -
samsung ss396f_firmware -
samsung ss386b_firmware -
samsung ss195b_firmware -
samsung ss383g_firmware -
samsung ss378c_firmware -
samsung ss379a_firmware -
samsung ss383m_firmware -
samsung st683a_firmware -
samsung ss352a_firmware -
samsung ss205u_firmware -
samsung ss352n_firmware -
samsung ss353j_firmware -
samsung ss196b_firmware -
samsung ss102a_firmware -
samsung st694a_firmware -
samsung ss264a_firmware -
samsung ss377k_firmware -
samsung ss368j_firmware -
samsung ss329a_firmware -
hp 4zb90a_firmware -
hp 4zb92a_firmware -
samsung ss233a_firmware -
samsung ss378g_firmware -
samsung ss396h_firmware -
samsung ss404d_firmware -
samsung ss256c_firmware -
samsung ss106t_firmware -
samsung ss389l_firmware -
samsung ss076v_firmware -
samsung 7fq98a#ab1_firmware -
samsung ss058g_firmware -
samsung ss059b_firmware -
samsung ss153a_firmware -
samsung ss108h_firmware -
samsung 3b0d1a#ab1_firmware -
samsung ss386a_firmware -
samsung 8pa14a#302_firmware -
samsung ss272k_firmware -
samsung ss390f_firmware -
samsung ss275a_firmware -
samsung ss281a_firmware -
samsung ss076a_firmware -
samsung ss273a_firmware -
samsung st688f_firmware -
samsung ss383q_firmware -
samsung st683e_firmware -
samsung ss216n_firmware -
samsung ss272l_firmware -
samsung ss390d_firmware -
samsung ss327b_firmware -
samsung ss349e_firmware -
samsung ss196a_firmware -
samsung ss323a_firmware -
samsung ss204c_firmware -
samsung ss150c_firmware -
samsung ss059g_firmware -
samsung ss395e_firmware -
samsung ss396g_firmware -
samsung ss365k_firmware -
hp 2zn49a_firmware -
samsung ss338a_firmware -
samsung ss287a_firmware -
samsung ss105e_firmware -
samsung ss205d_firmware -
samsung ss211l_firmware -
samsung ss150f_firmware -
samsung ss377f_firmware -
samsung ss352h_firmware -
samsung ss322c_firmware -
samsung st683b_firmware -
samsung ss075e_firmware -
samsung ss339d_firmware -
samsung ss076m_firmware -
samsung 3b0c1a#304_firmware -
samsung ss204f_firmware -
samsung ss076u_firmware -
samsung ss107m_firmware -
samsung ss255b_firmware -
samsung ss211m_firmware -
samsung ss378c#304_firmware -
samsung ss343a_firmware -
samsung ss229j_firmware -
hp 7zb19a_firmware -
samsung ss204h_firmware -
samsung ss395b_firmware -
samsung ss337a_firmware -
samsung ss218e_firmware -
samsung ss383w_firmware -
samsung ss229h_firmware -
samsung ss216q_firmware -
samsung 7fq93a#ab1_firmware -
samsung ss272g_firmware -
samsung ss378h_firmware -
samsung ss328b_firmware -
samsung ss353h_firmware -
samsung ss105a_firmware -
samsung ss105b_firmware -
samsung ss404f_firmware -
samsung st688c_firmware -
samsung ss041j_firmware -
samsung ss213d_firmware -
samsung ss342g_firmware -
samsung ss326c_firmware -
samsung ss254g_firmware -
hp 7zb72a_firmware -
samsung ss389e_firmware -
samsung ss394a_firmware -
samsung ss059a_firmware -
samsung ss150e_firmware -
samsung ss367f_firmware -
samsung ss397c_firmware -
samsung ss150a_firmware -
samsung ss105h_firmware -
samsung ss075h_firmware -
samsung ss326b_firmware -
samsung st686d_firmware -
samsung ss210k_firmware -
samsung ss210f_firmware -
samsung ss043e_firmware -
samsung ss049d_firmware -
samsung st673c_firmware -
samsung ss390b_firmware -
samsung ss153d_firmware -
samsung ss106h_firmware -
samsung ss255c_firmware -
samsung ss359g_firmware -
samsung ss058f_firmware -
samsung ss033f_firmware -
samsung ss216k_firmware -
samsung ss107g_firmware -
samsung ss368b_firmware -
samsung ss279a_firmware -
samsung 7fr05a#ab1_firmware -
samsung ss281b_firmware -
samsung ss076n_firmware -
samsung ss150g_firmware -
samsung 7fq99a#ab1_firmware -
samsung ss378a_firmware -
samsung ss076b_firmware -
samsung ss149a_firmware -
samsung ss388g_firmware -
samsung ss254f_firmware -
samsung ss335g_firmware -
samsung ss395j_firmware -
samsung st673a_firmware -
hp 4zb89a_firmware -
samsung ss359e_firmware -
samsung ss390g_firmware -
samsung ss349b_firmware -
samsung ss041a_firmware -
samsung ss204a_firmware -
samsung ss398g_firmware -
samsung ss204d_firmware -
samsung ss340c_firmware -
samsung ss219c_firmware -
samsung ss404g_firmware -
samsung 8pa12a#302_firmware -
samsung ss230j_firmware -
samsung ss218c_firmware -
samsung 7fq91a#ab1_firmware -
samsung ss343d_firmware -
samsung st683d_firmware -
hp 4zb86a_firmware -
samsung ss152c_firmware -
samsung ss340d_firmware -
samsung ss257d_firmware -
samsung st673d_firmware -
samsung ss216v_firmware -
samsung ss349d_firmware -
samsung ss197a_firmware -
samsung ss076t_firmware -
samsung 3a9x8a#ab1_firmware -
samsung ss384c_firmware -
samsung ss237a_firmware -
samsung ss368c_firmware -
samsung ss204k_firmware -
samsung ss277b_firmware -
samsung ss219b_firmware -
samsung ss352p_firmware -
samsung ss150k_firmware -
hp 8af51a_firmware -
samsung ss042j_firmware -
samsung ss043j_firmware -
samsung ss153b_firmware -
samsung ss076s_firmware -
samsung ss059c_firmware -
samsung ss333a_firmware -
samsung ss033l_firmware -
samsung 3b0c0a#301_firmware -
samsung ss211g_firmware -
samsung ss377b_firmware -
samsung ss397q_firmware -
samsung ss027e_firmware -
samsung 7fq89a#ab1_firmware -
samsung ss271s_firmware -
samsung ss044e_firmware -
samsung ss213g_firmware -
samsung ss404p_firmware -
samsung ss352f_firmware -
samsung ss075a_firmware -
samsung ss211f_firmware -
samsung ss210j_firmware -
samsung ss367b_firmware -
samsung ss391f_firmware -
samsung st690c_firmware -
samsung ss076f_firmware -
samsung ss271f_firmware -
samsung ss033a_firmware -
samsung ss075b_firmware -
samsung ss042h_firmware -
samsung ss359f_firmware -
samsung ss271h_firmware -
samsung ss043h_firmware -
samsung ss278a_firmware -
samsung ss339f_firmware -
samsung ss389t_firmware -
samsung ss210n_firmware -
samsung ss359z_firmware -
samsung ss349f_firmware -
hp 9vv52a_firmware -
samsung ss359m_firmware -
samsung st682b_firmware -
samsung ss271p_firmware -
samsung ss331a_firmware -
samsung ss256p_firmware -
samsung ss106p_firmware -
samsung ss204e_firmware -
samsung ss397a_firmware -
samsung ss218b_firmware -
samsung ss348a_firmware -
samsung ss335b_firmware -
samsung ss324a_firmware -
samsung ss383j_firmware -
samsung ss393c_firmware -
samsung ss389g_firmware -
samsung ss229b_firmware -
samsung ss257c_firmware -
samsung ss229e_firmware -
samsung ss326e_firmware -
samsung ss254b_firmware -
samsung ss106z_firmware -
samsung ss106e_firmware -
samsung st694c_firmware -
samsung ss153e_firmware -
samsung ss230l_firmware -
samsung ss377l_firmware -
samsung ss389s_firmware -
samsung ss058d_firmware -
hp 4zb88a_firmware -
hp 1vr14a_firmware -
samsung ss404a_firmware -
samsung ss378k_firmware -
samsung ss343e_firmware -
samsung ss367e_firmware -
samsung ss204n_firmware -
hp 715a6a_firmware -
samsung ss205c_firmware -
samsung ss049l_firmware -
samsung ss041f_firmware -
samsung ss341a_firmware -
samsung ss276a_firmware -
samsung ss058h_firmware -
samsung st688b_firmware -
samsung st694b_firmware -
samsung ss268b_firmware -
hp 6hu09a_firmware -
samsung ss404z_firmware -
samsung ss205g_firmware -
samsung ss196h_firmware -
samsung ss150t_firmware -
samsung ss340b_firmware -
samsung ss377p_firmware -
samsung ss322a_firmware -
samsung ss211h_firmware -
samsung sv531a_firmware -
samsung ss395f_firmware -
samsung ss384e_firmware -
samsung ss254a_firmware -
samsung ss042f_firmware -
samsung ss395d_firmware -
samsung ss219d_firmware -
samsung st687a_firmware -
samsung ss365c_firmware -
samsung st682c_firmware -
samsung 7fq96a#ab1_firmware -
samsung ss256l_firmware -
samsung ss396e_firmware -
samsung ss275b_firmware -
samsung ss272m_firmware -
samsung ss348c_firmware -
samsung ss205k_firmware -
samsung ss389u_firmware -
samsung ss210c_firmware -
samsung ss033k_firmware -
samsung st686g_firmware -
samsung ss108c_firmware -
samsung ss152b_firmware -
samsung ss033h_firmware -
samsung ss216b_firmware -
samsung ss349c_firmware -
samsung ss397d_firmware -
samsung ss332a_firmware -
samsung ss283a_firmware -
samsung st686h_firmware -
samsung ss396d_firmware -
samsung ss267a_firmware -
samsung ss218d_firmware -
samsung ss288a_firmware -
samsung ss273b_firmware -
samsung ss271n_firmware -
samsung ss196f_firmware -
samsung ss256b_firmware -
samsung ss397b_firmware -
samsung ss059d_firmware -
samsung ss383b_firmware -
samsung 8pa10a#301_firmware -
samsung ss108e_firmware -
samsung ss377c_firmware -
samsung ss365e_firmware -
samsung ss330b_firmware -
samsung ss150q_firmware -
samsung ss392c_firmware -
samsung ss230a_firmware -
samsung ss027c_firmware -
hp 4zb94a_firmware -
samsung ss211p_firmware -
samsung st683c_firmware -
samsung ss391d_firmware -
samsung ss257a_firmware -
samsung ss262a_firmware -
samsung ss150n_firmware -
samsung ss383u_firmware -
hp 4zb85a_firmware -
samsung ss271l_firmware -
samsung ss256e_firmware -
samsung ss272h_firmware -
samsung ss257h_firmware -
samsung ss152a_firmware -
samsung ss343c_firmware -
samsung ss276b_firmware -
samsung st686e_firmware -
samsung ss103a_firmware -
samsung ss397m_firmware -
samsung ss389m_firmware -
samsung ss033g_firmware -
samsung ss384b_firmware -
samsung ss150d_firmware -
samsung ss383p_firmware -
samsung ss254c_firmware -
samsung ss153h_firmware -
samsung 7fq94a#ab1_firmware -
samsung ss388j_firmware -
samsung ss395q_firmware -
samsung ss342b_firmware -
samsung st682a_firmware -
samsung ss108k_firmware -
samsung ss210b_firmware -
samsung ss390c_firmware -
samsung ss230c_firmware -
samsung ss213h_firmware -
samsung ss150p_firmware -
samsung st689a_firmware -
samsung st673b_firmware -
samsung ss107j_firmware -
samsung st693d_firmware -
samsung 3a9x1a#ab1_firmware -
samsung ss377d_firmware -
samsung ss218j_firmware -
samsung ss042d_firmware -
samsung ss256g_firmware -
samsung ss216p_firmware -
samsung ss271e_firmware -
samsung ss335h_firmware -
samsung ss059f_firmware -
samsung ss043a_firmware -
samsung ss383t_firmware -
samsung ss256d_firmware -
samsung ss108l_firmware -
samsung ss389f_firmware -
samsung ss339g_firmware -
samsung ss044l_firmware -
samsung ss370a_firmware -
samsung st688d_firmware -
samsung 7gf50a#ab1_firmware -
samsung ss339e_firmware -
samsung ss044n_firmware -
samsung st695d_firmware -
samsung ss282c_firmware -
samsung ss335e_firmware -
samsung ss388c_firmware -
samsung ss107n_firmware -
samsung ss154a_firmware -
samsung sw192a_firmware -
samsung ss352b_firmware -
samsung ss044h_firmware -
samsung ss106k_firmware -
samsung ss266a_firmware -
samsung ss389c_firmware -
samsung ss044k_firmware -
hp 715a2a_firmware -
samsung sw176c_firmware -
samsung ss076k_firmware -
samsung ss204l_firmware -
samsung st679g_firmware -
samsung ss342d_firmware -
samsung ss257n_firmware -
hp 715a3a_firmware -
samsung ss343b_firmware -
samsung ss205h_firmware -
samsung 3b0c9a#304_firmware -
samsung ss107b_firmware -
samsung ss272a_firmware -
samsung ss263a_firmware -
samsung ss105j_firmware -
hp 8af52a_firmware -
samsung ss369d_firmware -
samsung ss330c_firmware -
samsung ss388f_firmware -
samsung ss353a_firmware -
samsung ss377e_firmware -
samsung ss217a_firmware -
samsung ss396a_firmware -
samsung ss391b_firmware -
samsung ss027l_firmware -
samsung ss386d_firmware -
samsung 3b0d3a#301_firmware -
samsung ss041h_firmware -
samsung ss049e_firmware -
samsung ss393a_firmware -
samsung ss378j_firmware -
samsung ss216u_firmware -
samsung ss387a_firmware -
samsung ss335d_firmware -
samsung ss365l_firmware -
samsung ss105g_firmware -
samsung ss383n_firmware -
samsung ss369a_firmware -
samsung ss369b_firmware -
samsung 7fr00a#ab1_firmware -
samsung ss391a_firmware -
samsung ss210g_firmware -
hp 2ky38a_firmware -
samsung ss383y_firmware -
samsung ss398a_firmware -
samsung ss106q_firmware -
samsung 7gf54a#ab1_firmware -
samsung ss272n_firmware -
samsung ss395n_firmware -
samsung 3b0c8a#ab1_firmware -
samsung ss049h_firmware -
samsung ss106m_firmware -
samsung ss404b_firmware -
samsung ss392a_firmware -
samsung ss369c_firmware -
samsung ss257g_firmware -
samsung ss210a_firmware -
samsung ss359d_firmware -
samsung ss218h_firmware -
samsung st679a_firmware -
samsung ss237b_firmware -
samsung ss216m_firmware -
