Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-1332

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Jan, 2005 | 05:00
Updated At-08 Aug, 2024 | 00:46
Rejected At-
Credits

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Jan, 2005 | 05:00
Updated At:08 Aug, 2024 | 00:46
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=110797179710695&w=2
vendor-advisory
x_refsource_HP
http://securitytracker.com/id?1012650
vdb-entry
x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/bid/12077
vdb-entry
x_refsource_BID
http://marc.info/?l=bugtraq&m=110797179710695&w=2
vendor-advisory
x_refsource_HP
http://www.kb.cert.org/vuls/id/647438
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/13608
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
vdb-entry
x_refsource_XF
http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://securitytracker.com/id?1012650
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/bid/12077
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.kb.cert.org/vuls/id/647438
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/13608
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
Resource:
third-party-advisory
x_refsource_IDEFENSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=110797179710695&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://securitytracker.com/id?1012650
vdb-entry
x_refsource_SECTRACK
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/bid/12077
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=bugtraq&m=110797179710695&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.kb.cert.org/vuls/id/647438
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/13608
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
vdb-entry
x_refsource_XF
x_transferred
http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://securitytracker.com/id?1012650
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/bid/12077
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/647438
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/13608
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>hp-ux>>10.01
cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>10.10
cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>10.20
cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>10.24
cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>11.00
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>11.4
cpe:2.3:o:hp:hp-ux:11.4:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>11.11
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>11.11i
cpe:2.3:o:hp:hp-ux:11.11i:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>11.22
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>11.23
cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux_series_700>>10.20
cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux_series_800>>10.20
cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*
HP Inc.
hp
>>sis>>*
cpe:2.3:o:hp:sis:*:*:*:*:*:*:*:*
HP Inc.
hp
>>vvos>>10.24
cpe:2.3:o:hp:vvos:10.24:*:*:*:*:*:*:*
HP Inc.
hp
>>vvos>>11.04
cpe:2.3:o:hp:vvos:11.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=110797179710695&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=110797179710695&w=2cve@mitre.org
N/A
http://secunia.com/advisories/13608cve@mitre.org
Patch
http://securitytracker.com/id?1012650cve@mitre.org
N/A
http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=falsecve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/647438cve@mitre.org
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/12077cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18636cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=110797179710695&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=110797179710695&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/13608af854a3a-2127-422b-91ae-364da2661108
Patch
http://securitytracker.com/id?1012650af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=falseaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/647438af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/12077af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18636af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/13608
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://securitytracker.com/id?1012650
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/647438
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/12077
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=110797179710695&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/13608
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://securitytracker.com/id?1012650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/647438
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/12077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

205Records found
CVE-1999-1062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.23%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-1999-0502
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-42.28% / 97.35%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Unix account has a default, null, blank, or missing password.

Action-Not Available
Vendor-n/aRed Hat, Inc.Sun Microsystems (Oracle Corporation)HP Inc.
Product-solarislinuxsunoshp-uxn/a
CVE-1999-1061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.62%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-1999-0707
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 71.98%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

Action-Not Available
Vendor-n/aHP Inc.
Product-visualize_conference_ftphp-uxn/a
CVE-2003-0951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-18 Nov, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 79.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.86% / 85.71%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vacation program allows command execution by remote users through a sendmail command.

Action-Not Available
Vendor-eric_allmann/aIBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)HP Inc.
Product-hp-uxvacationaixsolarissunosvvosfreebsdn/a
CVE-2012-2000
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-6.55% / 90.75%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities before 9.0.0 allow remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_health_application_and_command_line_utilitiesn/a
CVE-2015-5404
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.18%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CVE-2015-5416
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.16%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2019-6318
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 80.63%
||
7 Day CHG~0.00%
Published-11 Apr, 2019 | 14:45
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.

