Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-1999-1061

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 Sep, 2001 | 04:00
Updated At-01 Aug, 2024 | 17:02
Rejected At-
Credits

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 Sep, 2001 | 04:00
Updated At:01 Aug, 2024 | 17:02
Rejected At:
▼CVE Numbering Authority (CNA)

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=87602248518480&w=2
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/1876
vdb-entry
x_refsource_XF
Hyperlink: http://marc.info/?l=bugtraq&m=87602248518480&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/1876
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=87602248518480&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/1876
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=87602248518480&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/1876
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Oct, 1997 | 04:00
Updated At:03 Apr, 2025 | 01:03

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>jetdirect>>*
cpe:2.3:h:hp:jetdirect:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=87602248518480&w=2cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/1876cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=87602248518480&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/1876af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=87602248518480&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/1876
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=87602248518480&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/1876
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

205Records found
CVE-2016-2012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.78%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-2024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.16% / 83.60%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_contolserver_migration_packagen/a
CVE-2016-1986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 78.95%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.
Product-continuous_delivery_automationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-2000
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 76.71%
||
7 Day CHG~0.00%
Published-05 Apr, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Action-Not Available
Vendor-n/aHP Inc.
Product-asset_managerasset_manager_cloudsystem_chargebackn/a
CVE-2016-2003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 76.71%
||
7 Day CHG~0.00%
Published-20 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Action-Not Available
Vendor-n/aHP Inc.
Product-p9000_command_view_advanced_edition_softwarexp7_command_view_advanced_edition_suiten/a
CVE-1999-0333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 79.19%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2019-11994
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-4.31% / 88.43%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 17:23
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

Action-Not Available
Vendor-n/aHP Inc.
Product-simplivity_2600_gen10_firmwaresimplivity_omnicube_firmwaresimplivity_omnistack_for_ciscosimplivity_omnistack_for_dellsimplivity_380_gen9_firmwaresimplivity_omnistack_for_lenovo_firmwaresimplivity_380_gen10_gsimplivity_380_gen10_g_firmwaresimplivity_omnistack_for_lenovosimplivity_380_gen9simplivity_380_gen10simplivity_omnistack_for_cisco_firmwaresimplivity_380_gen10_firmwaresimplivity_omnistack_for_dell_firmwaresimplivity_2600_gen10simplivity_omnicubeHPE SimpliVity 2600 Gen10; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 380 Gen9; SimpliVity OmniCube; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; SimpliVity OmniStack for Lenovo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-6863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-2.45% / 84.61%
||
7 Day CHG~0.00%
Published-16 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5416
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.17%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5418
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5429
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.32%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentn/a
CVE-2015-5417
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5420
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5423
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5419
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5404
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.21%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CVE-2022-28616
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.62%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 20:04
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2015-3145
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-65.09% / 98.41%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.HP Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.CURL
Product-solarislibcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7096
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-5.58% / 89.93%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CVE-2018-7072
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.86%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_managerHPE Moonshot Provisioning Manager
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-28617
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.55%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:59
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CVE-2015-2117
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-10.15% / 92.82%
||
7 Day CHG~0.00%
Published-26 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.

Action-Not Available
Vendor-n/aHP Inc.
Product-tippingpoint_security_management_systemtippingpoint_virtual_security_management_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-28623
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 68.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 12:39
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)HP Inc.Red Hat, Inc.
Product-enterprise_linuxicewall_sso_certdhp-uxHPE IceWall SSO
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-7133
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 81.17%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 18:36
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