samsung ss388h_firmware -
samsung ss382a_firmware -
samsung ss256a_firmware -
samsung ss076q_firmware -
hp 4zb91a_firmware -
samsung ss368g_firmware -
samsung ss205q_firmware -
samsung ss396c_firmware -
samsung ss075f_firmware -
samsung 3a9x3a#ab1_firmware -
samsung ss153c_firmware -
samsung ss272e_firmware -
samsung ss043d_firmware -
samsung 3b0c6a#312_firmware -
samsung ss211k_firmware -
samsung ss272j_firmware -
samsung ss397g_firmware -
samsung ss286a_firmware -
samsung ss107e_firmware -
samsung 7gf52a#ab1_firmware -
samsung ss267b_firmware -
hp 4zb80a_firmware -
samsung ss254d_firmware -
samsung ss385a_firmware -
samsung ss104a_firmware -
samsung ss336a_firmware -
samsung ss204b_firmware -
samsung ss205t_firmware -
samsung ss049k_firmware -
samsung st686a_firmware -
samsung ss334b_firmware -
samsung ss327d_firmware -
samsung ss284a_firmware -
samsung ss271a_firmware -
samsung ss359q_firmware -
samsung ss328a_firmware -
samsung ss076j_firmware -
samsung ss352d_firmware -
hp 714z7a_firmware -
samsung ss044b_firmware -
samsung ss282a_firmware -
samsung ss216e_firmware -
samsung ss326a_firmware -
samsung ss033n_firmware -
samsung ss353f_firmware -
samsung ss106f_firmware -
samsung 7fr01a#ab1_firmware -
samsung ss105d_firmware -
samsung ss342a_firmware -
samsung ss107q_firmware -
samsung st688j_firmware -
hp 7ab26a_firmware -
samsung ss213b_firmware -
samsung ss327a_firmware -
samsung ss388d_firmware -
samsung ss049j_firmware -
samsung ss352s_firmware -
samsung ss393b_firmware -
hp 4zb81a_firmware -
samsung st690a_firmware -
samsung ss383x_firmware -
samsung ss395c_firmware -
samsung ss395g_firmware -
samsung ss216g_firmware -
samsung ss368h_firmware -
samsung ss216j_firmware -
samsung ss367a_firmware -
samsung ss058c_firmware -
samsung ss230g_firmware -
samsung ss322b_firmware -
samsung ss044m_firmware -
samsung ss059e_firmware -
samsung st688h_firmware -
samsung ss044g_firmware -
samsung st690d_firmware -
samsung ss335c_firmware -
samsung ss397e_firmware -
samsung ss274a_firmware -
samsung ss389b_firmware -
samsung ss042c_firmware -
samsung ss150h_firmware -
samsung ss326d_firmware -
samsung ss404e_firmware -
samsung ss352g_firmware -
samsung ss390a_firmware -
samsung ss260a_firmware -
samsung ss259a_firmware -
samsung ss348b_firmware -
samsung ss271m_firmware -
samsung ss150b_firmware -
samsung ss404q_firmware -
samsung ss383a_firmware -
samsung ss230k_firmware -
samsung ss043g_firmware -
samsung ss075k_firmware -
samsung ss211e_firmware -
samsung st688a_firmware -
samsung ss388e_firmware -
samsung ss231a_firmware -
hp 5ue15a_firmware -
samsung ss327c_firmware -
samsung ss390e_firmware -
samsung ss230m_firmware -
samsung ss211j_firmware -
samsung ss216a_firmware -
samsung ss395t_firmware -
samsung ss365b_firmware -
samsung st685a_firmware -
samsung ss389p_firmware -
samsung ss275c_firmware -
samsung ss383v_firmware -
samsung ss076e_firmware -
samsung st690b_firmware -
samsung ss271q_firmware -
samsung ss271t_firmware -
samsung ss404h_firmware -
samsung ss397l_firmware -
samsung ss230t_firmware -
hp 5ue14a_firmware -
samsung ss196c_firmware -
samsung ss076x_firmware -
samsung ss379b_firmware -
samsung ss384d_firmware -
samsung ss342f_firmware -
samsung ss205e_firmware -
hp 4zb79a_firmware -
samsung ss272t_firmware -
samsung ss280a_firmware -
samsung ss076z_firmware -
samsung ss027a_firmware -
samsung ss211n_firmware -
samsung st688g_firmware -
samsung ss216c_firmware -
samsung ss043l_firmware -
samsung ss058j_firmware -
samsung ss367c_firmware -
samsung 3a9x7a#ab1_firmware -
samsung 7gf51a#ab1_firmware -
samsung 3a9x2a#301_firmware -
samsung ss369e_firmware -
samsung ss365g_firmware -
samsung ss229d_firmware -
samsung ss204g_firmware -
samsung st679d_firmware -
samsung ss334d_firmware -
hp 715a4a_firmware -
samsung ss106s_firmware -
samsung ss230p_firmware -
samsung ss150l_firmware -
samsung ss058a_firmware -
samsung ss042b_firmware -
samsung st688e_firmware -
hp 4zb82a_firmware -
samsung ss344b_firmware -
samsung sw112b_firmware -
samsung ss216s_firmware -
samsung ss334f_firmware -
samsung ss404n_firmware -
samsung ss365d_firmware -
samsung ss386e_firmware -
hp w7u01a_firmware -
samsung ss106c_firmware -
samsung st694d_firmware -
samsung ss076l_firmware -
samsung ss254e_firmware -
samsung ss381a_firmware -
samsung ss042g_firmware -
samsung ss075c_firmware -
samsung st679f_firmware -
samsung ss049c_firmware -
samsung ss272q_firmware -
samsung ss377a_firmware -
samsung ss404j_firmware -
samsung ss352c_firmware -
samsung ss235a_firmware -
samsung ss043f_firmware -
samsung ss353g_firmware -
samsung ss205b_firmware -
samsung ss199a_firmware -
samsung ss330a_firmware -
samsung ss389d_firmware -
samsung ss210l_firmware -
samsung ss196d_firmware -
samsung ss108f_firmware -
samsung ss257p_firmware -
samsung ss389q_firmware -
samsung ss256m_firmware -
samsung ss219a_firmware -
samsung ss271b_firmware -
samsung ss215a_firmware -
samsung ss230n_firmware -
samsung ss387b_firmware -
samsung ss043b_firmware -
samsung ss342c_firmware -
samsung ss108g_firmware -
samsung ss395l_firmware -
samsung ss389k_firmware -
samsung ss256s_firmware -
samsung ss151a_firmware -
samsung ss027f_firmware -
samsung ss205n_firmware -
samsung ss218a_firmware -
samsung ss041e_firmware -
samsung st695a_firmware -
samsung ss196e_firmware -
samsung ss365m_firmware -
samsung ss153g_firmware -
samsung 7fq95a#ab1_firmware -
samsung st684b_firmware -
samsung ss230d_firmware -
samsung ss343j_firmware -
samsung ss368e_firmware -
samsung ss049n_firmware -
samsung ss352m_firmware -
samsung ss213a_firmware -
samsung ss383h_firmware -
samsung ss230b_firmware -
samsung ss359n_firmware -
samsung ss282b_firmware -
samsung ss274b_firmware -
samsung ss216z_firmware -
samsung ss256n_firmware -
samsung ss216f_firmware -
samsung ss044j_firmware -
samsung ss271g_firmware -
samsung ss383z_firmware -
samsung ss075g_firmware -
samsung ss257j_firmware -
samsung st693c_firmware -
samsung ss325a_firmware -
samsung ss049b_firmware -
samsung ss354a_firmware -
hp 714z8a_firmware -
samsung ss049f_firmware -
samsung ss107k_firmware -
hp 4zb87a_firmware -
samsung ss205m_firmware -
samsung ss334e_firmware -
samsung ss027g_firmware -
samsung ss392b_firmware -
samsung ss398c_firmware -
samsung ss216h_firmware -
samsung 7fr03a#ab1_firmware -
samsung st695c_firmware -
samsung st684a_firmware -
samsung ss205l_firmware -
samsung ss343h_firmware -
hp 714z6a_firmware -
samsung ss027h_firmware -
samsung ss044c_firmware -
samsung ss257z_firmware -
samsung ss356a_firmware -
samsung ss229f_firmware -
samsung ss211c_firmware -
samsung ss256k_firmware -
samsung ss331b_firmware -
samsung ss195a_firmware -
samsung 3b0c7a#301_firmware -
samsung ss366a_firmware -
samsung ss359l_firmware -
samsung ss210d_firmware -
samsung st679h_firmware -
samsung ss350a_firmware -
samsung ss205f_firmware -
hp 4zb84a_firmware -
samsung ss258a_firmware -
samsung ss027k_firmware -
samsung ss389a_firmware -
samsung sw176a_firmware -
samsung ss271d_firmware -
samsung ss256t_firmware -
samsung ss213e_firmware -
samsung ss211a_firmware -
hp 7zb21a_firmware -
samsung ss257m_firmware -
samsung ss352q_firmware -
samsung ss153j_firmware -
samsung ss404l_firmware -
samsung ss216l_firmware -
samsung ss351a_firmware -
samsung ss105f_firmware -
samsung ss075d_firmware -
samsung ss255a_firmware -
samsung ss107a_firmware -
samsung st693b_firmware -
samsung ss391c_firmware -
samsung ss150j_firmware -
samsung ss359c_firmware -
samsung ss383f_firmware -
samsung ss395p_firmware -
samsung ss213c_firmware -
samsung 3b0c3a#ab1_firmware -
samsung 7fr04a#ab1_firmware -
samsung ss352l_firmware -
samsung ss210m_firmware -
samsung ss285a_firmware -
samsung ss211b_firmware -
hp 4zb97a_firmware -
samsung ss352e_firmware -
hp w7u02a_firmware -
hp 6hu08a_firmware -
samsung ss263b_firmware -
samsung st686b_firmware -
hp 7zb25a_firmware -
samsung ss383k_firmware -
samsung ss108d_firmware -
samsung ss205j_firmware -
samsung ss397f_firmware -
samsung ss205z_firmware -
samsung 7gf47a#ab1_firmware -
samsung ss219f_firmware -
samsung ss212a_firmware -
samsung ss033b_firmware -
samsung ss359a_firmware -
samsung ss049a_firmware -
hp 8af49a_firmware -
hp 4zb96a_firmware -
samsung ss334a_firmware -
samsung ss272b_firmware -
samsung 3b0c4a#301_firmware -
samsung ss042a_firmware -
samsung ss268a_firmware -
samsung ss236a_firmware -
samsung ss398e_firmware -
samsung 7fq90a#ab1_firmware -
samsung 7fq86a#ab1_firmware -
samsung ss386f_firmware -
samsung ss232a_firmware -
samsung ss213f_firmware -
samsung ss359b_firmware -
samsung ss343f_firmware -
samsung ss353d_firmware -
samsung ss075j_firmware -
samsung ss380a_firmware -
samsung ss389z_firmware -
samsung ss230s_firmware -
hp 209u7a_firmware -
samsung ss383d_firmware -
samsung ss398b_firmware -
samsung ss368d_firmware -
samsung ss395a_firmware -
samsung ss209a_firmware -
samsung ss256h_firmware -
samsung ss106d_firmware -
samsung ss388k_firmware -
samsung ss368f_firmware -
hp 715a5a_firmware -
samsung 8pa13a#302_firmware -
samsung ss378f_firmware -
samsung ss365a_firmware -
samsung ss205p_firmware -
samsung ss205s_firmware -
samsung ss339c_firmware -
samsung ss106l_firmware -
samsung 3a9x4a#ab1_firmware -
hp 2zn50a_firmware -
samsung ss386c_firmware -
samsung ss257b_firmware -
samsung ss277a_firmware -
samsung ss365f_firmware -
hp 4zb95a_firmware -
samsung ss334c_firmware -
samsung st686f_firmware -
samsung ss284b_firmware -
samsung ss287b_firmware -
samsung ss216d_firmware -
samsung ss359h_firmware -
samsung ss027d_firmware -
samsung ss107d_firmware -
samsung ss058e_firmware -
samsung ss383c_firmware -
samsung 7gf55a#ab1_firmware -
samsung st695b_firmware -
samsung ss397n_firmware -
samsung ss218g_firmware -
samsung ss033j_firmware -
samsung ss395s_firmware -
samsung ss272u_firmware -
samsung ss336b_firmware -
samsung ss276c_firmware -
hp 4zb93a_firmware -
samsung ss257k_firmware -
samsung ss256f_firmware -
samsung ss105c_firmware -
samsung ss397j_firmware -
samsung st686c_firmware -
samsung ss339a_firmware -
samsung ss384a_firmware -
samsung ss343k_firmware -
samsung ss219e_firmware -
samsung ss230e_firmware -
samsung ss257l_firmware -
samsung st679b_firmware -
samsung ss076h_firmware -
samsung ss271c_firmware -
samsung ss404k_firmware -
samsung ss076c_firmware -
hp 7zb20a_firmware -
samsung ss339b_firmware -
samsung ss272s_firmware -
samsung ss154b_firmware -
samsung ss049g_firmware -
samsung ss377n_firmware -
samsung ss027b_firmware -
samsung ss027j_firmware -
samsung ss216t_firmware -
samsung ss151b_firmware -
samsung ss349a_firmware -
samsung ss359p_firmware -
samsung ss218k_firmware -
samsung ss365h_firmware -
hp 7uq76a_firmware -
samsung ss044a_firmware -
samsung ss261a_firmware -
hp 4zb83a_firmware -
samsung ss380c_firmware -
samsung ss230f_firmware -
samsung ss271j_firmware -
samsung ss196g_firmware -
samsung ss388a_firmware -
samsung st679e_firmware -
samsung ss344a_firmware -
samsung ss042e_firmware -
samsung ss041g_firmware -
samsung ss041b_firmware -
samsung ss395h_firmware -
samsung ss257e_firmware -
samsung ss383e_firmware -
samsung ss229c_firmware -
samsung ss396b_firmware -
samsung ss383s_firmware -
samsung sv899d_firmware -
samsung ss397k_firmware -
samsung ss256j_firmware -
samsung ss076g_firmware -
samsung 7gf53a#ab1_firmware -
samsung ss049m_firmware -
samsung ss106n_firmware -
samsung ss108b_firmware -
samsung ss272z_firmware -
samsung ss395m_firmware -
samsung ss230q_firmware -
samsung 7fq92a#ab1_firmware -
samsung ss076p_firmware -
samsung ss281c_firmware -
samsung ss355a_firmware -
samsung ss076w_firmware -
samsung ss033e_firmware -
samsung sv901b_firmware -
samsung ss377g_firmware -
samsung ss107h_firmware -
samsung ss204p_firmware -
samsung ss389v_firmware -
samsung 8pa11a#301_firmware -
samsung ss256q_firmware -
samsung ss229g_firmware -
samsung ss272c_firmware -
hp 715a1a_firmware -
samsung ss365j_firmware -
samsung sv899c_firmware -
samsung ss106b_firmware -
samsung ss377m_firmware -
samsung ss218f_firmware -
CVE-2023-1329