Action-Not Available
Vendor-HPHP Inc.
Product-laserjet_enterprise_flow_mfp_m633color_laserjet_managed_flow_mfp_m880zm_firmwarecolor_laserjet_managed_mfp_e67550_firmwarepagewide_enterprise_color_mfp_586laserjet_enterprise_flow_mfp_m630pagewide_color_mfp_774_firmwarepagewide_managed_color_mfp_p77440_firmwarepagewide_managed_color_mfp_e77650_firmwarelaserjet_enterprise_color_flow_mfp_m575color_laserjet_managed_mfp_e77825_firmwarelaserjet_managed_flow_mfp_m527z_firmwarescanjet_enterprise_8500_fn1_document_capture_workstationpagewide_managed_color_mfp_p77940color_laserjet_enterprise_m552color_laserjet_managed_mfp_e77830_firmwarelaserjet_managed_flow_mfp_m830_firmwarelaserjet_enterprise_m4555_mfp_firmwarelaserjet_enterprise_color_flow_mfp_m575_firmwarelaserjet_managed_flow_mfp_e62575color_laserjet_enterprise_flow_mfp_m577laserjet_enterprise_700_m712_firmwarescanjet_enterprise_flow_n9120_fn2_document_scanner_firmwarelaserjet_managed_mfp_e72525_firmwarelaserjet_managed_mfp_e82560_firmwarelaserjet_enterprise_mfp_m631_firmwarelaserjet_enterprise_m607pagewide_managed_color_e75160laserjet_managed_500_color_mfp_m575_firmwarecolor_laserjet_managed_e55040dw_firmwarecolor_laserjet_enterprise_flow_mfp_m880zlaserjet_managed_mfp_m630_firmwarelaserjet_enterprise_flow_mfp_m525_firmwarepagewide_managed_color_flow_mfp_e77650_firmwarelaserjet_managed_e60075laserjet_enterprise_700_color_mfp_m775_firmwarecolor_laserjet_managed_mfp_e67560laserjet_enterprise_700_color_mfp_m775pagewide_managed_color_mfp_p77960color_laserjet_managed_mfp_e87650_firmwarelaserjet_managed_flow_mfp_e72535_firmwarelaserjet_enterprise_flow_mfp_m527z_firmwarelaserjet_enterprise_flow_mfp_m632color_laserjet_managed_flow_mfp_m577color_laserjet_managed_mfp_e87660color_laserjet_managed_mfp_e57540_firmwarelaserjet_enterprise_mfp_m630_firmwarelaserjet_managed_mfp_e82560laserjet_enterprise_500_color_m551laserjet_managed_500_mfp_m525_firmwarelaserjet_managed_e60065laserjet_enterprise_m604laserjet_enterprise_mfp_m725officejet_enterprise_color_x555color_laserjet_managed_flow_mfp_e77830color_laserjet_managed_mfp_m577pagewide_managed_color_flow_mfp_e77660zlaserjet_enterprise_flow_mfp_m632_firmwarecolor_laserjet_managed_m651laserjet_managed_flow_mfp_e52545ccolor_laserjet_managed_flow_mfp_e57540pagewide_managed_color_mfp_e58650dn_firmwarecolor_laserjet_managed_flow_mfp_m680laserjet_enterprise_500_mfp_m525fcolor_laserjet_managed_flow_mfp_e77822laserjet_enterprise_m609laserjet_managed_mfp_e72530laserjet_managed_e50045_firmwarelaserjet_managed_e60055laserjet_managed_mfp_e62555laserjet_enterprise_flow_mfp_m527zcolor_laserjet_managed_mfp_e77825pagewide_managed_color_p75250laserjet_managed_flow_mfp_m525_firmwarecolor_laserjet_managed_e65060_firmwarecolor_laserjet_enterprise_m653_firmwarepagewide_managed_color_mfp_e58650dnofficejet_enterprise_color_x555_firmwarecolor_laserjet_managed_flow_mfp_e57540_firmwarelaserjet_managed_m506_firmwarecolor_laserjet_enterprise_flow_mfp_m682_firmwarecolor_laserjet_managed_mfp_e67550officejet_managed_color_mfp_x585_firmwarecolor_laserjet_enterprise_flow_mfp_m880z_firmwarecolor_laserjet_managed_flow_mfp_e77830_firmwarepagewide_managed_color_flow_mfp_e77650pagewide_managed_color_mfp_p77950laserjet_enterprise_flow_mfp_m830_firmwarelaserjet_managed_flow_mfp_e72530color_laserjet_managed_flow_mfp_e87640_firmwareofficejet_enterprise_color_mfp_x585_firmwarepagewide_enterprise_color_mfp_780_firmwarepagewide_enterprise_color_flow_mfp_586z_firmwarelaserjet_managed_mfp_e72535_firmwarecolor_laserjet_enterprise_m652_firmwarepagewide_managed_color_p75250_firmwarecolor_laserjet_managed_m553officejet_managed_color_flow_mfp_x585_firmwarelaserjet_managed_mfp_e52545_firmwarecolor_laserjet_enterprise_m553_firmwarecolor_laserjet_enterprise_m651color_laserjet_managed_flow_mfp_e77825color_laserjet_enterprise_m750pagewide_managed_color_e55650_firmwarecolor_laserjet_cm4540_mfpcolor_laserjet_managed_flow_mfp_e67560_firmwarecolor_laserjet_managed_e65050color_laserjet_managed_e65060laserjet_managed_mfp_e72530_firmwarepagewide_enterprise_color_flow_mfp_780flaserjet_managed_flow_mfp_e72535laserjet_managed_mfp_e82550_firmwarecolor_laserjet_managed_flow_mfp_m680_firmwarecolor_laserjet_enterprise_flow_mfp_m681laserjet_enterprise_500_color_mfp_m575_firmwarelaserjet_enterprise_m608_firmwarelaserjet_managed_color_flow_mfp_m575color_laserjet_managed_flow_mfp_e87650_firmwarelaserjet_enterprise_m806_firmwarelaserjet_managed_e50045pagewide_enterprise_color_flow_mpf_785color_laserjet_enterprise_m750_firmwarepagewide_enterprise_color_flow_mpf_785_firmwarepagewide_enterprise_color_556laserjet_managed_flow_mfp_e82550color_laserjet_managed_flow_mfp_e87660laserjet_enterprise_600_m601_firmwarelaserjet_enterprise_m607_firmwarelaserjet_enterprise_mfp_m725_firmwareofficejet_managed_color_flow_mfp_x585color_laserjet_enterprise_m855laserjet_enterprise_600_m602laserjet_managed_flow_mfp_m527zlaserjet_enterprise_m605laserjet_enterprise_m606color_laserjet_enterprise_mfp_m680_firmwareofficejet_enterprise_color_mfp_x585laserjet_enterprise_m605_firmwarepagewide_color_755_firmwarepagewide_color_mfp_779pagewide_managed_color_mfp_p77950_firmwarecolor_laserjet_managed_mfp_m775color_laserjet_enterprise_m552_firmwarepagewide_enterprise_color_mfp_780color_laserjet_managed_flow_mfp_m577_firmwaredigital_sender_flow_8500_fn2_document_capture_workstation_firmwarecolor_laserjet_managed_flow_mfp_e77825_firmwarepagewide_managed_color_mfp_e77650color_laserjet_managed_mfp_e67560_firmwarelaserjet_managed_mfp_m630laserjet_managed_flow_mfp_e72525_firmwareofficejet_enterprise_color_flow_mfp_x585_firmwarecolor_laserjet_enterprise_mfp_m681_firmwarecolor_laserjet_managed_flow_mfp_e6750color_laserjet_managed_flow_mfp_e87660_firmwarelaserjet_managed_flow_mfp_e62565pagewide_managed_color_mfp_p77440color_laserjet_managed_mfp_e77822laserjet_enterprise_mfp_m527_firmwarepagewide_managed_color_flow_mfp_e58650zcolor_laserjet_enterprise_m653pagewide_managed_color_e75160_firmwarelaserjet_managed_500_color_mfp_m575laserjet_enterprise_mfp_m527laserjet_enterprise_flow_mfp_m830laserjet_managed_e60075_firmwarelaserjet_managed_m605color_laserjet_cm4540_mfp_firmwarelaserjet_managed_flow_mfp_m830laserjet_enterprise_mfp_m633pagewide_color_mfp_779_firmwarelaserjet_managed_flow_mfp_e72530_firmwarecolor_laserjet_managed_mfp_e87640color_laserjet_managed_e55040dwlaserjet_managed_flow_mfp_e82540color_laserjet_managed_flow_mfp_e87640laserjet_enterprise_mfp_m631laserjet_managed_mfp_e82540_firmwarepagewide_enterprise_color_flow_mfp_586zcolor_laserjet_enterprise_mfp_m682officejet_enterprise_color_flow_mfp_x585laserjet_managed_flow_mfp_m630_firmwarecolor_laserjet_managed_mfp_m680color_laserjet_managed_flow_mfp_e67560pagewide_color_755laserjet_enterprise_mfp_m633_firmwarelaserjet_managed_flow_mfp_e82540_firmwarecolor_laserjet_enterprise_flow_mfp_m680_firmwarecolor_laserjet_enterprise_flow_mfp_m680color_laserjet_enterprise_mfp_m577pagewide_enterprise_color_mfp_586_firmwarelaserjet_enterprise_500_color_m551_firmwarelaserjet_managed_mfp_e72525laserjet_managed_flow_mfp_e72525color_laserjet_enterprise_flow_mfp_m682laserjet_enterprise_m604_firmwarelaserjet_enterprise_flow_mfp_m525color_laserjet_managed_e65050_firmwarelaserjet_managed_flow_mfp_e52545c_firmwarelaserjet_managed_m605_firmwarelaserjet_enterprise_mfp_m630pagewide_enterprise_color_765color_laserjet_enterprise_mfp_m682_firmwarelaserjet_enterprise_600_m602_firmwarepagewide_enterprise_color_flow_mfp_780f_firmwarelaserjet_managed_m506officejet_managed_color_mfp_x585laserjet_managed_500_mfp_m525laserjet_enterprise_mfp_m632color_laserjet_managed_m553_firmwarelaserjet_managed_e60055_firmwarecolor_laserjet_enterprise_m651_firmwarelaserjet_managed_flow_mfp_e62555_firmwarelaserjet_managed_flow_mfp_e82560color_laserjet_managed_flow_mfp_e87650color_laserjet_managed_flow_mfp_m880zmcolor_laserjet_enterprise_mfp_m681pagewide_enterprise_color_765_firmwarelaserjet_enterprise_600_m603laserjet_managed_mfp_m725_firmwarelaserjet_managed_mfp_e62555_firmwarelaserjet_managed_flow_mfp_m630laserjet_enterprise_mfp_m632_firmwarepagewide_managed_color_flow_mfp_e58650z_firmwarelaserjet_enterprise_flow_mfp_m630_firmwarecolor_laserjet_enterprise_mfp_m577_firmwarelaserjet_enterprise_m806laserjet_enterprise_m609_firmwarepagewide_color_mfp_774pagewide_enterprise_color_556_firmwarelaserjet_managed_flow_mfp_e82550_firmwarelaserjet_managed_mfp_e72535color_laserjet_enterprise_cp5525_firmwaredigital_sender_flow_8500_fn2_document_capture_workstationcolor_laserjet_managed_mfp_e87640_firmwarelaserjet_enterprise_m4555_mfppagewide_managed_color_mfp_p77940_firmwarecolor_laserjet_managed_flow_mfp_e77822_firmwarelaserjet_enterprise_m506laserjet_enterprise_flow_mfp_m633_firmwarecolor_laserjet_managed_mfp_m577_firmwarelaserjet_enterprise_500_mfp_m525f_firmwarelaserjet_managed_e60065_firmwarecolor_laserjet_managed_mfp_m775_firmwarelaserjet_managed_flow_mfp_e62565_firmwarecolor_laserjet_enterprise_m855_firmwarepagewide_managed_color_e55650laserjet_enterprise_flow_mfp_m631_firmwarecolor_laserjet_managed_mfp_e77822_firmwarepagewide_managed_color_flow_mfp_e77660z_firmwarecolor_laserjet_managed_mfp_m680_firmwarelaserjet_managed_mfp_e52545laserjet_managed_flow_mfp_e62575_firmwarelaserjet_enterprise_m608color_laserjet_managed_mfp_e87660_firmwarelaserjet_managed_mfp_e82550laserjet_managed_mfp_e62565laserjet_managed_mfp_m527_firmwarelaserjet_managed_mfp_m527laserjet_managed_flow_mfp_e82560_firmwarecolor_laserjet_managed_m651_firmwarescanjet_enterprise_8500_fn1_document_capture_workstation_firmwarecolor_laserjet_managed_mfp_e77830laserjet_enterprise_600_m603_firmwarecolor_laserjet_enterprise_flow_mfp_m577_firmwarepagewide_managed_color_mfp_p77960_firmwarelaserjet_managed_flow_mfp_m525color_laserjet_enterprise_flow_mfp_m681_firmwarelaserjet_managed_flow_mfp_e62555laserjet_enterprise_700_m712laserjet_managed_mfp_e62565_firmwarecolor_laserjet_managed_flow_mfp_e6750_firmwarecolor_laserjet_enterprise_cp5525laserjet_managed_mfp_e82540color_laserjet_enterprise_m553laserjet_enterprise_600_m601laserjet_managed_color_flow_mfp_m575_firmwarescanjet_enterprise_flow_n9120_fn2_document_scannercolor_laserjet_managed_mfp_e57540laserjet_enterprise_500_color_mfp_m575color_laserjet_enterprise_m652color_laserjet_managed_mfp_e87650laserjet_enterprise_flow_mfp_m631color_laserjet_enterprise_mfp_m680laserjet_enterprise_m606_firmwarelaserjet_enterprise_m506_firmwarelaserjet_managed_mfp_m725HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-6330
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 76.35%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 18:37
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