Action-Not Available
Vendor-n/aHP Inc.
Product-hpe_iot_\+_gcpHPE IOT + GCP
CVE-2014-2615
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.58% / 91.47%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CVE-2014-2638
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2014-2635
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2014-2636
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2020-7197
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.52% / 80.53%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:09
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-storeserv_management_consoleHPE 3PAR StoreServ Management and Core Software Media
CWE ID-CWE-287
Improper Authentication
CVE-2017-8988
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 72.54%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-xp_command_viewHPE Command View Advanced Edition
CVE-2017-8979
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.08% / 86.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-out_2_firmwareintegrated_lights-outIntegrated Lights-Out 2 (iLO 2)
CVE-2017-8992
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-2.89% / 85.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-centralview_fraud_risk_managementHPE CentralView Fraud Risk Management
CVE-2014-2616
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.58% / 91.47%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CVE-2014-2637
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2014-2649
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-3.62% / 87.34%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Linux Kernel Organization, Inc
Product-operations_managerkerneln/a
CVE-2017-8990
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-35.78% / 96.95%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-imc_wireless_service_managerHPE Intelligent Management Center (IMC) Wirelss Service Manager
CVE-2014-2614
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.51%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CWE ID-CWE-287
Improper Authentication
CVE-2006-7034
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.87%
||
7 Day CHG~0.00%
Published-23 Feb, 2007 | 01:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.

Action-Not Available
Vendor-super_link_exchange_scriptsanta_cruz_operationwindrivern/aMicrosoft CorporationHP Inc.Apple Inc.Sun Microsystems (Oracle Corporation)IBM CorporationLinux Kernel Organization, Inc
Product-solariswindows_95windows_xphp-uxos2aixwindows_2000windows_mesuper_link_exchange_scriptlinux_kernelbsdoswindows_2003_serversco_unixmac_os_xtru64windows_98windows_ntwindows_98sen/a
CVE-2017-8960
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-msa_2040_san_storagemsa_1040_san_storage_firmwaremsa_2040_san_storage_firmwaremsa_1040_san_storageMSA 1040 and 2040 SAN Storage
CVE-2018-12463
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.3||HIGH
EPSS-19.33% / 95.14%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-fortify_software_security_centerFortify Software Security Center
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2007-1915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.78% / 89.05%
||
7 Day CHG~0.00%
Published-10 Apr, 2007 | 23:00
Updated-07 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.

Action-Not Available
Vendor-n/aMicrosoft CorporationSAP SEApple Inc.Siemens AGIBM CorporationHP Inc.Linux Kernel Organization, Inc
Product-os_400windows_serverlinux_kernelracfhp-uxtru64reliant_unixmacosrfc_libraryaixn/a
CVE-2007-1945
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.43%
||
7 Day CHG~0.00%
Published-11 Apr, 2007 | 01:00
Updated-07 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Sun Microsystems (Oracle Corporation)IBM CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwindows_2000websphere_application_serverwindows_2003_serverwindows_xphp-uxaixi5osn/a
CVE-2007-1043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.04% / 90.36%
||
7 Day CHG+1.50%
Published-21 Feb, 2007 | 17:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

Action-Not Available
Vendor-santa_cruz_operationwindriverezboon/aMicrosoft CorporationHP Inc.Apple Inc.Sun Microsystems (Oracle Corporation)IBM CorporationLinux Kernel Organization, Inc
Product-solariswindows_95windows_xphp-uxos2aixwindows_2000webstatswindows_melinux_kernelbsdoswindows_2003_serversco_unixmac_os_xtru64windows_98windows_ntwindows_98sen/a
CVE-2007-0139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.95%
||
7 Day CHG+0.04%
Published-09 Jan, 2007 | 11:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CVE-2006-6608
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.05% / 86.17%
||
7 Day CHG~0.00%
Published-18 Dec, 2006 | 02:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_integrated_lights_out_2proliant_integrated_lights_outn/a
CVE-2006-2580
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.11% / 83.43%
||
7 Day CHG~0.00%
Published-24 May, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2006-2579
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.57% / 92.56%
||
7 Day CHG~0.00%
Published-24 May, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CVE-2017-8994
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.37% / 79.45%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-operations_orchestrationHPE Operations Orchestration
CWE ID-CWE-20
Improper Input Validation
CVE-2019-6318
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 80.65%
||
7 Day CHG~0.00%
Published-11 Apr, 2019 | 14:45
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.