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.

Products Affected

Vendor Product Version
hp color_laserjet_managed_mfp_e67550_l3u69a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm66a_firmware -
hp laserjet_managed_mfp_e73140_5qk02a_firmware -
hp laserjet_managed_mfp_e82540_x3a69a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z19a_firmware -
hp laserjet_managed_mfp_e62665_3gy18a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp22a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs50a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj19a_firmware -
hp laserjet_managed_mfp_e72535_x3a62a_firmware -
hp laserjet_managed_flow_mfp_e62555_j8j74a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z04a_firmware -
hp laserjet_managed_mfp_e82550_x3a71a_firmware -
hp color_laserjet_managed_mfp_e87650_z8z14a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a80a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr97a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z18a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm63a_firmware -
hp color_laserjet_managed_mfp_e78223_17f27aw_firmware -
hp color_laserjet_managed_mfp_e87750_5qk08a_firmware -
hp laserjet_managed_flow_mfp_e73135_6bs59a_firmware -
hp pagewide_color_mfp_779_4pz45a_firmware -
hp laserjet_managed_flow_mfp_m731_6bs57a_firmware -
hp laserjet_managed_mfp_e82550_5rc83a_firmware -
hp color_laserjet_enterprise_mfp_6800zfsw_6qn37a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a80a_firmware -
hp laserjet_managed_mfp_e62555_j8j67a_firmware -
hp laserjet_managed_flow_mfp_e62565_j8j73a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_z8z15a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z20a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a62a_firmware -
hp laserjet_managed_mfp_e77428_5rc91a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs13a_firmware -
hp color_laserjet_managed_mfp_e87650_x3a90a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_j7z14a_firmware -
hp laserjet_managed_flow_mfp_e73130_6bs57a_firmware -
hp laserjet_managed_flow_mfp_e73140_6bs59a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a75a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr96a_firmware -
hp laserjet_managed_mfp_e72525_z8z06a_firmware -
hp color_laserjet_managed_mfp_e87660du_5rc87a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a75a_firmware -
hp pagewide_enterprise_color_flow_mfp_780f_j7z09a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_j7z13a_firmware -
hp laserjet_managed_mfp_e82550_z8z23a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj38a_firmware -
hp color_laserjet_enterprise_mfp_m578_7zu86a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm76a_firmware -
hp color_laserjet_enterprise_mfp_m578_7zu85a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs29a_firmware -
hp laserjet_enterprise_mfp_m634_7ps96a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z07a_firmware -
hp color_laserjet_enterprise_flow_mfp_x57945_6qp98a_firmware -
hp laserjet_managed_flow_mfp_m731_3sj02a_firmware -
hp laserjet_managed_mfp_e72525_x3a62a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe95a_firmware -
hp laserjet_managed_mfp_e73135_5qk02a_firmware -
hp laserjet_managed_e82650_3sj28a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z22a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z22a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_j7z03a_firmware -
hp scanjet_enterprise_flow_n9120_fn2_document_scanner_l2763a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj37a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj19a_firmware -
hp color_laserjet_managed_mfp_e87640du_5fm82a_firmware -
hp laserjet_managed_mfp_e62665_3gy16a_firmware -
hp color_laserjet_enterprise_mfp_6800zfw+_6qn35a_firmware -
hp color_laserjet_managed_mfp_e67650_3gy32a_firmware -
hp color_laserjet_enterprise_mfp_x57945_49k97av_firmware -
hp laserjet_managed_mfp_e82540_5fm78a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z66a_firmware -
hp laserjet_managed_mfp_e73130_3sj00a_firmware -
hp laserjet_managed_mfp_e72530_z8z010a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs30a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z14a_firmware -
hp laserjet_enterprise_mfp_m527_f2a76a_firmware -
hp laserjet_managed_mfp_e73135_6bs57a_firmware -
hp color_laserjet_enterprise_mfp_6800_configurable_4y279a_firmware -
hp laserjet_managed_mfp_e731_6bs57a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_x3a92a_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u69a_firmware -
hp laserjet_managed_mfp_e82560_z8z23a_firmware -
hp laserjet_managed_mfp_e72525_x3a65a_firmware -
hp laserjet_managed_flow_mfp_e62565_j8j79a_firmware -
hp laserjet_managed_mfp_e82560_z8z19a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_5qk03a_firmware -
hp color_laserjet_enterprise_mfp_6800zf_6qn37a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z04a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_5qk20a_firmware -
hp laserjet_managed_mfp_e77422_5rc91a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs44a_firmware -
hp laserjet_enterprise_flow_mfp_m632_j8j70a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a72a_firmware -
hp pagewide_managed_color_mfp_p77950_2gp26a_firmware -
hp color_laserjet_enterprise_flow_mfp_m578_7zu88a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm79a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a72a_firmware -
hp color_laserjet_enterprise_mfp_6800dn_6qn38a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_j7z05a_firmware -
hp color_laserjet_managed_mfp_e87740_5qk20a_firmware -
hp pagewide_managed_color_mfp_p77960_5zp01a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_z8z15a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj22a_firmware -
hp color_laserjet_enterprise_mfp_6800_configurable_6qn35a_firmware -
hp laserjet_managed_e82670_3sj30a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z09a_firmware -
hp laserjet_managed_e82650_5qk09a_firmware -
hp laserjet_enterprise_flow_mfp_m636_7pt00a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u69a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z00a_firmware -
hp laserjet_managed_mfp_e72535_z8z09a_firmware -
hp laserjet_managed_mfp_e82550_x3a72a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr98a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z01a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj37a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a10a_firmware -
hp laserjet_managed_mfp_e826dn_3sj28a_firmware -
hp color_laserjet_enterprise_mfp_5800_configurable_6qn29a_firmware -
hp laserjet_managed_mfp_e73130_6bs57a_firmware -
hp laserjet_managed_mfp_e62555_j8j74a_firmware -
hp color_laserjet_managed_mfp_e785dn_5qk15a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe96a_firmware -
hp laserjet_managed_mfp_e82560du_5fm78a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z20a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z01a_firmware -
hp pagewide_color_mfp_774_4pz43a_firmware -
hp color_laserjet_enterprise_mfp_6800zf_6qn35a_firmware -
hp laserjet_managed_mfp_e82560_z8z18a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z02a_firmware -
hp color_laserjet_managed_mfp_e78323_9rt92a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z00a_firmware -
hp laserjet_managed_mfp_e73135_6bs59a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a81a_firmware -
hp color_laserjet_managed_flow_mfp_m577_b5l50a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm66a_firmware -
hp color_laserjet_enterprise_flow_mfp_m578_7zu87a_firmware -
hp laserjet_managed_mfp_e72430_5cm71a_firmware -
hp laserjet_managed_flow_mfp_e62575_j8j80a_firmware -
hp laserjet_enterprise_mfp_m632_j8j72a_firmware -
hp _laserjet_managed_mfp_e62665_3gy16a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj21a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj19a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr98a_firmware -
hp laserjet_managed_mfp_e82560_x3a68a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj20a_firmware -
hp laserjet_managed_flow_mfp_m731_5qk02a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_x3a86a_firmware -
hp color_laserjet_managed_mfp_e87650_z8z15a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a84a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z00a_firmware -
hp color_laserjet_managed_mfp_e87640du_5fm81a_firmware -
hp pagewide_enterprise_color_flow_mfp_780f_j7z10a_firmware -
hp laserjet_enterprise_flow_mfp_m635_7ps99a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj35a_firmware -
hp laserjet_managed_mfp_e82540_x3a71a_firmware -
hp color_laserjet_managed_mfp_e87760_5qk08a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp23a_firmware -
hp laserjet_managed_flow_mfp_e826z_5qk13a_firmware -
hp laserjet_managed_e82670_3sj29a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a83a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z06a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj20a_firmware -
hp laserjet_managed_mfp_e82540_z8z19a_firmware -
hp color_laserjet_managed_mfp_e87660_z8z16a_firmware -
hp _laserjet_managed_mfp_e62665_3gy18a_firmware -
hp laserjet_enterprise_mfp_m528_1pv64a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj36a_firmware -
hp _laserjet_managed_mfp_e62665_3gy14a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_z8z12a_firmware -
hp color_laserjet_enterprise_mfp_6800zf_6qn36a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z63a_firmware -
hp laserjet_managed_flow_mfp_e62555_j8j80a_firmware -
hp laserjet_managed_mfp_e826dn_3sj29a_firmware -
hp pagewide_enterprise_color_mfp_780_j7z10a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_z5g77a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs43a_firmware -
hp laserjet_managed_mfp_e82550_z8z22a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_x3a90a_firmware -
hp laserjet_enterprise_mfp_m633_j8j78a_firmware -
hp laserjet_managed_mfp_e72535_z8z07a_firmware -
hp color_laserjet_enterprise_mfp_5800dn_6qn29a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z01a_firmware -
hp laserjet_managed_mfp_e72425_5cm70a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z19a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z02a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a72a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a74a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs14a_firmware -
hp laserjet_enterprise_mfp_m527_f2a78a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z66a_firmware -
hp laserjet_managed_flow_mfp_e73130_3sj02a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj22a_firmware -
hp laserjet_managed_mfp_e72430_5cm69a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a10a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_x3a93a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_z8z17a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a71a_firmware -
hp laserjet_managed_mfp_e82550_5fm78a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z20a_firmware -
hp laserjet_managed_flow_mfp_e62575_j8j79a_firmware -
hp laserjet_enterprise_mfp_m635_7ps97a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj35a_firmware -
hp laserjet_managed_mfp_e731_5qj98a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z65a_firmware -
hp laserjet_managed_mfp_e73025_5qj87a_firmware -
hp laserjet_managed_flow_mfp_m731_5qj98a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a84a_firmware -
hp laserjet_managed_mfp_e82550_5rc84a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj20a_firmware -
hp laserjet_managed_flow_mfp_e826z_3sj29a_firmware -
hp laserjet_enterprise_mfp_m527_f2a81a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z05a_firmware -
hp pagewide_managed_color_mfp_e77650_z5g79a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_5qk20a_firmware -
hp color_laserjet_enterprise_mfp_6800zfsw_49k84a_firmware -
hp laserjet_managed_mfp_e826dn_5qk13a_firmware -
hp color_laserjet_enterprise_mfp_6800zfw+_6qn36a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a63a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_5qk20a_firmware -
hp laserjet_managed_mfp_e82540_5rc84a_firmware -
hp laserjet_managed_flow_mfp_e62555_j8j79a_firmware -
hp color_laserjet_enterprise_mfp_6800_configurable_6qn37a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj37a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs43a_firmware -
hp color_laserjet_enterprise_mfp_6800dn_6qn36a_firmware -
hp color_laserjet_enterprise_mfp_5800_configurable_6qn31a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z09a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_x3a87a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z68a_firmware -
hp laserjet_managed_mfp_e82550_x3a79a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm76a_firmware -
hp color_laserjet_managed_mfp_m577_b5l49a_firmware -
hp laserjet_managed_mfp_e73130_3sj02a_firmware -
hp laserjet_managed_flow_mfp_e826z_3sj28a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u67a_firmware -
hp color_laserjet_managed_mfp_e87750_5qk20a_firmware -
hp laserjet_enterprise_flow_mfp_m635_7ps98a_firmware -
hp laserjet_managed_flow_mfp_e62575_j8j66a_firmware -
hp color_laserjet_managed_mfp_e87660_x3a90a_firmware -
hp color_laserjet_enterprise_flow_mfp_x57945_6qp99a_firmware -
hp pagewide_managed_color_mfp_p77950_5zn99a_firmware -
hp laserjet_managed_mfp_e82540_z8z23a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj19a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_z8z16a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj36a_firmware -
hp laserjet_managed_mfp_e77422_5cm75a_firmware -
hp laserjet_enterprise_flow_mfp_m527_f2a80a_firmware -
hp laserjet_managed_mfp_e77422_5cm79a_firmware -
hp laserjet_managed_e82650_3sj08a_firmware -
hp color_laserjet_managed_mfp_e78523_5qj83a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z08a_firmware -
hp color_laserjet_managed_mfp_e87640_z8z16a_firmware -
hp color_laserjet_enterprise_flow_mfp_5800zf_49k96av_firmware -
hp pagewide_enterprise_color_flow_mfp_785_j7z12a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs28a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a63a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj36a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr94a_firmware -
hp laserjet_managed_mfp_e77428_5rc92a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj37a_firmware -
hp pagewide_managed_color_mfp_p77950_2gp22a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_z8z13a_firmware -
hp laserjet_managed_e82650_3sj29a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj22a_firmware -
hp laserjet_managed_mfp_e82550_5fm76a_firmware -
hp laserjet_managed_mfp_e62675_3gy18a_firmware -
hp laserjet_managed_flow_mfp_e73135_3sj01a_firmware -
hp color_laserjet_managed_mfp_e87640du_5fm80a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z68a_firmware -
hp pagewide_color_mfp_779_4pz46a_firmware -
hp laserjet_managed_mfp_e72525_z8z09a_firmware -
hp laserjet_managed_mfp_e72525_x3a66a_firmware -
hp laserjet_managed_mfp_e52545_3gy19a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a65a_firmware -
hp laserjet_managed_mfp_e82550_5cm61a_firmware -
hp color_laserjet_managed_mfp_e87640_x3a93a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a84a_firmware -
hp laserjet_managed_mfp_e52645_1ps55a_firmware -
hp color_laserjet_enterprise_mfp_5800f_58r10a_firmware -
hp color_laserjet_enterprise_mfp_6800zfsw_4y279a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj22a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a78a_firmware -
hp pagewide_managed_color_mfp_p77960_5zp00a_firmware -
hp laserjet_enterprise_flow_mfp_m631_j8j65a_firmware -
hp laserjet_enterprise_flow_mfp_m527z_f2a81a_firmware -
hp laserjet_managed_mfp_e82560du_5fm76a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z04a_firmware -
hp laserjet_managed_mfp_e73030_3sj03a_firmware -
hp color_laserjet_managed_mfp_e87640_x3a86a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm78a_firmware -
hp color_laserjet_managed_mfp_e87660_z8z14a_firmware -
hp color_laserjet_managed_mfp_e77422_5rc91a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a78a_firmware -
hp laserjet_enterprise_mfp_m528_1pv65a_firmware -
hp color_laserjet_managed_mfp_e87640du_5rc88a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z04a_firmware -
hp pagewide_managed_color_mfp_p77940y3z62a_firmware -
hp laserjet_managed_mfp_e72525_z8z07a_firmware -
hp laserjet_managed_e82660_3sj07a_firmware -
hp laserjet_managed_mfp_e82550_5rc85a_firmware -
hp color_laserjet_managed_mfp_e87640du_5rc87a_firmware -
hp color_laserjet_enterprise_mfp_6800zfsw_6qn36a_firmware -
hp laserjet_managed_mfp_e72530_z8z011a_firmware -
hp laserjet_managed_mfp_e72525_z8z08a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe98a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a65a_firmware -
hp laserjet_managed_mfp_e73025_3sj03a_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u67a_firmware -
hp laserjet_managed_mfp_e72530_x3a66a_firmware -
hp laserjet_managed_flow_mfp_e73130_3sj00a_firmware -
hp laserjet_managed_mfp_e62565_j8j67a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a80a_firmware -
hp laserjet_managed_mfp_e73130_5qk02a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z02a_firmware -
hp laserjet_managed_mfp_e72535_x3a60a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z61a_firmware -
hp color_laserjet_managed_mfp_e87650_z8z16a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm63a_firmware -