Action-Not Available
Vendor-n/aHP Inc.
Product-access_controlHP Access Control
CVE-2019-6327
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.35%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 15:55
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_pro_mfp_m28-m31_w2g55a_firmwarelaserjet_pro_m280-m281_t6b82alaserjet_pro_m280-m281_t6b83a_firmwarelaserjet_pro_mfp_m28-m31_w2g55alaserjet_pro_m280-m281_t6b83alaserjet_pro_mfp_m28-m31_y5s54alaserjet_pro_mfp_m28-m31_w2g54alaserjet_pro_m280-m281_t6b80a_firmwarelaserjet_pro_mfp_m28-m31_y5s55alaserjet_pro_m280-m281_t6b81a_firmwarelaserjet_pro_mfp_m28-m31_y5s50alaserjet_pro_mfp_m28-m31_y5s55a_firmwarelaserjet_pro_m280-m281_t6b82a_firmwarelaserjet_pro_mfp_m28-m31_w2g54a_firmwarelaserjet_pro_m280-m281_t6b81alaserjet_pro_mfp_m28-m31_y5s54a_firmwarelaserjet_pro_mfp_m28-m31_y5s50a_firmwarelaserjet_pro_mfp_m28-m31_y5s53alaserjet_pro_m280-m281_t6b80alaserjet_pro_mfp_m28-m31_y5s53a_firmwareHP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-5427
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.30%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentn/a
CVE-2019-3479
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-7.43% / 91.37%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 16:01
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggerArcSight Logger
CVE-2012-1823
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-94.29% / 99.93%
||
7 Day CHG-0.06%
Published-11 May, 2012 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Action-Not Available
Vendor-n/aHP Inc.Fedora ProjectThe PHP GroupSUSEApple Inc.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-storage_for_public_cloudenterprise_linux_eusenterprise_linux_workstationhp-uxmac_os_xopensusegluster_storage_server_for_on-premisestorageapplication_stacklinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linux_desktopenterprise_linux_server_ausfedoradebian_linuxenterprise_linux_serverphpn/aPHP
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2012-2013
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-29 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Linux Kernel Organization, Inc
Product-linux_kernelsystem_management_homepagewindowsn/a
CVE-2012-2007
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.16%
||
7 Day CHG~0.00%
Published-09 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-performance_insightn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-1997
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-11 Mar, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-1998.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managern/a
CVE-2011-4166
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-66.27% / 98.46%
||
7 Day CHG-5.00%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