Action-Not Available
Vendor-HPHP Inc.
Product-laserjet_enterprise_flow_mfp_m633color_laserjet_managed_flow_mfp_m880zm_firmwarecolor_laserjet_managed_mfp_e67550_firmwarepagewide_enterprise_color_mfp_586laserjet_enterprise_flow_mfp_m630pagewide_color_mfp_774_firmwarepagewide_managed_color_mfp_p77440_firmwarepagewide_managed_color_mfp_e77650_firmwarelaserjet_enterprise_color_flow_mfp_m575color_laserjet_managed_mfp_e77825_firmwarelaserjet_managed_flow_mfp_m527z_firmwarescanjet_enterprise_8500_fn1_document_capture_workstationpagewide_managed_color_mfp_p77940color_laserjet_enterprise_m552color_laserjet_managed_mfp_e77830_firmwarelaserjet_managed_flow_mfp_m830_firmwarelaserjet_enterprise_m4555_mfp_firmwarelaserjet_enterprise_color_flow_mfp_m575_firmwarelaserjet_managed_flow_mfp_e62575color_laserjet_enterprise_flow_mfp_m577laserjet_enterprise_700_m712_firmwarescanjet_enterprise_flow_n9120_fn2_document_scanner_firmwarelaserjet_managed_mfp_e72525_firmwarelaserjet_managed_mfp_e82560_firmwarelaserjet_enterprise_mfp_m631_firmwarelaserjet_enterprise_m607pagewide_managed_color_e75160laserjet_managed_500_color_mfp_m575_firmwarecolor_laserjet_managed_e55040dw_firmwarecolor_laserjet_enterprise_flow_mfp_m880zlaserjet_managed_mfp_m630_firmwarelaserjet_enterprise_flow_mfp_m525_firmwarepagewide_managed_color_flow_mfp_e77650_firmwarelaserjet_managed_e60075laserjet_enterprise_700_color_mfp_m775_firmwarecolor_laserjet_managed_mfp_e67560laserjet_enterprise_700_color_mfp_m775pagewide_managed_color_mfp_p77960color_laserjet_managed_mfp_e87650_firmwarelaserjet_managed_flow_mfp_e72535_firmwarelaserjet_enterprise_flow_mfp_m527z_firmwarelaserjet_enterprise_flow_mfp_m632color_laserjet_managed_flow_mfp_m577color_laserjet_managed_mfp_e87660color_laserjet_managed_mfp_e57540_firmwarelaserjet_enterprise_mfp_m630_firmwarelaserjet_managed_mfp_e82560laserjet_enterprise_500_color_m551laserjet_managed_500_mfp_m525_firmwarelaserjet_managed_e60065laserjet_enterprise_m604laserjet_enterprise_mfp_m725officejet_enterprise_color_x555color_laserjet_managed_flow_mfp_e77830color_laserjet_managed_mfp_m577pagewide_managed_color_flow_mfp_e77660zlaserjet_enterprise_flow_mfp_m632_firmwarecolor_laserjet_managed_m651laserjet_managed_flow_mfp_e52545ccolor_laserjet_managed_flow_mfp_e57540pagewide_managed_color_mfp_e58650dn_firmwarecolor_laserjet_managed_flow_mfp_m680laserjet_enterprise_500_mfp_m525fcolor_laserjet_managed_flow_mfp_e77822laserjet_enterprise_m609laserjet_managed_mfp_e72530laserjet_managed_e50045_firmwarelaserjet_managed_e60055laserjet_managed_mfp_e62555laserjet_enterprise_flow_mfp_m527zcolor_laserjet_managed_mfp_e77825pagewide_managed_color_p75250laserjet_managed_flow_mfp_m525_firmwarecolor_laserjet_managed_e65060_firmwarecolor_laserjet_enterprise_m653_firmwarepagewide_managed_color_mfp_e58650dnofficejet_enterprise_color_x555_firmwarecolor_laserjet_managed_flow_mfp_e57540_firmwarelaserjet_managed_m506_firmwarecolor_laserjet_enterprise_flow_mfp_m682_firmwarecolor_laserjet_managed_mfp_e67550officejet_managed_color_mfp_x585_firmwarecolor_laserjet_enterprise_flow_mfp_m880z_firmwarecolor_laserjet_managed_flow_mfp_e77830_firmwarepagewide_managed_color_flow_mfp_e77650pagewide_managed_color_mfp_p77950laserjet_enterprise_flow_mfp_m830_firmwarelaserjet_managed_flow_mfp_e72530color_laserjet_managed_flow_mfp_e87640_firmwareofficejet_enterprise_color_mfp_x585_firmwarepagewide_enterprise_color_mfp_780_firmwarepagewide_enterprise_color_flow_mfp_586z_firmwarelaserjet_managed_mfp_e72535_firmwarecolor_laserjet_enterprise_m652_firmwarepagewide_managed_color_p75250_firmwarecolor_laserjet_managed_m553officejet_managed_color_flow_mfp_x585_firmwarelaserjet_managed_mfp_e52545_firmwarecolor_laserjet_enterprise_m553_firmwarecolor_laserjet_enterprise_m651color_laserjet_managed_flow_mfp_e77825color_laserjet_enterprise_m750pagewide_managed_color_e55650_firmwarecolor_laserjet_cm4540_mfpcolor_laserjet_managed_flow_mfp_e67560_firmwarecolor_laserjet_managed_e65050color_laserjet_managed_e65060laserjet_managed_mfp_e72530_firmwarepagewide_enterprise_color_flow_mfp_780flaserjet_managed_flow_mfp_e72535laserjet_managed_mfp_e82550_firmwarecolor_laserjet_managed_flow_mfp_m680_firmwarecolor_laserjet_enterprise_flow_mfp_m681laserjet_enterprise_500_color_mfp_m575_firmwarelaserjet_enterprise_m608_firmwarelaserjet_managed_color_flow_mfp_m575color_laserjet_managed_flow_mfp_e87650_firmwarelaserjet_enterprise_m806_firmwarelaserjet_managed_e50045pagewide_enterprise_color_flow_mpf_785color_laserjet_enterprise_m750_firmwarepagewide_enterprise_color_flow_mpf_785_firmwarepagewide_enterprise_color_556laserjet_managed_flow_mfp_e82550color_laserjet_managed_flow_mfp_e87660laserjet_enterprise_600_m601_firmwarelaserjet_enterprise_m607_firmwarelaserjet_enterprise_mfp_m725_firmwareofficejet_managed_color_flow_mfp_x585color_laserjet_enterprise_m855laserjet_enterprise_600_m602laserjet_managed_flow_mfp_m527zlaserjet_enterprise_m605laserjet_enterprise_m606color_laserjet_enterprise_mfp_m680_firmwareofficejet_enterprise_color_mfp_x585laserjet_enterprise_m605_firmwarepagewide_color_755_firmwarepagewide_color_mfp_779pagewide_managed_color_mfp_p77950_firmwarecolor_laserjet_managed_mfp_m775color_laserjet_enterprise_m552_firmwarepagewide_enterprise_color_mfp_780color_laserjet_managed_flow_mfp_m577_firmwaredigital_sender_flow_8500_fn2_document_capture_workstation_firmwarecolor_laserjet_managed_flow_mfp_e77825_firmwarepagewide_managed_color_mfp_e77650color_laserjet_managed_mfp_e67560_firmwarelaserjet_managed_mfp_m630laserjet_managed_flow_mfp_e72525_firmwareofficejet_enterprise_color_flow_mfp_x585_firmwarecolor_laserjet_enterprise_mfp_m681_firmwarecolor_laserjet_managed_flow_mfp_e6750color_laserjet_managed