hp digital_sender_flow_8500_fn2_document_capture_workstation_l2762a_firmware -
hp laserjet_managed_mfp_e826dn_3sj09a_firmware -
hp laserjet_enterprise_flow_mfp_m527_f2a79a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe97a_firmware -
hp laserjet_managed_flow_mfp_e62555_j8j73a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a80a_firmware -
hp laserjet_managed_flow_mfp_e826z_3sj30a_firmware -
hp laserjet_managed_mfp_e73130_3sj01a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe94a_firmware -
hp laserjet_managed_flow_mfp_m731_3sj00a_firmware -
hp color_laserjet_enterprise_mfp_6800zf_6qn38a_firmware -
hp color_laserjet_enterprise_mfp_m776_t3u56a_firmware -
hp laserjet_enterprise_flow_mfp_m636_7pt01a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a11a_firmware -
hp color_laserjet_managed_mfp_e78228_19gsaw_firmware -
hp color_laserjet_enterprise_mfp_5800f_6qn29a_firmware -
hp color_laserjet_managed_mfp_e87640_x3a87a_firmware -
hp laserjet_managed_flow_mfp_e826z_3sj09a_firmware -
hp laserjet_managed_mfp_e826dn_3sj30a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a84a_firmware -
hp laserjet_managed_e82660_3sj30a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj38a_firmware -
hp color_laserjet_enterprise_mfp_6800dn_4y279a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_z8z14a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l46a_firmware -
hp color_laserjet_enterprise_mfp_6800zfsw_6qn35a_firmware -
hp laserjet_managed_mfp_e73135_3sj00a_firmware -
hp laserjet_managed_flow_mfp_m527z_f2a80a_firmware -
hp color_laserjet_enterprise_mfp_6800dn_49k84a_firmware -
hp color_laserjet_managed_mfp_e87640_z8z15a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj21a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u67a_firmware -
hp laserjet_managed_mfp_e82560du_5fm77a_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u67a_firmware -
hp laserjet_enterprise_flow_mfp_m527z_f2a77a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_5qk08a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_j7z08a_firmware -
hp laserjet_managed_flow_mfp_e826z_5qk09a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a77a_firmware -
hp laserjet_managed_mfp_e62565_j8j80a_firmware -
hp color_laserjet_managed_mfp_e77830_z8z01a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_x3a92a_firmware -
hp color_laserjet_managed_mfp_e57540_3gy25a_firmware -
hp pagewide_managed_color_mfp_p77960_5zn99a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs27a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj21a_firmware -
hp laserjet_enterprise_flow_mfp_m632_j8j71a_firmware -
hp laserjet_managed_mfp_e62675_3gy14a_firmware -
hp laserjet_managed_mfp_e82550_5fm77a_firmware -
hp color_laserjet_managed_mfp_e87650_z8z17a_firmware -
hp pagewide_enterprise_color_flow_mfp_586z_g1w39a_firmware -
hp color_laserjet_managed_mfp_e77428_5rc91a_firmware -
hp pagewide_managed_color_mfp_e58650dn_l3u42a_firmware -
hp laserjet_managed_mfp_e82560_x3a82a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_z8z16a_firmware -
hp laserjet_managed_mfp_e72535_x3a59a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l46a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a13a_firmware -
hp laserjet_managed_mfp_e730_3sj04a_firmware -
hp laserjet_enterprise_mfp_m634_7ps95a_firmware -
hp pagewide_enterprise_color_flow_mfp_785_j7z11a_firmware -
hp color_laserjet_enterprise_mfp_5800zf_6qn31a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z65a_firmware -
hp color_laserjet_enterprise_flow_mfp_m682_j8a16a_firmware -
hp color_laserjet_managed_mfp_e78528_5qk15a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_j7z07a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm65a_firmware -
hp color_laserjet_managed_mfp_e87640_z8z14a_firmware -
hp laserjet_managed_mfp_e73135_5qj98a_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u69a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z23a_firmware -
hp _laserjet_managed_mfp_e62665_3gy17a_firmware -
hp color_laserjet_enterprise_mfp_5800_configurable_58r10a_firmware -
hp laserjet_enterprise_mfp_m631_j8j65a_firmware -
hp color_laserjet_managed_mfp_e77422_5rc92a_firmware -
hp laserjet_managed_mfp_e72535_z8z08a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_z8z16a_firmware -
hp laserjet_managed_mfp_e72530_x3a65a_firmware -
hp pagewide_managed_color_mfp_p77950_5zn98a_firmware -
hp pagewide_managed_color_flow_mfp_e58650z_l3u43a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_x3a89a_firmware -
hp laserjet_managed_flow_mfp_e62555_j8j66a_firmware -
hp laserjet_managed_flow_mfp_e62565_j8j66a_firmware -
hp laserjet_managed_mfp_e82540_5fm77a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a60a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a71a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a13a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l47a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_5qk03a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj20a_firmware -
hp laserjet_enterprise_mfp_m634_7ps94a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a80a_firmware -
hp laserjet_managed_e82670_5qk13a_firmware -
hp color_laserjet_enterprise_mfp_6800zfw+_6qn38a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l48a_firmware -
hp laserjet_enterprise_flow_mfp_m633_j8j78a_firmware -
hp color_laserjet_managed_mfp_e87640_x3a90a_firmware -
hp laserjet_managed_mfp_e72430_5cm68a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_x3a90a_firmware -
hp color_laserjet_managed_mfp_e87740_5qk03a_firmware -
hp laserjet_managed_mfp_e82540_5rc85a_firmware -
hp pagewide_managed_color_mfp_p77950_5zp00a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj19a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_j7z08a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj21a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs37a_firmware -
hp laserjet_managed_mfp_e82540_x3a68a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a78a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a78a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_z8z17a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_x3a93a_firmware -
hp color_laserjet_managed_mfp_e87660_x3a89a_firmware -
hp laserjet_managed_mfp_e82540_x3a72a_firmware -
hp laserjet_managed_mfp_e82540_x3a79a_firmware -
hp laserjet_managed_mfp_e82560_x3a74a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs15a_firmware -
hp color_laserjet_enterprise_flow_mfp_m776_t3u55a_firmware -
hp laserjet_managed_mfp_e73025_3sj04a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z64a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_x3a87a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_z8z17a_firmware -
hp laserjet_managed_flow_mfp_e62575_j8j67a_firmware -
hp laserjet_managed_mfp_e82560_x3a79a_firmware -
hp laserjet_managed_mfp_e52545_3gy20a_firmware -
hp laserjet_managed_flow_mfp_m527z_f2a79a_firmware -
hp laserjet_managed_mfp_e72535_z8z011a_firmware -
hp laserjet_managed_mfp_e72525_x3a59a_firmware -
hp laserjet_managed_mfp_e82540_x3a75a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a77a_firmware -
hp laserjet_managed_flow_mfp_e62565_j8j67a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj38a_firmware -
hp color_laserjet_enterprise_mfp_x57945_6qp98a_firmware -
hp color_laserjet_enterprise_mfp_6800zfw+_6qn37a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs00a_firmware -
hp laserjet_managed_mfp_e72525_x3a63a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj37a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_z5g79a_firmware -
hp color_laserjet_managed_mfp_e67660_3gy32a_firmware -
hp laserjet_managed_mfp_e73140_5qj98a_firmware -
hp color_laserjet_enterprise_mfp_5800zf_58r10a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_x3a92a_firmware -
hp color_laserjet_enterprise_flow_mfp_x57945_49k97av_firmware -
hp pagewide_managed_color_mfp_p77950_2gp23a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs01a_firmware -
hp laserjet_managed_mfp_e82550_x3a82a_firmware -
hp laserjet_managed_mfp_e72430_5rc90a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z07a_firmware -
hp color_laserjet_enterprise_mfp_5800dn_6qn31a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp22a_firmware -
hp laserjet_managed_mfp_e73140_3sj02a_firmware -
hp color_laserjet_enterprise_mfp_6800zf_4y279a_firmware -
hp color_laserjet_enterprise_flow_mfp_m681_j8a12a_firmware -
hp laserjet_managed_mfp_e82550_x3a74a_firmware -
hp color_laserjet_enterprise_mfp_5800f_49k96av_firmware -
hp color_laserjet_enterprise_mfp_5800_configurable_6qn30a_firmware -
hp color_laserjet_enterprise_mfp_x57945_6qp99a_firmware -
hp pagewide_managed_color_mfp_p77940_5zp01a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_x3a86a_firmware -
hp laserjet_managed_mfp_e82550_x3a69a_firmware -
hp color_laserjet_enterprise_mfp_6800zfsw_6qn38a_firmware -
hp laserjet_managed_mfp_e731_6bs59a_firmware -
hp laserjet_managed_mfp_e82550_z8z19a_firmware -
hp laserjet_managed_mfp_e62565_j8j66a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a60a_firmware -
hp color_laserjet_managed_mfp_e87660du_5rc86a_firmware -
hp color_laserjet_enterprise_mfp_6800dn_6qn35a_firmware -
hp laserjet_managed_mfp_e77428_5cm76a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a79a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_j7z07a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj35a_firmware -
hp color_laserjet_managed_mfp_e87660du_5rc88a_firmware -
hp laserjet_enterprise_flow_mfp_m634_7ps95a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a78a_firmware -
hp laserjet_managed_mfp_e72525_z8z010a_firmware -
hp laserjet_managed_mfp_e82540_z8z20a_firmware -
hp pagewide_managed_color_mfp_p77940_5zp00a_firmware -
hp laserjet_managed_mfp_e82560_x3a71a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z011a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z01a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_5qk03a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj38a_firmware -
hp laserjet_managed_flow_mfp_e73135_5qk02a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj38a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_5qk03a_firmware -
hp color_laserjet_managed_mfp_e87660_z8z17a_firmware -
hp laserjet_managed_flow_mfp_e62575_j8j73a_firmware -
hp laserjet_managed_mfp_e72425_5cm72a_firmware -
hp laserjet_managed_mfp_e82550_x3a68a_firmware -
hp pagewide_color_mfp_774_4pa44a_firmware -
hp laserjet_managed_flow_mfp_e62565_j8j80a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr95a_firmware -
hp laserjet_managed_mfp_e72425_5cm71a_firmware -
hp laserjet_managed_mfp_e730_3sj03a_firmware -
hp laserjet_managed_mfp_e82550_x3a75a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm78a_firmware -
hp laserjet_managed_flow_mfp_e73140_5qk02a_firmware -
hp laserjet_managed_mfp_e82540_5cm58a_firmware -
hp laserjet_managed_mfp_e82540_x3a74a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z03a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_z8z14a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_z8z13a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_z5g77a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z07a_firmware -
hp color_laserjet_enterprise_mfp_5800zf_6qn29a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs25a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp26a_firmware -
hp color_laserjet_enterprise_mfp_m578_7zu87a_firmware -
hp laserjet_managed_mfp_e72530_z8z09a_firmware -
hp pagewide_enterprise_color_mfp_586_g1w39a_firmware -
hp laserjet_managed_mfp_e72530_x3a59a_firmware -
hp laserjet_managed_mfp_e72535_x3a65a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs25a_firmware -
hp pagewide_managed_color_mfp_p77960y3z62a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs36a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs50a_firmware -
hp color_laserjet_managed_mfp_e87760_5qk03a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a68a_firmware -
hp color_laserjet_managed_mfp_e67660_3gy31a_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u66a_firmware -
hp color_laserjet_enterprise_flow_mfp_m578_7zu86a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a59a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm75a_firmware -
hp laserjet_managed_mfp_e72425_5cm68a_firmware -
hp laserjet_enterprise_mfp_m636_7pt01a_firmware -
hp laserjet_managed_flow_mfp_e73130_6bs59a_firmware -
hp pagewide_managed_color_mfp_p77950y3z62a_firmware -
hp laserjet_managed_mfp_e731_3sj01a_firmware -
hp pagewide_enterprise_color_mfp_780_j7z09a_firmware -
hp color_laserjet_managed_mfp_e87660du_5fm82a_firmware -
hp color_laserjet_managed_mfp_e57540_3gy26a_firmware -
hp color_laserjet_enterprise_mfp_m682_j8a17a_firmware -
hp laserjet_managed_mfp_e73140_6bs58a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a82a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj22a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe98a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a80a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a11a_firmware -
hp color_laserjet_enterprise_flow_mfp_m578_7zu85a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u66a_firmware -
hp laserjet_managed_mfp_e73135_3sj02a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z08a_firmware -
hp color_laserjet_managed_mfp_e77428_5rc92a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a68a_firmware -
hp laserjet_enterprise_flow_mfp_m635_7ps97a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z06a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj36a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj36a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr99a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs15a_firmware -
hp laserjet_managed_mfp_e82540_z8z18a_firmware -
hp laserjet_managed_mfp_e72430_5cm72a_firmware -
hp pagewide_enterprise_color_flow_mfp_586z_g1w40a_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u70a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a77a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z01a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm77a_firmware -
hp laserjet_enterprise_mfp_m632_j8j70a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z63a_firmware -
hp laserjet_managed_flow_mfp_e73130_5qj98a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj22a_firmware -
hp pagewide_managed_color_mfp_e58650dn_l3u43a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z66a_firmware -
hp color_laserjet_managed_mfp_e87660_x3a93a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z09a_firmware -
hp laserjet_managed_e82650_3sj07a_firmware -
hp laserjet_managed_mfp_e73030_3sj04a_firmware -
hp laserjet_managed_e82660_3sj08a_firmware -
hp color_laserjet_enterprise_mfp_6800dn_6qn37a_firmware -
hp laserjet_enterprise_mfp_m527_f2a77a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u70a_firmware -
hp color_laserjet_managed_mfp_e78330_9rt92a_firmware -
hp color_laserjet_managed_mfp_e87660_x3a92a_firmware -
hp laserjet_managed_mfp_e62555_j8j66a_firmware -
hp laserjet_managed_mfp_e82540_5cm59a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z011a_firmware -
hp color_laserjet_managed_mfp_e87770_5qk03a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_x3a87a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj19a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a83a_firmware -
hp color_laserjet_managed_mfp_e87770_5qk08a_firmware -
hp color_laserjet_managed_mfp_e78528_5qj81a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs30a_firmware -
hp laserjet_managed_mfp_e77422_5cm78a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm79a_firmware -
hp laserjet_managed_flow_mfp_e73130_5qk02a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a77a_firmware -
hp laserjet_managed_mfp_e826dn_5qk09a_firmware -
hp laserjet_managed_flow_mfp_m731_6bs58a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj20a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a69a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj20a_firmware -
hp color_laserjet_managed_mfp_e87650_x3a86a_firmware -
hp color_laserjet_managed_mfp_e87660_x3a87a_firmware -
hp laserjet_managed_mfp_e73130_6bs59a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a62a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z08a_firmware -
hp laserjet_managed_e82670_3sj07a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj36a_firmware -
hp laserjet_managed_flow_mfp_e73140_5qj98a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z04a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a77a_firmware -
hp laserjet_enterprise_mfp_m631_j8j64a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z010a_firmware -
hp laserjet_managed_flow_mfp_e73140_3sj02a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z00a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs12a_firmware -
hp color_laserjet_managed_mfp_e87640du_5rc86a_firmware -
hp laserjet_managed_mfp_e72530_z8z06a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a79a_firmware -
hp laserjet_enterprise_flow_mfp_m633_j8j76a_firmware -
hp laserjet_managed_mfp_e73030_5qj87a_firmware -
hp laserjet_managed_mfp_e731_3sj02a_firmware -
hp color_laserjet_managed_mfp_e78323_8pe97a_firmware -
hp laserjet_enterprise_flow_mfp_m632_j8j72a_firmware -
hp color_laserjet_managed_mfp_e77822_z8z02a_firmware -
hp pagewide_enterprise_color_mfp_586_g1w40a_firmware -
hp laserjet_managed_flow_mfp_e73140_3sj01a_firmware -
hp color_laserjet_managed_mfp_e87640_x3a89a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a79a_firmware -