Action-Not Available
Vendor-n/aHP Inc.
Product-managed_printing_administrationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-28616
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 20:04
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-14678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 20:59
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.

Action-Not Available
Vendor-sasn/aMicrosoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-windows_server_2016windows_8linux_kernelwindows_8.1windows_server_2012solarishp-uxwindowswindows_7windows_10xml_mapperz\/osaixbase_saswindows_server_2019n/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2011-4169
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-managed_printing_administrationn/a
CVE-2011-4162
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-22.48% / 95.62%
||
7 Day CHG~0.00%
Published-05 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-protecttools_device_access_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-4168
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.61% / 81.00%
||
7 Day CHG-1.33%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

Action-Not Available
Vendor-n/aHP Inc.
Product-managed_printing_administrationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-4167
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-11.09% / 93.18%
||
7 Day CHG~0.00%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.

Action-Not Available
Vendor-n/aHP Inc.
Product-managed_printing_administrationn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0920
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-58.77% / 98.14%
||
7 Day CHG~0.00%
Published-25 Mar, 2009 | 01:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-11994
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-4.31% / 88.43%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 17:23
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

Action-Not Available
Vendor-n/aHP Inc.
Product-simplivity_2600_gen10_firmwaresimplivity_omnicube_firmwaresimplivity_omnistack_for_ciscosimplivity_omnistack_for_dellsimplivity_380_gen9_firmwaresimplivity_omnistack_for_lenovo_firmwaresimplivity_380_gen10_gsimplivity_380_gen10_g_firmwaresimplivity_omnistack_for_lenovosimplivity_380_gen9simplivity_380_gen10simplivity_omnistack_for_cisco_firmwaresimplivity_380_gen10_firmwaresimplivity_omnistack_for_dell_firmwaresimplivity_2600_gen10simplivity_omnicubeHPE SimpliVity 2600 Gen10; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 380 Gen9; SimpliVity OmniCube; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; SimpliVity OmniStack for Lenovo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-3264
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-6.60% / 90.79%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CVE-2019-10627
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.26%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2

Action-Not Available
Vendor-Qualcomm Technologies, Inc.HP Inc.
Product-j9v80ad3q15ad3q20a_firmwared3q21dd9l64aj6u57b_firmwarek9z74d_firmwared3q21bj6u51b_firmwarej6u57a_firmwarew2z53b_firmwarej6u57bd9l64a_firmwarej3p65a_firmwarej9v82ad3q21d_firmwarej6u55a_firmwared3q15a_firmwarek9z74a_firmwared9l63a_firmwared3q21cj6u55d_firmwared3q15dj6u57aj9v80a_firmwarej9v80b_firmwarej9v80bd3q17aw2z52bd3q20b_firmwarew2z52b_firmwared3q21aj3p65ad3q21a_firmwared3q20dd3q19d2dr21dd3q20c_firmwared3q20d_firmwared3q19ak9z74aj6u55ad3q20aj3p68a_firmwarek9z76b_firmwared3q16dj6u51bj9v78b_firmwarek9z76a_firmwared3q15bd3q17d_firmwarek9z76ad3q21c_firmwareipsd3q17a_firmwarej9v82d_firmwared3q17dd3q16aj9v82dd9l63ad3q16d_firmwaret0g70a_firmwarej6u55dk9z76d_firmwarek9z76dk9z76bd3q19bd3q20bd3q15b_firmware2dr21d_firmwared3q15d_firmwarej3p68ak9z74dd3q20cd3q19b_firmwarew2z53bd3q16a_firmwared3q19d_firmwaret0g70aj9v82a_firmwarej9v78bd3q19a_firmwared3q21b_firmwarePostScript and PDF printers that use IPS versions prior to 2019.2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-7074
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-35.78% / 96.95%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center (IMC)
CVE-2018-7072
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.86%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_managerHPE Moonshot Provisioning Manager
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2018-7096
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-5.58% / 89.93%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CVE-2018-7095
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 72.53%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CVE-2018-5924
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-34.86% / 96.89%
||
7 Day CHG~0.00%
Published-13 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