_flow_mfp_e87660_firmwarelaserjet_managed_flow_mfp_e62565pagewide_managed_color_mfp_p77440color_laserjet_managed_mfp_e77822laserjet_enterprise_mfp_m527_firmwarepagewide_managed_color_flow_mfp_e58650zcolor_laserjet_enterprise_m653pagewide_managed_color_e75160_firmwarelaserjet_managed_500_color_mfp_m575laserjet_enterprise_mfp_m527laserjet_enterprise_flow_mfp_m830laserjet_managed_e60075_firmwarelaserjet_managed_m605color_laserjet_cm4540_mfp_firmwarelaserjet_managed_flow_mfp_m830laserjet_enterprise_mfp_m633pagewide_color_mfp_779_firmwarelaserjet_managed_flow_mfp_e72530_firmwarecolor_laserjet_managed_mfp_e87640color_laserjet_managed_e55040dwlaserjet_managed_flow_mfp_e82540color_laserjet_managed_flow_mfp_e87640laserjet_enterprise_mfp_m631laserjet_managed_mfp_e82540_firmwarepagewide_enterprise_color_flow_mfp_586zcolor_laserjet_enterprise_mfp_m682officejet_enterprise_color_flow_mfp_x585laserjet_managed_flow_mfp_m630_firmwarecolor_laserjet_managed_mfp_m680color_laserjet_managed_flow_mfp_e67560pagewide_color_755laserjet_enterprise_mfp_m633_firmwarelaserjet_managed_flow_mfp_e82540_firmwarecolor_laserjet_enterprise_flow_mfp_m680_firmwarecolor_laserjet_enterprise_flow_mfp_m680color_laserjet_enterprise_mfp_m577pagewide_enterprise_color_mfp_586_firmwarelaserjet_enterprise_500_color_m551_firmwarelaserjet_managed_mfp_e72525laserjet_managed_flow_mfp_e72525color_laserjet_enterprise_flow_mfp_m682laserjet_enterprise_m604_firmwarelaserjet_enterprise_flow_mfp_m525color_laserjet_managed_e65050_firmwarelaserjet_managed_flow_mfp_e52545c_firmwarelaserjet_managed_m605_firmwarelaserjet_enterprise_mfp_m630pagewide_enterprise_color_765color_laserjet_enterprise_mfp_m682_firmwarelaserjet_enterprise_600_m602_firmwarepagewide_enterprise_color_flow_mfp_780f_firmwarelaserjet_managed_m506officejet_managed_color_mfp_x585laserjet_managed_500_mfp_m525laserjet_enterprise_mfp_m632color_laserjet_managed_m553_firmwarelaserjet_managed_e60055_firmwarecolor_laserjet_enterprise_m651_firmwarelaserjet_managed_flow_mfp_e62555_firmwarelaserjet_managed_flow_mfp_e82560color_laserjet_managed_flow_mfp_e87650color_laserjet_managed_flow_mfp_m880zmcolor_laserjet_enterprise_mfp_m681pagewide_enterprise_color_765_firmwarelaserjet_enterprise_600_m603laserjet_managed_mfp_m725_firmwarelaserjet_managed_mfp_e62555_firmwarelaserjet_managed_flow_mfp_m630laserjet_enterprise_mfp_m632_firmwarepagewide_managed_color_flow_mfp_e58650z_firmwarelaserjet_enterprise_flow_mfp_m630_firmwarecolor_laserjet_enterprise_mfp_m577_firmwarelaserjet_enterprise_m806laserjet_enterprise_m609_firmwarepagewide_color_mfp_774pagewide_enterprise_color_556_firmwarelaserjet_managed_flow_mfp_e82550_firmwarelaserjet_managed_mfp_e72535color_laserjet_enterprise_cp5525_firmwaredigital_sender_flow_8500_fn2_document_capture_workstationcolor_laserjet_managed_mfp_e87640_firmwarelaserjet_enterprise_m4555