hp laserjet_managed_e82660_5qk13a_firmware -
hp laserjet_managed_mfp_e82540_5cm61a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z61a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_z8z12a_firmware -
hp color_laserjet_managed_mfp_e87650_x3a92a_firmware -
hp laserjet_enterprise_mfp_m633_j8j76a_firmware -
hp color_laserjet_managed_mfp_e77428_5cm77a_firmware -
hp laserjet_managed_e82660_5qk09a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj20a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a82a_firmware -
hp laserjet_managed_mfp_e82560du_5cm61a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a84a_firmware -
hp laserjet_managed_mfp_e77428_5cm77a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a63a_firmware -
hp laserjet_managed_mfp_e72535_z8z010a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a83a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z08a_firmware -
hp laserjet_enterprise_flow_mfp_m634_7ps94a_firmware -
hp color_laserjet_managed_mfp_e87660_z8z12a_firmware -
hp color_laserjet_managed_mfp_e87640_z8z17a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_z8z00a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a74a_firmware -
hp laserjet_managed_mfp_e77422_5rc92a_firmware -
hp laserjet_managed_mfp_e72530_x3a63a_firmware -
hp color_laserjet_managed_mfp_e78323_9rt91a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z18a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj36a_firmware -
hp laserjet_enterprise_mfp_m528_1pv66a_firmware -
hp color_laserjet_managed_mfp_e67550_l3u66a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_x3a89a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr94a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj35a_firmware -
hp laserjet_managed_flow_mfp_e62555_j8j67a_firmware -
hp laserjet_enterprise_mfp_m528_1pv67a_firmware -
hp color_laserjet_enterprise_mfp_5800dn_58r10a_firmware -
hp color_laserjet_managed_mfp_e78523_5qj81a_firmware -
hp laserjet_managed_flow_mfp_e73135_6bs57a_firmware -
hp laserjet_managed_mfp_e82560du_5cm58a_firmware -
hp laserjet_managed_mfp_e82540_5fm76a_firmware -
hp _laserjet_managed_mfp_e62665_3gy15a_firmware -
hp color_laserjet_managed_mfp_e87660_z8z15a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a69a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z65a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a59a_firmware -
hp color_laserjet_managed_flow_mfp_m577_b5l49a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_j7z13a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm65a_firmware -
hp color_laserjet_enterprise_mfp_5800_configurable_49k96av_firmware -
hp color_laserjet_managed_mfp_e87650_z8z12a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs36a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr96a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs27a_firmware -
hp color_laserjet_managed_mfp_e78523_5qk15a_firmware -
hp laserjet_managed_mfp_e82540_5rc83a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj21a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp23a_firmware -
hp laserjet_managed_mfp_e62555_j8j79a_firmware -
hp laserjet_managed_e82670_3sj28a_firmware -
hp laserjet_managed_mfp_e73140_3sj00a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs29a_firmware -
hp laserjet_managed_flow_mfp_e62575_j8j74a_firmware -
hp laserjet_managed_mfp_e62565_j8j73a_firmware -
hp color_laserjet_managed_mfp_e77825_z8z00a_firmware -
hp laserjet_managed_mfp_e826dn_3sj08a_firmware -
hp color_laserjet_enterprise_mfp_5800zf_6qn30a_firmware -
hp laserjet_managed_flow_mfp_e82540_z8z19a_firmware -
hp laserjet_managed_e82670_3sj08a_firmware -
hp pagewide_managed_color_flow_mfp_e58650z_l3u42a_firmware -
hp laserjet_managed_mfp_e82560du_5cm59a_firmware -
hp laserjet_managed_mfp_e73135_6bs58a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a83a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a66a_firmware -
hp laserjet_managed_mfp_e82560_x3a69a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_z8z13a_firmware -
hp laserjet_managed_flow_mfp_e82550_x3a71a_firmware -
hp laserjet_managed_mfp_e62665_3gy14a_firmware -
hp laserjet_managed_mfp_e82560_x3a72a_firmware -
hp laserjet_managed_flow_mfp_m731_3sj01a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a69a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a83a_firmware -
hp laserjet_managed_flow_mfp_m731_6bs59a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z23a_firmware -
hp color_laserjet_enterprise_flow_mfp_5800zf_6qn31a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_x3a93a_firmware -
hp laserjet_managed_e82650_5qk13a_firmware -
hp color_laserjet_enterprise_mfp_6800_configurable_6qn38a_firmware -
hp color_laserjet_enterprise_mfp_6800zf_49k84a_firmware -
hp laserjet_managed_mfp_e77422_5cm77a_firmware -
hp laserjet_managed_mfp_e62675_3gy15a_firmware -
hp pagewide_managed_color_mfp_p77960_y3z63a_firmware -
hp pagewide_managed_color_mfp_e77650_j7z13a_firmware -
hp laserjet_managed_mfp_e62675_3gy17a_firmware -
hp color_laserjet_managed_flow_mfp_e67550_l3u66a_firmware -
hp color_laserjet_managed_mfp_e78330_8gr95a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs13a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj21a_firmware -
hp laserjet_managed_mfp_e82560du_5rc84a_firmware -
hp color_laserjet_enterprise_mfp_m682_j8a16a_firmware -
hp pagewide_enterprise_color_flow_mfp_586z_g1w41a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj21a_firmware -
hp laserjet_managed_mfp_e72530_x3a62a_firmware -
hp laserjet_managed_mfp_e72535_x3a63a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_z8z12a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_x3a90a_firmware -
hp color_laserjet_enterprise_flow_mfp_5800zf_6qn29a_firmware -
hp laserjet_managed_mfp_e62555_j8j73a_firmware -
hp laserjet_managed_mfp_e82560_z8z22a_firmware -
hp laserjet_managed_mfp_e82560du_5rc83a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a81a_firmware -
hp laserjet_managed_mfp_e77428_5cm79a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp26a_firmware -
hp laserjet_enterprise_mfp_m632_j8j71a_firmware -
hp color_laserjet_managed_mfp_e87760_5qk20a_firmware -
hp laserjet_managed_mfp_e82550_5cm58a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs26a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj38a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z61a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj21a_firmware -
hp laserjet_managed_mfp_e82540_x3a82a_firmware -
hp pagewide_managed_color_mfp_p77950_5zp01a_firmware -
hp color_laserjet_enterprise_flow_mfp_m776_t3u56a_firmware -
hp laserjet_managed_mfp_e73140_6bs59a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a65a_firmware -
hp laserjet_managed_mfp_e82560du_5rc85a_firmware -
hp laserjet_managed_mfp_e72425_5rc90a_firmware -
hp laserjet_managed_flow_mfp_e72525_x3a66a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_j7z03a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj37a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z04a_firmware -
hp laserjet_managed_mfp_e72530_z8z07a_firmware -
hp laserjet_managed_flow_mfp_e73140_3sj00a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z07a_firmware -
hp laserjet_managed_mfp_e731_6bs58a_firmware -
hp laserjet_managed_mfp_e82560_x3a75a_firmware -
hp color_laserjet_managed_mfp_e87650_x3a89a_firmware -
hp color_laserjet_enterprise_mfp_m776_t3u55a_firmware -
hp color_laserjet_enterprise_flow_mfp_m682_j8a17a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l54a_firmware -
hp color_laserjet_managed_mfp_e78528_5qj83a_firmware -
hp color_laserjet_enterprise_flow_mfp_5800zf_58r10a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a77a_firmware -
hp pagewide_managed_color_mfp_e77650_z5g77a_firmware -
hp laserjet_managed_e82660_3sj29a_firmware -
hp color_laserjet_managed_flow_mfp_e77822_z8z02a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs12a_firmware -
hp color_laserjet_enterprise_mfp_6800_configurable_6qn36a_firmware -
hp color_laserjet_enterprise_mfp_6800_configurable_49k84a_firmware -
hp laserjet_managed_mfp_e72425_5cm69a_firmware -
hp laserjet_managed_mfp_e82560_z8z20a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_5qk08a_firmware -
hp laserjet_managed_mfp_e82550_5cm59a_firmware -
hp color_laserjet_managed_mfp_e87640_z8z12a_firmware -
hp laserjet_managed_flow_mfp_e73130_6bs58a_firmware -
hp laserjet_managed_mfp_e73130_6bs58a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe95a_firmware -
hp color_laserjet_managed_mfp_e87660du_5fm81a_firmware -
hp color_laserjet_managed_mfp_e78223_19gsaw_firmware -
hp laserjet_enterprise_flow_mfp_m631_j8j64a_firmware -
hp laserjet_managed_flow_mfp_e72535_z8z010a_firmware -
hp laserjet_managed_flow_mfp_e73140_6bs58a_firmware -
hp laserjet_managed_mfp_e77428_5cm75a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a60a_firmware -
hp color_laserjet_managed_mfp_e87640_z8z13a_firmware -
hp color_laserjet_enterprise_mfp_6800zfw+_4y279a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs14a_firmware -
hp laserjet_managed_e82660_3sj28a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj35a_firmware -
hp color_laserjet_managed_flow_mfp_e87750_3sj35a_firmware -
hp laserjet_managed_mfp_e77422_5cm76a_firmware -
hp laserjet_managed_mfp_e72530_x3a60a_firmware -
hp laserjet_managed_mfp_e826dn_3sj07a_firmware -
hp color_laserjet_managed_flow_mfp_e87650_z8z14a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_x3a81a_firmware -
hp color_laserjet_managed_mfp_e77822_x3a81a_firmware -
hp laserjet_managed_flow_mfp_e72525_z8z06a_firmware -
hp laserjet_managed_flow_mfp_e62565_j8j74a_firmware -
hp laserjet_managed_mfp_e72430_5cm70a_firmware -
hp color_laserjet_enterprise_mfp_5800f_6qn30a_firmware -
hp color_laserjet_enterprise_mfp_5800dn_49k96av_firmware -
hp pagewide_managed_color_mfp_p77950_2gp25a_firmware -
hp laserjet_managed_mfp_e72535_x3a66a_firmware -
hp laserjet_managed_flow_mfp_e73135_3sj02a_firmware -
hp color_laserjet_managed_mfp_e87650_z8z13a_firmware -
hp laserjet_managed_mfp_e731_3sj00a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_5qk08a_firmware -
hp color_laserjet_managed_mfp_e78330_9rt91a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l48a_firmware -
hp laserjet_managed_e82670_5qk09a_firmware -
hp laserjet_enterprise_mfp_m635_7ps98a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z23a_firmware -
hp color_laserjet_managed_mfp_e78223_8gs44a_firmware -
hp laserjet_managed_mfp_e72430_5rc89a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a59a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj38a_firmware -
hp laserjet_managed_mfp_e62565_j8j79a_firmware -
hp laserjet_managed_mfp_e73140_3sj01a_firmware -
hp color_laserjet_managed_mfp_e87660du_5cm64a_firmware -
hp laserjet_managed_mfp_e82550_z8z18a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z68a_firmware -
hp laserjet_enterprise_flow_mfp_m527z_f2a76a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_5qk20a_firmware -
hp laserjet_managed_mfp_e73135_3sj01a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj20a_firmware -
hp laserjet_managed_flow_mfp_e82550_z8z22a_firmware -
hp color_laserjet_enterprise_flow_mfp_5800zf_6qn30a_firmware -
hp laserjet_managed_e82660_3sj09a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj19a_firmware -
hp laserjet_managed_mfp_e77428_5cm78a_firmware -
hp laserjet_managed_flow_mfp_e73135_5qj98a_firmware -
hp laserjet_managed_mfp_e82550_z8z20a_firmware -
hp color_laserjet_managed_flow_mfp_e77825_z8z02a_firmware -
hp pagewide_managed_color_mfp_p77940_5zn99a_firmware -
hp laserjet_managed_mfp_e730_5qj87a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_x3a86a_firmware -
hp laserjet_enterprise_mfp_m631_j8j63a_firmware -
hp laserjet_enterprise_flow_mfp_m631_j8j63a_firmware -
hp laserjet_managed_mfp_e731_5qk02a_firmware -
hp color_laserjet_managed_mfp_e87650_x3a87a_firmware -
hp color_laserjet_enterprise_mfp_5800dn_6qn30a_firmware -
hp laserjet_managed_flow_mfp_e73135_3sj00a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_j7z05a_firmware -
hp color_laserjet_managed_mfp_e77422_5cm75a_firmware -
hp laserjet_managed_mfp_e72530_z8z08a_firmware -
hp color_laserjet_enterprise_mfp_5800f_6qn31a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a74a_firmware -
hp pagewide_managed_color_mfp_p77940_5zn98a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs00a_firmware -
hp laserjet_managed_e82650_3sj09a_firmware -
hp color_laserjet_managed_mfp_e87650_x3a93a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr99a_firmware -
hp color_laserjet_enterprise_mfp_6800zfw+_49k84a_firmware -
hp laserjet_managed_flow_mfp_e73140_6bs57a_firmware -
hp laserjet_managed_flow_mfp_e72535_x3a62a_firmware -
hp laserjet_managed_mfp_e62665_3gy17a_firmware -
hp color_laserjet_managed_flow_mfp_e77830_x3a78a_firmware -
hp pagewide_enterprise_color_mfp_586_g1w41a_firmware -
hp color_laserjet_managed_mfp_e87740_3sj37a_firmware -
hp color_laserjet_managed_mfp_e78323_8gr97a_firmware -
hp laserjet_managed_flow_mfp_e72530_x3a66a_firmware -
hp color_laserjet_managed_flow_mfp_e57540_3gy25a_firmware -
hp laserjet_managed_mfp_e73130_5qj98a_firmware -
hp color_laserjet_managed_mfp_e78228_17f27aw_firmware -
hp color_laserjet_managed_flow_mfp_e77822_x3a81a_firmware -
hp color_laserjet_managed_mfp_e87750_3sj38a_firmware -
hp laserjet_managed_flow_mfp_e826z_3sj08a_firmware -
hp laserjet_managed_mfp_e62675_3gy16a_firmware -
hp pagewide_managed_color_mfp_p77960_5zn98a_firmware -
hp color_laserjet_enterprise_mfp_m578_7zu88a_firmware -
hp color_laserjet_managed_mfp_e87740_5qk08a_firmware -
hp color_laserjet_managed_mfp_e77830_x3a84a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs01a_firmware -
hp pagewide_managed_color_mfp_p77950_y3z64a_firmware -
hp color_laserjet_enterprise_mfp_5800zf_49k96av_firmware -
hp color_laserjet_managed_flow_mfp_e67560_l3u70a_firmware -
hp color_laserjet_enterprise_flow_mfp_m577_b5l47a_firmware -
hp laserjet_managed_flow_mfp_e73135_6bs58a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_5qk08a_firmware -
hp laserjet_enterprise_mfp_m635_7ps99a_firmware -
hp laserjet_managed_flow_mfp_e52545c_3gy19a_firmware -
hp pagewide_managed_color_mfp_p77940_2gp25a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a81a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z010a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe96a_firmware -
hp color_laserjet_managed_mfp_e87760_3sj35a_firmware -
hp color_laserjet_enterprise_mfp_m681_j8a12a_firmware -
hp pagewide_managed_color_flow_mfp_e77660z_j7z14a_firmware -
hp color_laserjet_managed_mfp_e785dn_5qj81a_firmware -
hp color_laserjet_managed_mfp_e785dn_5qj83a_firmware -
hp laserjet_managed_flow_mfp_e82560_x3a68a_firmware -
hp laserjet_managed_mfp_e72525_z8z011a_firmware -
hp laserjet_managed_mfp_e62565_j8j74a_firmware -
hp laserjet_managed_flow_mfp_e82560_z8z18a_firmware -
hp color_laserjet_managed_mfp_e87660_z8z13a_firmware -
hp laserjet_managed_flow_mfp_e826z_3sj07a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj19a_firmware -
hp laserjet_managed_mfp_e72535_z8z06a_firmware -
hp color_laserjet_managed_mfp_e87640_x3a92a_firmware -
hp color_laserjet_managed_flow_mfp_e87770_3sj37a_firmware -
hp color_laserjet_managed_mfp_e78330_8pe94a_firmware -
hp color_laserjet_managed_mfp_e77825_x3a83a_firmware -
hp laserjet_managed_mfp_e82540_z8z22a_firmware -
hp pagewide_managed_color_mfp_p77940_y3z64a_firmware -
hp laserjet_managed_mfp_e62665_3gy15a_firmware -
hp laserjet_enterprise_mfp_m636_7pt00a_firmware -
hp laserjet_managed_mfp_e62555_j8j80a_firmware -
hp laserjet_managed_flow_mfp_e72530_z8z011a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a75a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj35a_firmware -
hp color_laserjet_managed_flow_mfp_e87640_x3a89a_firmware -
hp laserjet_managed_flow_mfp_e73130_3sj01a_firmware -
hp color_laserjet_managed_mfp_e87770_3sj22a_firmware -
hp color_laserjet_enterprise_mfp_m577_b5l54a_firmware -
hp color_laserjet_managed_mfp_e87750_5qk03a_firmware -
hp color_laserjet_managed_mfp_e78323_8gs26a_firmware -
hp color_laserjet_managed_flow_mfp_e87740_3sj36a_firmware -
hp color_laserjet_managed_mfp_m577_b5l50a_firmware -
hp color_laserjet_managed_mfp_e67650_3gy31a_firmware -
hp laserjet_managed_e82650_3sj30a_firmware -
hp laserjet_enterprise_flow_mfp_m527z_f2a78a_firmware -
hp color_laserjet_managed_mfp_e87660_x3a86a_firmware -
hp laserjet_enterprise_flow_mfp_m634_7ps96a_firmware -
hp color_laserjet_managed_mfp_e87640du_5cm64a_firmware -
hp color_laserjet_managed_mfp_e78330_8gs28a_firmware -
hp laserjet_managed_mfp_e52645_1ps54a_firmware -
hp color_laserjet_managed_mfp_e87660du_5fm80a_firmware -
hp laserjet_managed_mfp_e72525_x3a60a_firmware -
hp color_laserjet_managed_flow_mfp_e87760_3sj22a_firmware -
hp laserjet_managed_mfp_e72425_5rc89a_firmware -
hp pagewide_managed_color_flow_mfp_e77650_z5g79a_firmware -
hp laserjet_managed_mfp_e73140_6bs57a_firmware -
hp color_laserjet_managed_mfp_e67560_l3u70a_firmware -
hp color_laserjet_managed_mfp_e78228_8gs37a_firmware -
hp color_laserjet_managed_flow_mfp_e57540_3gy26a_firmware -
hp laserjet_managed_e82670_3sj09a_firmware -
hp laserjet_managed_flow_mfp_e52545c_3gy20a_firmware -
hp pagewide_managed_color_mfp_p77960_2gp25a_firmware -
hp laserjet_managed_flow_mfp_e82540_x3a82a_firmware -
hp color_laserjet_managed_mfp_e87770_5qk20a_firmware -
hp laserjet_enterprise_mfp_m528_1pv49a_firmware -
hp color_laserjet_managed_flow_mfp_e87660_z8z15a_firmware -
CVE-2023-1526

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

Products Affected

Vendor Product Version
hp designjet_z9+_pro_firmware -
hp pagewide_xl_4600 _firmware
hp designjet_z6dr_firmware *
hp pagewide_xl_4500 _firmware
hp designjet_z6_firmware *
hp pagewide_xl_4700 _firmware
hp designjet_z9dr_firmware *
hp pagewide_xl_4100 _firmware
hp designjet_z9_firmware *
hp pagewide_xl_8000 _firmware
CVE-2023-1707

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.

Products Affected

Vendor Product Version
hp futuresmart_5 *
CVE-2023-22779

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22780

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22781

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22782

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22783

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22784

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22785

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22786

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
hp arubaos *
CVE-2023-22787

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-22788

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-22789

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-22790

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N 1.2 4.2

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-26294

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Products Affected

Vendor Product Version
hp hp_device_manager 5.0.7
hp hp_device_manager 5.0.5
hp hp_device_manager 5.0.3
hp hp_device_manager 5.0.9
hp hp_device_manager 5.0.6
hp hp_device_manager 5.0.8
hp hp_device_manager 5.0.4
hp hp_device_manager 5.0.7.1
hp hp_device_manager 5.0
CVE-2023-26295

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Products Affected

Vendor Product Version
hp hp_device_manager 5.0.7
hp hp_device_manager 5.0.5
hp hp_device_manager 5.0.3
hp hp_device_manager 5.0.9
hp hp_device_manager 5.0.6
hp hp_device_manager 5.0.8
hp hp_device_manager 5.0.4
hp hp_device_manager 5.0.7.1
hp hp_device_manager 5.0
CVE-2023-26296

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Products Affected

Vendor Product Version
hp hp_device_manager 5.0.7
hp hp_device_manager 5.0.5
hp hp_device_manager 5.0.3
hp hp_device_manager 5.0.9
hp hp_device_manager 5.0.6
hp hp_device_manager 5.0.8
hp hp_device_manager 5.0.4
hp hp_device_manager 5.0.7.1
hp hp_device_manager 5.0
CVE-2023-26297

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Products Affected

Vendor Product Version
hp hp_device_manager 5.0.7
hp hp_device_manager 5.0.5
hp hp_device_manager 5.0.3
hp hp_device_manager 5.0.9
hp hp_device_manager 5.0.6
hp hp_device_manager 5.0.8
hp hp_device_manager 5.0.4
hp hp_device_manager 5.0.7.1
hp hp_device_manager 5.0
CVE-2023-26298

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Products Affected

Vendor Product Version
hp hp_device_manager 5.0.7
hp hp_device_manager 5.0.5
hp hp_device_manager 5.0.3
hp hp_device_manager 5.0.9
hp hp_device_manager 5.0.6
hp hp_device_manager 5.0.8
hp hp_device_manager 5.0.4
hp hp_device_manager 5.0.7.1
hp hp_device_manager 5.0
CVE-2023-26299

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Products Affected

Vendor Product Version
hp 349_g7_firmware *
hp vr_backpack_g2_firmware *
hp 205_pro_g4_22_all-in-one_firmware -
hp t628_firmware *
hp 470_g10_firmware *
hp 200_g4_22_all-in-one_firmware -
hp 245_g8_firmware *
hp 288_g6_firmware -
hp 247_g8_firmware *
hp pro_small_form_factor_280_g9_desktop_firmware -
hp proone_496_g3_firmware -
hp 280_g3_firmware -
hp 290_g3_firmware -
hp 280_g5_firmware -
hp pro_small_form_factor_290_g9_desktop_firmware -
hp 245_g6_firmware *
hp pro_tower_290_g9_desktop_firmware -
hp z_vr_backpack_g1_workstation_firmware -
hp zhan_99_pro_g1_microtower_firmware -
hp 200_pro_g4_22_all-in-one_firmware -
hp 282_pro_g4_microtower_firmware -
hp 280_pro_g3_firmware -
hp proone_490_g3_firmware -
hp 250_g10_firmware *
hp 290_g3_small_form_factor_firmware -
hp zhan_86_pro_g2_microtower_firmware -
hp zhan_99_g4_firmware *
hp proone_240_g10_firmware -
hp 280_g6_firmware -
hp 255_g10_firmware *
hp desktop_pro_g1_microtower_firmware -
hp 240_g10_firmware *
hp 280_g4_microtower_firmware -
hp 280_pro_g5_small_form_factor_firmware -
hp 290_g2_firmware -
hp 200_g3_firmware -
hp 280_pro_g4_microtower_firmware -
hp 282_g6_firmware -
hp 260_g4_desktop_mini_firmware *
hp proone_440_g3_firmware -
hp proone_240_g9_firmware -
hp zhan_99_g2_firmware *
hp t430_firmware *
hp pro_tower_280_g9_desktop_firmware -
hp 245_g7_firmware *
hp 280_g4_firmware -
hp 290_g4_firmware -
hp 280_g5_small_form_factor_firmware -
hp pro_tower_zhan_99_g9_desktop_firmware -
hp 288_g5_firmware -
hp 282_g5_firmware -
hp pro_small_form_factor_zhan_66_g9_desktop_firmware -
hp 290_g1_firmware -
hp 280_g8_microtower_firmware -
hp pro_tower_200_g9_desktop_firmware -
hp 205_g4_22_all-in-one_firmware -
hp 290_g2_microtower_firmware -
hp 470_g9_firmware *
hp 288_pro_g4_microtower_firmware -
CVE-2023-26300

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hp 200_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware *
hp 258_g6_firmware *
hp 205_g8_24_all-in-one_pc_(rom_family_ssid_8924)_firmware *
hp proone_240_g10_(rom_family_ssid_8b4c)_firmware *
hp 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware *
hp 245_g10_firmware *
hp 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware *
hp 285_pro_g8_microtower_(rom_family_ssid_870e)_firmware *
hp 470_g10_firmware *
hp zhan_99_g4_mobile_workstation_firmware *
hp 245_g8_firmware *
hp pro_tower_290_g9_desktop_(rom_family_ssid_89b3)_firmware *
hp 255_g8_(rom_family_ssid_8905)_firmware *
hp 246_g7_firmware *
hp 247_g8_firmware *
hp pro_tower_290_g9_desktop_(rom_family_ssid_8bc3)_firmware *
hp 250_g7_firmware *
hp stream_11_pro_g4_firmware *
hp 285_g6_microtower_(rom_family_ssid_871e)_firmware *
hp 340_g7_firmware *
hp 295_g8_microtower_(rom_family_ssid_870e)_firmware *
hp 256_g6_firmware *
hp 205_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware *
hp 255_g8_firmware *
hp 205_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware *
hp 205_pro_g8_24_all-in-one_pc_(rom_family_ssid_8924)_firmware *
hp t638_thin_client_firmware *
hp pro_tower_200_g9_desktop_(rom_family_ssid_8bc3)_firmware *
hp 240_g9_firmware *
hp 205_g8_24_all-in-one_pc_(rom_family_ssid_8923)_firmware *
hp 205_pro_g8_24_all-in-one_pc_(rom_family_ssid_8923)_firmware *
hp 250_g9_firmware *
hp 250_g10_firmware *
hp 255_g6_firmware *
hp 348_g7_firmware *
hp vr_backpack_g2_(rom_family_ssid_8590)_firmware *
hp 285_g8_microtower_(rom_family_ssid_870e)_firmware *
hp zhan_99_g3_mobile_workstation_firmware *
hp 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware *
hp 258_g7_firmware *
hp pro_tower_290_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp pro_tower_zhan_99_g9_desktop_(rom_family_ssid_89b3)_firmware *
hp 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware *
hp 205_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware *
hp 470_g7_firmware *
hp stream_11_pro_g5_firmware *
hp 200_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware *
hp zhan_66_pro_a_g4_all-in-one_pc_(rom_family_ssid_8924)_firmware *
hp 255_g10_firmware *
hp 240_g6_firmware *
hp 240_g10_firmware *
hp desktop_pro_a_g3_microtower_firmware *
hp pro_tower_280_g9_desktop_(rom_family_ssid_89b3)_firmware *
hp desktop_pro_a_300_g3_firmware *
hp pro_tower_200_g9_desktop_(rom_family_ssid_89b3)_firmware *
hp zhan_66_pro_a_g1_r_microtower_firmware *
hp zbook_15_g5_mobile_workstation_firmware *
hp pro_tower_200_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp 255_g9_firmware *
hp pro_tower_zhan_99_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp pro_sff_290_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp 245_firmware *
hp zhan_66_pro_a_g10_(rom_family_ssid_8b4e)_firmware *
hp 245_g7_firmware *
hp 200_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware *
hp 285_pro_g6_microtower_(rom_family_ssid_871e)_firmware *
hp zhan_99_pro_a_g2_microtower_(rom_family_ssid_871e)_firmware *
hp 245_g9_firmware *
hp pro_sff_280_g9_desktop_(rom_family_ssid_8bc3)_firmware *
hp 240_g7_firmware *
hp 255_g8_(rom_family_ssid_890e)_firmware *
hp pro_sff_280_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp pro_sff_zhan_66_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware *
hp proone_240_g10_(rom_family_ssid_8b4d)_firmware *
hp zhan_66_pro_a_g4_all-in-one_pc_(rom_family_ssid_8923)_firmware *
hp 256_g7_firmware *
hp pro_sff_290_g9_desktop_(rom_family_ssid_8bc3)_firmware *
hp pro_tower_280_g9_desktop_(rom_family_ssid_89b4)_firmware *
hp 255_g7_firmware *
hp pro_sff_zhan_66_g9_desktop_(rom_family_ssid_8bc3)_firmware *
hp 255_g8_(rom_family_ssid_87d1)_firmware *
hp 250_g6_firmware *
hp 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware *
hp pro_tower_zhan_99_g9_desktop_(rom_family_ssid_8b3c)_firmware *
hp 246_g6_firmware *
hp desktop_pro_a_g3_firmware *
hp proone_240_g9_(rom_family_ssid_89eb)_firmware *
hp 470_g9_firmware *
CVE-2023-26301