_mfppagewide_managed_color_mfp_p77940_firmwarecolor_laserjet_managed_flow_mfp_e77822_firmwarelaserjet_enterprise_m506laserjet_enterprise_flow_mfp_m633_firmwarecolor_laserjet_managed_mfp_m577_firmwarelaserjet_enterprise_500_mfp_m525f_firmwarelaserjet_managed_e60065_firmwarecolor_laserjet_managed_mfp_m775_firmwarelaserjet_managed_flow_mfp_e62565_firmwarecolor_laserjet_enterprise_m855_firmwarepagewide_managed_color_e55650laserjet_enterprise_flow_mfp_m631_firmwarecolor_laserjet_managed_mfp_e77822_firmwarepagewide_managed_color_flow_mfp_e77660z_firmwarecolor_laserjet_managed_mfp_m680_firmwarelaserjet_managed_mfp_e52545laserjet_managed_flow_mfp_e62575_firmwarelaserjet_enterprise_m608color_laserjet_managed_mfp_e87660_firmwarelaserjet_managed_mfp_e82550laserjet_managed_mfp_e62565laserjet_managed_mfp_m527_firmwarelaserjet_managed_mfp_m527laserjet_managed_flow_mfp_e82560_firmwarecolor_laserjet_managed_m651_firmwarescanjet_enterprise_8500_fn1_document_capture_workstation_firmwarecolor_laserjet_managed_mfp_e77830laserjet_enterprise_600_m603_firmwarecolor_laserjet_enterprise_flow_mfp_m577_firmwarepagewide_managed_color_mfp_p77960_firmwarelaserjet_managed_flow_mfp_m525color_laserjet_enterprise_flow_mfp_m681_firmwarelaserjet_managed_flow_mfp_e62555laserjet_enterprise_700_m712laserjet_managed_mfp_e62565_firmwarecolor_laserjet_managed_flow_mfp_e6750_firmwarecolor_laserjet_enterprise_cp5525laserjet_managed_mfp_e82540color_laserjet_enterprise_m553laserjet_enterprise_600_m601laserjet_managed_color_flow_mfp_m575_firmwarescanjet_enterprise_flow_n9120_fn2_document_scannercolor_laserjet_managed_mfp_e57540laserjet_enterprise_500_color_mfp_m575color_laserjet_enterprise_m652color_laserjet_managed_mfp_e87650laserjet_enterprise_flow_mfp_m631color_laserjet_enterprise_mfp_m680laserjet_enterprise_m606_firmwarelaserjet_enterprise_m506_firmwarelaserjet_managed_mfp_m725HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-6327
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.38%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 15:55
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_pro_mfp_m28-m31_w2g55a_firmwarelaserjet_pro_m280-m281_t6b82alaserjet_pro_m280-m281_t6b83a_firmwarelaserjet_pro_mfp_m28-m31_w2g55alaserjet_pro_m280-m281_t6b83alaserjet_pro_mfp_m28-m31_y5s54alaserjet_pro_mfp_m28-m31_w2g54alaserjet_pro_m280-m281_t6b80a_firmwarelaserjet_pro_mfp_m28-m31_y5s55alaserjet_pro_m280-m281_t6b81a_firmwarelaserjet_pro_mfp_m28-m31_y5s50alaserjet_pro_mfp_m28-m31_y5s55a_firmwarelaserjet_pro_m280-m281_t6b82a_firmwarelaserjet_pro_mfp_m28-m31_w2g54a_firmwarelaserjet_pro_m280-m281_t6b81alaserjet_pro_mfp_m28-m31_y5s54a_firmwarelaserjet_pro_mfp_m28-m31_y5s50a_firmwarelaserjet_pro_mfp_m28-m31_y5s53alaserjet_pro_m280-m281_t6b80alaserjet_pro_mfp_m28-m31_y5s53a_firmwareHP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found