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

Products Affected

Vendor Product Version
hp color_laserjet_pro_mfp_4301-4303_4ra84f_firmware *
hp color_laserjet_pro_mfp_4301-4303_5hh66a_firmware *
hp color_laserjet_pro_4201-4203_4ra89a_firmware *
hp color_laserjet_pro_mfp_4301-4303_4ra82f_firmware *
hp color_laserjet_pro_mfp_4301-4303_5hh65a_firmware *
hp color_laserjet_pro_mfp_4301-4303_5hh67a_firmware *
hp color_laserjet_pro_4201-4203_4ra88f_firmware *
hp color_laserjet_pro_4201-4203_5hh48a_firmware *
hp color_laserjet_pro_mfp_4301-4303_5hh72a_firmware *
hp color_laserjet_pro_4201-4203_5hh59a_firmware *
hp color_laserjet_pro_mfp_4301-4303_4ra81f_firmware *
hp color_laserjet_pro_4201-4203_4ra87f_firmware *
hp color_laserjet_pro_4201-4203_5hh51a_firmware *
hp color_laserjet_pro_mfp_4301-4303_4ra83f_firmware *
hp color_laserjet_pro_mfp_4301-4303_5hh64f_firmware *
hp color_laserjet_pro_mfp_4301-4303_5hh73a_firmware *
hp color_laserjet_pro_4201-4203_5hh52a_firmware *
hp color_laserjet_pro_mfp_4301-4303_4ra80f_firmware *
hp color_laserjet_pro_4201-4203_5hh53a_firmware *
CVE-2023-27971

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-27972

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-27973

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-28083

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security-alert@hpe.com 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L 1.7 6.0

Products Affected

Vendor Product Version
hp integrated_lights-out_6 *
hp integrated_lights-out_4 *
hp integrated_lights-out_5 *
CVE-2023-28084

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

Products Affected

Vendor Product Version
hp oneview *
hpe oneview_global_dashboard *
CVE-2023-28086

An HPE OneView appliance dump may expose proxy credential settings

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-28087

An HPE OneView appliance dump may expose OneView user accounts

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-28088

An HPE OneView appliance dump may expose SAN switch administrative credentials

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-28090

An HPE OneView appliance dump may expose SNMPv3 read credentials

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-28091

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-28092

A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L 0.3 5.3

Products Affected

Vendor Product Version
hp proliant_rl300_firmware 1.12
hp integrated_lights-out_firmware 1.05
CVE-2023-30903

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

Products Affected

Vendor Product Version
hp hp-ux *
CVE-2023-30908

A remote authentication bypass issue exists in a OneView API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-30909

A remote authentication bypass issue exists in some OneView APIs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-32673

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

Products Affected

Vendor Product Version
hp image_assistant *
hp pc_hardware_diagnostics *
hp thunderbolt_dock_g2_firmware -
CVE-2023-32674

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Products Affected

Vendor Product Version
hp pc_hardware_diagnostics *
CVE-2023-35175

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-35176

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-35178

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.

Products Affected

Vendor Product Version
hp laserjet_pro_mfp_m478-m479_w1a78a_firmware *
hp laserjet_pro_m453-m454_w1y46a_firmware *
hp laserjet_pro_m404-m405_w1a56a_firmware *
hp laserjet_pro_m404-m405_w1a51a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a77a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a31a_firmware *
hp laserjet_pro_m453-m454_w1y44a_firmware *
hp laserjet_pro_m404-m405_w1a59a_firmware *
hp laserjet_pro_m304-m305_w1a47a_firmware *
hp laserjet_pro_m404-m405_93m22a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a33a_firmware *
hp laserjet_pro_m453-m454_w1y40a_firmware *
hp laserjet_pro_m304-m305_w1a48a_firmware *
hp laserjet_pro_m404-m405_w1a53a_firmware *
hp laserjet_pro_m404-m405_w1a63a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a79a_firmware *
hp laserjet_pro_m404-m405_w1a52a_firmware *
hp laserjet_pro_m453-m454_w1y43a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a81a_firmware *
hp laserjet_pro_m304-m305_w1a66a_firmware *
hp laserjet_pro_m404-m405_w1a58a_firmware *
hp laserjet_pro_m453-m454_w1y41a_firmware *
hp laserjet_pro_m404-m405_w1a60a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a32a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a82a_firmware *
hp laserjet_pro_mfp_m428-m429_w1a28a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a38a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a75a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a30a_firmware *
hp laserjet_pro_m304-m305_w1a46a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a34a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a35a_firmware *
hp laserjet_pro_m453-m454_w1y47a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a80a_firmware *
hp laserjet_pro_m453-m454_w1y45a_firmware *
hp laserjet_pro_mfp_m478-m479_w1a76a_firmware *
hp laserjet_pro_m404-m405_w1a57a_firmware *
hp laserjet_pro_mfp_m428-m429_f_w1a29a_firmware *
CVE-2023-35980

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-35981

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-35982

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2023-38401

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hp aruba_virtual_intranet_access *
CVE-2023-38402

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
hp aruba_virtual_intranet_access *
CVE-2023-4063

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

Products Affected

Vendor Product Version
hp 3uk84a_firmware *
hp 3ul05b_firmware *
hp 3ul00d_firmware *
hp 1kr46a_firmware *
hp 1mr75a_firmware *
hp 1kr54a_firmware *
hp 1kr48a_firmware *
hp 1mr66a_firmware *
hp 3uk83b_firmware *
hp 3uk90d_firmware *
hp 1mr74a_firmware *
hp 1kr42a_firmware *
hp 1mr72a_firmware *
hp 3uk99d_firmware *
hp 3uk97d_firmware *
hp 1mr73a_firmware *
hp 1mr78b_firmware *
hp 1kr55a_firmware *
hp 1mr78a_firmware *
hp 1mr70a_firmware *
hp 1kr49a_firmware *
hp 1mr69c_firmware *
hp 1mr71a_firmware *
hp 1kr45a_firmware *
hp 1mr69a_firmware *
hp 1mr67a_firmware *
hp 1mr68a_firmware *
hp 1mr79a_firmware *
hp 1kr55d_firmware *
hp 1mr80d_firmware *
hp 3uk86b_firmware *
hp 1kr55b_firmware *
hp 3uk93d_firmware *
hp 3uk91b_firmware *
hp 1mr76a_firmware *
hp 1mr73d_firmware *
hp 3uk85d_firmware *
hp 3uk96d_firmware *
hp y8m28d_firmware *
hp 3uk83a_firmware *
hp 3uk98d_firmware *
hp 1mr77a_firmware *
CVE-2023-4499

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
hp thinupdate *
CVE-2023-45614

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45615

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45616

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45617

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
security-alert@hpe.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45618

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45619

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
security-alert@hpe.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45620

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45621

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45622

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45623

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45624

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45625

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45626

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 1.2 4.2
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-45627

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security-alert@hpe.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.5.0.0
CVE-2023-4694

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp officejet_pro_8730_d9l19a_firmware *
hp officejet_pro_8730_k7s36a_firmware *
hp officejet_pro_8730_m9l75a_firmware *
hp officejet_pro_8730_j7a29a_firmware *
hp officejet_pro_8730_m9l74a_firmware *
hp officejet_pro_8730_k7s34a_firmware *
hp officejet_pro_8730_t0g54a_firmware *
hp officejet_pro_8730_k7s35a_firmware *
hp officejet_pro_8730_m9l76a_firmware *
hp officejet_pro_8730_m9l80a_firmware *
hp officejet_pro_8730_j7a31a_firmware *
hp officejet_pro_8730_j7a28a_firmware *
CVE-2023-50271

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
hp system_management_homepage *
CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-alert@hpe.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp oneview *
CVE-2023-5113

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
hp futuresmart_5 *
CVE-2023-5365

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp life *
CVE-2023-5409

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
hp t430_thin_client_firmware -
hp t638_thin_client_firmware -
CVE-2023-5449

A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
hp elitedisplay_e243i_24-inch_firmware -
hp p22va_g4_fhd_firmware -
hp e24mv_g4_fhd_firmware *
hp z24nf_g2_23.8-inch_firmware -
hp e24i_g4_wuxga_firmware *
hp z24i_g2_24-inch_firmware -
hp elitedisplay_e230t_23-inch_touch_firmware -
hp p22_g4_22_fhd_firmware -
hp e23_g4_fhd_firmware *
hp m24m_firmware *
hp m27m_firmware *
hp z23n_g2_23-inch_firmware -
hp z24f_g3_fhd_firmware *
hp e24q_g4_qhd_firmware *
hp z22n_g2_21.5-inch_firmware -
hp elitedisplay_e273_27-inch_firmware -
hp elitedisplay_e273m_27-inch_firmware -
hp z24n_g3_wuxga_firmware *
hp e22_g4_fhd_firmware *
hp m27ha_fhd_firmware -
hp elitedisplay_e243p_23.8-inch_sure_view_firmware -
hp p24v_g4_firmware -
hp e27_g4_fhd_firmware *
hp elitedisplay_e202_20-inch_firmware -
hp p27v_g4_firmware -
hp p22h_g4_fhd_firmware -
hp e24t_g4_fhd_touch_firmware *
hp p27h_g4_fhd_firmware -
hp e27q_g4_qhd_firmware *
CVE-2023-5671

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hp print_and_scan_doctor 5.7.2.014
CVE-2023-5739

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hp image_assistant *
hp pc_hardware_diagnostics *
hp thunderbolt_dock_g2_firmware -
CVE-2023-6138

A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.

Products Affected

Vendor Product Version
hp z440_workstation_firmware *
hp z840_workstation_firmware *
hp z640_workstation_firmware *
CVE-2023-6573

HPE OneView may have a missing passphrase during restore.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
security-alert@hpe.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hp oneview *
CVE-2024-0407

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store.

Products Affected

Vendor Product Version
hp futuresmart_4 -
hp futuresmart_5 *
hp futuresmart_4 *
hp futuresmart_3 *
CVE-2024-1869

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.

Products Affected

Vendor Product Version
hp cq893c_firmware *
hp cq891c_firmware *
CVE-2024-2209

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.

Products Affected

Vendor Product Version
hp 4ws04a_firmware *
hp 7fr61a_firmware *
hp 5ar85a_firmware *
hp 3xv19a_firmware *
hp 297w8a_firmware *
hp 7fr57a_firmware *
hp 7fr20a_firmware *
hp 7fr53a_firmware *
hp 26k72a_firmware *
hp 7fr21a_firmware *
hp 26k70a_firmware *
hp 26k68b_firmware *
hp 26k69a_firmware *
hp 3xv17a_firmware *
hp 26k68a_firmware *
hp 5ar84a_firmware *
hp 5ar83a_firmware *
hp 297x1a_firmware *
hp 8rk11a_firmware *
hp 26k71a_firmware *
hp 7fr58a_firmware *
hp 26k67b_firmware *
hp 2a9q5a_firmware *
hp 26k70b_firmware *
hp 26k72b_firmware *
hp 7fr52a_firmware *
hp 297x0a_firmware *
hp 26k67a_firmware *
CVE-2024-22442

The vulnerability could be remotely exploited to bypass authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp 3par_service_processor_firmware *
CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.

Products Affected

Vendor Product Version
hp poly_plantronics_hub *
CVE-2024-28893

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).

Products Affected

Vendor Product Version
hp softpaqs -
CVE-2024-31466

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31467

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31468

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31469

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31470

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31471

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31472

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31473

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31475

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31476

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31477

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31478

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31479

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31480

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31481

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31482

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-31483

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
CVE-2024-3281

A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.

Products Affected

Vendor Product Version
hp poly_ccx_700 *
hp poly_ccx_600 *
hp poly_ccx_350 *
hp poly_ccx_400 *
hp poly_ccx_500 *
hp poly_ccx_505 *
CVE-2024-41910

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2024-41911

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2024-41912

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2024-41913

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2024-42398

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@hpe.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hp instantos *
arubanetworks arubaos *
arubanetworks arubaos 10.6.0.0
CVE-2024-42508

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

Products Affected

Vendor Product Version
hp oneview *
CVE-2024-6147

Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.

Products Affected

Vendor Product Version
hp poly_plantronics_hub 3.24.2
CVE-2024-9419

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hp-security-alert@hp.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

Products Affected

Vendor Product Version
hp smart_universal_printing_driver *
CVE-2024-9579

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hp-security-alert@hp.com 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
hp poly_tc8_firmware *
hp poly_studio_g7500_firmware *
hp poly_studio_x30_firmware *
hp poly_studio_x52_firmware *
hp poly_studio_g62_firmware *
hp poly_tc10_firmware *
hp poly_studio_x70_firmware *
hp poly_studio_x50_firmware *
CVE-2025-10578

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2025-11531

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0.

Products Affected

Vendor Product Version
hp omen_gaming_hub *
hp system_event_utility *
CVE-2025-11761

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.

Products Affected

Vendor Product Version
hp client_management_script_library *
CVE-2025-12784

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Products Affected

Vendor Product Version
hp w1a46a_firmware *
hp w1a79a_firmware *
hp w1y40a_firmware *
hp w1a80a_firmware *
hp w1a35a_firmware *
hp 7kw51a_firmware *
hp 93m22a_firmware *
hp w1a32a_firmware *
hp w1y45a_firmware *
hp w1y43a_firmware *
hp w1a38a_firmware *
hp 7kw56a_firmware *
hp 7kw55a_firmware *
hp 7kw50a_firmware *
hp 7kw75a_firmware *
hp w1a76a_firmware *
hp w1a30a_firmware *
hp w1a60a_firmware *
hp w1a52a_firmware *
hp w1a28a_firmware *
hp 7kw67a_firmware *
hp w1a77a_firmware *
hp w1a75a_firmware *
hp w1y46a_firmware *
hp 7kw73a_firmware *
hp 7kw63a_firmware *
hp 7kw49a_firmware *
hp 7kw59a_firmware *
hp 7kw76a_firmware *
hp w1y44a_firmware *
hp 7kw58a_firmware *
hp w1a31a_firmware *
hp 7kw74a_firmware *
hp 7kw72a_firmware *
hp 7kw77a_firmware *
hp w1a29a_firmware *
hp w1a81a_firmware *
hp w1y41a_firmware *
hp 7kw78a_firmware *
hp w1a63a_firmware *
hp 7kw54a_firmware *
hp w1a58a_firmware *
hp w1a48a_firmware *
hp w1a57a_firmware *
hp w1a33a_firmware *
hp w1a53a_firmware *
hp 7kw65a_firmware *
hp 7kw66a_firmware *
hp 7kw48a_firmware *
hp 7kw68a_firmware *
hp w1a78a_firmware *
hp w1a34a_firmware *
hp w1a56a_firmware *
hp w1a66a_firmware *
hp w1a51a_firmware *
hp 7kw79a_firmware *
hp w1a82a_firmware *
hp w1a47a_firmware *
hp 7kw64a_firmware *
hp w1y47a_firmware *
hp 7kw57a_firmware *
hp w1a59a_firmware *
CVE-2025-12785

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Products Affected

Vendor Product Version
hp w1a46a_firmware *
hp w1a79a_firmware *
hp w1y40a_firmware *
hp w1a80a_firmware *
hp w1a35a_firmware *
hp 7kw51a_firmware *
hp 93m22a_firmware *
hp w1a32a_firmware *
hp w1y45a_firmware *
hp w1y43a_firmware *
hp w1a38a_firmware *
hp 7kw56a_firmware *
hp 7kw55a_firmware *
hp 7kw50a_firmware *
hp 7kw75a_firmware *
hp w1a76a_firmware *
hp w1a30a_firmware *
hp w1a60a_firmware *
hp w1a52a_firmware *
hp w1a28a_firmware *
hp 7kw67a_firmware *
hp w1a77a_firmware *
hp w1a75a_firmware *
hp w1y46a_firmware *
hp 7kw73a_firmware *
hp 7kw63a_firmware *
hp 7kw49a_firmware *
hp 7kw59a_firmware *
hp 7kw76a_firmware *
hp w1y44a_firmware *
hp 7kw58a_firmware *
hp w1a31a_firmware *
hp 7kw74a_firmware *
hp 7kw72a_firmware *
hp 7kw77a_firmware *
hp w1a29a_firmware *
hp w1a81a_firmware *
hp w1y41a_firmware *
hp 7kw78a_firmware *
hp w1a63a_firmware *
hp 7kw54a_firmware *
hp w1a58a_firmware *
hp w1a48a_firmware *
hp w1a57a_firmware *
hp w1a33a_firmware *
hp w1a53a_firmware *
hp 7kw65a_firmware *
hp 7kw66a_firmware *
hp 7kw48a_firmware *
hp 7kw68a_firmware *
hp w1a78a_firmware *
hp w1a34a_firmware *
hp w1a56a_firmware *
hp w1a66a_firmware *
hp w1a51a_firmware *
hp 7kw79a_firmware *
hp w1a82a_firmware *
hp w1a47a_firmware *
hp 7kw64a_firmware *
hp w1y47a_firmware *
hp 7kw57a_firmware *
hp w1a59a_firmware *
CVE-2025-13492

A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages.

Products Affected

Vendor Product Version
hp image_assistant *
CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

Products Affected

Vendor Product Version
hp poly_tcos *
hp poly_videoos *
CVE-2025-2268

The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hp 6gx02e_firmware *
hp 7md75a_firmware *
hp 9yf94a_firmware *
hp 7md72a_firmware *
hp 9yg08a_firmware *
hp 7md69a_firmware *
hp 7md70a_firmware *
hp 2a130a_firmware *
hp 6gx06a_firmware *
hp 9yg05e_firmware *
hp 6gx05e_firmware *
hp 9yf96a_firmware *
hp 2u589a_firmware *
hp 7md70e_firmware *
hp 6gw71a_firmware *
hp 9yg02e_firmware *
hp 9yg10a_firmware *
hp 6gx00e_firmware *
hp 2u589e_firmware *
hp 7md72e_firmware *
hp 7md74a_firmware *
hp 6gw99a_firmware *
hp 9yf89a_firmware *
hp 6hu08a_firmware *
hp 7md76e_firmware *
hp 6gx09a_firmware *
hp 9yf88a_firmware *
hp 9yg02a_firmware *
hp 6gx00a_firmware *
hp 9yg05a_firmware *
hp 7md74e_firmware *
hp 9yf91e_firmware *
hp 9yf98a_firmware *
hp 2a129a_firmware *
hp 2a130e_firmware *
hp 7md73a_firmware *
hp 7md71a_firmware *
hp 2u589f_firmware *
hp 1y7d4a_firmware *
hp 9yf95a_firmware *
hp 6gx05a_firmware *
hp 6gx01a_firmware *
hp 9yf91a_firmware *
hp 7md76a_firmware *
hp 9yg09a_firmware *
hp 6gx03a_firmware *
hp 9yg11a_firmware *
hp 6gw99e_firmware *
hp 6gx09e_firmware *
hp 9yf97a_firmware *
hp 6gx04a_firmware *
hp 7md70f_firmware *
hp 9yf90a_firmware *
hp 9yf92a_firmware *
CVE-2025-26506

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Products Affected

Vendor Product Version
hp 4ra84f_firmware *
hp 499q3a_firmware *
hp 4ra87a_firmware *
hp 759v0e_firmware *
hp 499q9f_firmware *
hp 499q5e_firmware *
hp 499q6f_firmware *
hp 5hh67a_firmware *
hp 759v2e_firmware *
hp 4ra85f_firmware *
hp 74t92a_firmware *
hp 499n1a_firmware *
hp 499q8e_firmware *
hp 4ra82fr_firmware *
hp 4ra81e_firmware *
hp 4ra85e_firmware *
hp 499q5a_firmware *
hp 499q5fr_firmware *
hp 5hh64a_firmware *
hp 4ra83a_firmware *
hp 4ra83f_firmware *
hp 4ra81a_firmware *
hp 4ra81fr_firmware *
hp 4ra80a_firmware *
hp 499m8a_firmware *
hp 499n5a_firmware *
hp 499q3e_firmware *
hp 5hh73a_firmware *
hp 4ra86f_firmware *
hp 8d7l1a_firmware *
hp 499n0a_firmware *
hp 5hh64f_firmware *
hp 74p27a_firmware *
hp 5hh53a_firmware *
hp 499q8f_firmware *
hp 499n4a_firmware *
hp 4ra82f_firmware *
hp 5hh48v_firmware *
hp 499r0f_firmware *
hp 4ra81f_firmware *
hp 499r0e_firmware *
hp 4ra84e_firmware *
hp 499m6a_firmware *
hp 4ra82e_firmware *
hp 74p28a_firmware *
hp 499q9e_firmware *
hp 5hh59a_firmware *
hp 5hh64e_firmware *
hp 4ra89v_firmware *
hp 5hh65a_firmware *
hp 5hh66a_firmware *
hp 759v1f_firmware *
hp 4ra80e_firmware *
hp 74t92e_firmware *
hp 8d7l2a_firmware *
hp 499q3f_firmware *
hp 499q6e_firmware *
hp 5hh52a_firmware *
hp 499m9a_firmware *
hp 4ra86a_firmware *
hp 499n6a_firmware *
hp 4ra85a_firmware *
hp 5hh48a_firmware *
hp 74p26a_firmware *
hp 499q9a_firmware *
hp 759v1e_firmware *
hp 74p25a_firmware *
hp 499q7a_firmware *
hp 499q4e_firmware *
hp 4ra88a_firmware *
hp 4ra85v_firmware *
hp 759v0f_firmware *
hp 759v2f_firmware *
hp 499r0a_firmware *
hp 499m7a_firmware *
hp 499q8a_firmware *
hp 4ra84a_firmware *
hp 499q7e_firmware *
hp 4ra87e_firmware *
hp 4ra88f_firmware *
hp 499q7f_firmware *
hp 4ra88e_firmware *
hp 74t92f_firmware *
hp 4ra83e_firmware *
hp 5hh72a_firmware *
hp 499q5f_firmware *
hp 4ra80f_firmware *
hp 4ra89a_firmware *
hp 4ra82a_firmware *
hp 8d7l0a_firmware *
hp 4ra87f_firmware *
hp 499q4f_firmware *
hp 499q6a_firmware *
hp 4ra86e_firmware *
hp 5hh51a_firmware *
CVE-2025-26507

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Products Affected

Vendor Product Version
hp futuresmart_5 *
hp futuresmart_4 *
hp futuresmart_3 *
CVE-2025-26508

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Products Affected

Vendor Product Version
hp 4ra84f_firmware *
hp 499q3a_firmware *
hp 4ra87a_firmware *
hp 759v0e_firmware *
hp 499q9f_firmware *
hp 499q5e_firmware *
hp 5hh67a_firmware *
hp 4ra82fr_firmware *
hp 4ra85e_firmware *
hp 499q5a_firmware *
hp 499q5fr_firmware *
hp 4ra83f_firmware *
hp 4ra81a_firmware *
hp 4ra81fr_firmware *
hp 499m8a_firmware *
hp 4ra86f_firmware *
hp 499n0a_firmware *
hp 499n4a_firmware *
hp 4ra82f_firmware *
hp 5hh48v_firmware *
hp 499r0f_firmware *
hp 4ra81f_firmware *
hp 499r0e_firmware *
hp 4ra84e_firmware *
hp 499q9e_firmware *
hp 5hh59a_firmware *
hp 5hh66a_firmware *
hp 4ra80e_firmware *
hp 8d7l2a_firmware *
hp 499q6e_firmware *
hp 5hh52a_firmware *
hp 499m9a_firmware *
hp 499n6a_firmware *
hp 74p26a_firmware *
hp 74p25a_firmware *
hp 4ra85v_firmware *
hp 759v0f_firmware *
hp 759v2f_firmware *
hp 499r0a_firmware *
hp 499m7a_firmware *
hp 499q8a_firmware *
hp 499q7e_firmware *
hp 4ra88f_firmware *
hp 499q7f_firmware *
hp 4ra88e_firmware *
hp 74t92f_firmware *
hp 4ra80f_firmware *
hp 4ra89a_firmware *
hp 8d7l0a_firmware *
hp 4ra86e_firmware *
hp 5hh51a_firmware *
hp 499q6f_firmware *
hp 759v2e_firmware *
hp 4ra85f_firmware *
hp 74t92a_firmware *
hp 499n1a_firmware *
hp 499q8e_firmware *
hp 4ra81e_firmware *
hp 5hh64a_firmware *
hp 4ra83a_firmware *
hp 4ra80a_firmware *
hp 499n5a_firmware *
hp 499q3e_firmware *
hp 5hh73a_firmware *
hp 8d7l1a_firmware *
hp 5hh64f_firmware *
hp 74p27a_firmware *
hp 5hh53a_firmware *
hp 499q8f_firmware *
hp 499m6a_firmware *
hp 4ra82e_firmware *
hp 74p28a_firmware *
hp 5hh64e_firmware *
hp 4ra89v_firmware *
hp 5hh65a_firmware *
hp 759v1f_firmware *
hp 74t92e_firmware *
hp 499q3f_firmware *
hp 4ra86a_firmware *
hp 4ra85a_firmware *
hp 5hh48a_firmware *
hp 499q9a_firmware *
hp 759v1e_firmware *
hp 499q7a_firmware *
hp futuresmart_4 *
hp 499q4e_firmware *
hp 4ra88a_firmware *
hp futuresmart_3 *
hp 4ra84a_firmware *
hp 4ra87e_firmware *
hp 4ra83e_firmware *
hp 5hh72a_firmware *
hp 499q5f_firmware *
hp 4ra82a_firmware *
hp 4ra87f_firmware *
hp 499q4f_firmware *
hp 499q6a_firmware *
hp futuresmart_5 *
CVE-2025-43017

HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.

Products Affected

Vendor Product Version
hp thinpro 8.1
CVE-2025-43019

A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

Products Affected

Vendor Product Version
hp support_assistant 9.46.17.0
CVE-2025-43020

A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43021

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43022

A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43023

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).

Products Affected

Vendor Product Version
hp linux_imaging_and_printing *
CVE-2025-43025

HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).

Products Affected

Vendor Product Version
hp universal_print_driver *
CVE-2025-43026

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

Products Affected

Vendor Product Version
hp support_assistant *
CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43484

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43485

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43486

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43487

A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43488

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43489

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N 0.9 4.2

Products Affected

Vendor Product Version
hp poly_clariti_manager *
CVE-2025-43491

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.

Products Affected

Vendor Product Version
hp poly_lens_desktop *
CVE-2026-1997

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

Products Affected

Vendor Product Version
hp k7s43a_firmware *
hp j6x80a_firmware *
hp m9l66a_firmware *
hp t0g46a_firmware *
hp d9l20a_firmware *
hp d9l64a_firmware *
hp t0g70a_firmware *
hp t0g56a_firmware *
hp k7s39a_firmware *
hp t0g47a_firmware *
hp t0g49a_firmware *
hp j3p68a_firmware *
hp d9l18a_firmware *
hp t0g48a_firmware *
hp d9l21a_firmware *
hp l3t99a_firmware *
hp k7s40a_firmware *
hp j6x76a_firmware *
hp t1p99a_firmware *
hp k7s32a_firmware *
hp y0s19a_firmware *
hp m9l65a_firmware *
hp y0s18a_firmware *
hp m9l67a_firmware *
hp k7s38a_firmware *
hp j3p66a_firmware *
hp j6x83a_firmware *
hp j6x81a_firmware *
hp g5j38a_firmware *
hp k7s41a_firmware *
hp j6x77a_firmware *
hp k7s37a_firmware *
hp k7s42a_firmware *
hp j3p65a_firmware *
hp d9l63a_firmware *
hp g5j56a_firmware *
hp j6x79a_firmware *
hp t0g65a_firmware *
hp m9l70a_firmware *
hp j6x78a_firmware *
hp j3p67a_firmware *
CVE-2026-2915

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.

Products Affected

Vendor Product Version
hp system_event_utility *