Action-Not Available
Vendor-HP Inc.
Product-3yz74a_firmwared3q15am2u76_firmwared9l19a_firmwared4h22a_firmwaret3p03a_firmwaret0a23acq891arj6x76a_firmwared9l64a_firmwarej9v82af8b06a_firmwarek7s42a_firmwarecq890arf5s00cq176ab9s58aw1b38g0450_firmwaret0k98ad3a82ad3q17c_firmwaren4l17a_firmwarej9v80a_firmwarecz993a_firmwaret0g56aw1b37_firmwarecq890ccq893e_firmwarea7f65a_firmwarecq891c_firmwarek4t99bcq893bf0v64z4b12_firmwared3q20acm749acn459a_firmwaret3p03aw1b39_firmwarek7v42c_firmwaref5s43_firmwarey0s18ad3q15bf5s65ak9z76aj7a31a_firmwarecn583a_firmwaret3p04aj6x76af5s60am2u81w3u23d7z36a_firmwarej2d37acm750a_firmwarey5h80ae1d36ae1d36a_firmwarem2u85_firmwarey0s19a_firmwarel9d57ag1x85acq893c_firmwarecq176a_firmwarey5h80a_firmwarecq891ar_firmwarecn461a_firmwarex3b09aj6u63_firmwarek7v35v1n08acq890ar_firmwared3q21d_firmwarep0r21a_firmwarea9t80af1h96_firmwarecq891cd4j85bj6u55a_firmwarecr771a_firmwarea9t80b_firmwarew3u25_firmwaree4w43f0v64_firmwarej6u55d_firmwared3q15df5r96a_firmwarew1b33_firmwarecz283a_firmwarecz152a_firmwarecr771acm750a1jl02bd3q19da7f66ad3q19aa9t80bg0450f5r95f8b04am9l70a_firmwaree4w43_firmwarez4b53a_firmwarem2q28a_firmwarez4b12x3b09a_firmwaret8w35a_firmwaren4l17aj2d37a_firmwareg0v47d3q16aj9v87a_firmware1jl02b_firmwaref8b09w3u25t0g25az4b56a_firmwarecz282a_firmwarem9l80acv136acm749a_firmwarev1n01a4sc29aw1b31_firmwarek9h48_firmwaref0m65an4l18ccz276ae3e02ad3q21d1jl02a_firmwaref9a29bc9s13acq890c_firmwaret0f28a_firmwarev1n01a_firmwarea9u28b_firmwarem2u86j7k34a_firmware1dt61a_firmwared4j74t1q00d9l63a_firmwared4h21a_firmwaref9a28a_firmwarecq890a_firmwarez4b53at8x44_firmwaret5d67acq183a_firmwareb9s57cd7z36acn460acq891bf8b05acz025at0g50ak7c84_firmwarev1n02am9l70at8x39_firmwared3q17a_firmwaree3e03acv037aj9v82d_firmwaret0g45acq176k7g18a_firmwaret5d66a_firmwarek7s37a_firmware3yz74acn583aj6u55df1j00w1b33j6u55b_firmwaret6t77a3aw51ad3q15b_firmwarej6x80ad4h21aa9t89av1n02a_firmwarecn598a_firmwarej9v82bcq890ej9v82a_firmwarem2u76cv136a_firmwaret8w35af9a29aa7f65ad9l64ae1d34am9l73af8b06acn216a_firmwarea9u23b4l03m2u85cn581ad3q15a_firmwarecn577a_firmwared7z37at0g25a_firmwarecx042_firmwarej7k33a_firmwarej6u69_firmwarek7v42cd3q20b_firmwarecq893a_firmwarecz045az4b56af9a28b_firmwarez4a54p4c78a_firmwarey3z46f9d36_firmwarecq893ar_firmwarej3p68a_firmwaret3p04a_firmwarem9l81aj9v87ak9t013aw44ab9s58a_firmwared3a78bb4l08a_firmwarecn577az6z97a_firmwarej6u69cz276a_firmwarecq893ea9j411jl02a2nd31af1h96d4h25a_firmwarecq893c2nd31a_firmwareb9s76a9j40acn581a_firmwared3q16a_firmwarecz283ad3p93a_firmwaref9a29a_firmwarem2u86_firmwarej6u59_firmwarek7s34a_firmwareg3j47aj9v80af8b05a_firmwaret5d66af8b12a_firmwarecr768af8b09_firmwarek7g93a_firmwarem2u91_firmwarem9l73a_firmwarek7g93aa9u28bj7a28acq890bf5r96af8b13a_firmwarey5h60a_firmwaret0g56a_firmwarek4u04b_firmware1dt61ak9u05b_firmwarej7k34acx042d3q21ay3z57_firmwarecq176_firmwarey3z44cx017aj6x80a_firmwaref5r95_firmwarej6u55ay3z47e3e02a_firmwaref9a28bj9v86ae3e03a_firmwarecz992a_firmwarek9z76a_firmwarey5h60acq890e_firmwarem2u91d3q17ccn463a_firmwarecq891az6z11ag1w52af9a29b_firmwared3a82a_firmwarej5t77a_firmwaref0m65a_firmwarem2u751sh08cz992a4uj28b_firmwarecr769ak9z76dp4c78ay5z00acr7770a_firmwared3p93am9l65ad3q19a_firmwareg0v48c_firmwaret1q00_firmwaref5s57a_firmwarej9v82ccn459aa9u19ag0v48b_firmwarej5t77ab9s56a_firmwarew3u23_firmwarez4b07a_firmwarem9l80a_firmwarecx017a_firmwarez6z11a_firmwarej6u59j7k33aj7a28a_firmwarek7g86_firmwarecv037a_firmwarek9h57_firmwareb9s76_firmwaref0v67j9v80b_firmware1sh08_firmwareb9s57c_firmwarecz282al9b95ad9l18ad3q20dcn463al8l91a_firmwared3q20c_firmwaret8w51a_firmwaret0g50a_firmwarej6u63m2q28at0f29acz293ad3q16c_firmwarej6u55c_firmwarecr768a_firmwaren9m07ak9h48cq761ad9l18a_firmwaret8x44cz294a_firmwarem9l81a_firmwarey3z44_firmwarecq893an4l14c_firmwared3q17dk9t01_firmwarey3z46_firmwaret6t77a_firmwarecz292a_firmwarez4a54_firmwaref0v63_firmwared9l63ad3q16d_firmwarecq891a_firmwarej6u55ccz045a_firmwaree2d42a_firmwaref0v63z4b07ak9v76j7a31ak7g86d9l20ab4l03_firmwarea9u19a_firmwarecq890aj9v82b_firmwarecn216af5s60a_firmwared4h22acr769a_firmwareb9s56an4k99ck4u04bf5s57aj9v86a_firmwaref5s00_firmwarea9j40a_firmwarej6u57bt1p36_firmwarea9j41_firmwarew1b31g5j38a_firmwarecq761a_firmwarecn460a_firmwaree1d34a_firmwaref1h97cz152ab4l08ag1w52a_firmwared4h24b_firmwarey5z00a_firmwared3q21cg3j47a_firmwarel8l91aj9v80bd3q17acr7770am9l65a_firmwaret0g45a_firmwarew1b37f8b13ay3z47_firmwared3a78b_firmwarej9v82c_firmwarey3z54cq890dt0f28ay3z54_firmwarey0s18a_firmware4sc29a_firmwaret5d67a_firmwaret1p36cz293a_firmwared3q17d_firmwarecn461acq890d_firmwaren4l18c_firmwarek9v76_firmwarecz292al9b95a_firmwarecq890b_firmwaref9a28ak4t99b_firmwarew1b38_firmwarecz284at0k98a_firmwared3q16cf5s65a_firmwarel9d57a_firmwarec9s13a_firmwarek9z76d_firmware3aw51a_firmwared3q15d_firmwarej3p68ay0s19at0g54ak7s42acz993acz284a_firmwarea9t89a_firmwared3q19d_firmwaret0g70acq893b_firmwaret1p99n4k99c_firmwared3q20a_firmwaref8b04a_firmwarey3z45_firmwarej6u57b_firmwarez6z95ad7z37a_firmwarev1n08a_firmware4uj28bcq891b_firmwaret0g54a_firmwarek7s34ad3q16bk9h57e2d42ak7v35_firmwaret8w51af1h97_firmwarek7g18acz025a_firmwarez6z97ag0v47_firmwared9l20a_firmware3aw44a_firmwarey3z57n9m07a_firmwared9l19aa7f66a_firmwarem2u81_firmwarej6u55ba9u23_firmwaref9d36d3q21a_firmwaren4l14ck7c84d3q20d_firmwaref5s43p0r21aa7f64a_firmwaret0f29a_firmwarea7f64aa9t80a_firmwarecq893arcq183ad3q16df1j00_firmwaret8x39g0v48bcn598ay3z45d3q21c_firmwaref8b12av6d27v6d27_firmwarew1b39f0v67_firmwarem2u75_firmwarek9u05bj9v82dz6z95a_firmwaret0a23a_firmwared4j85b_firmwareg5j38at1p99_firmwaret0g70a_firmwared4h25ak7s37ag1x85a_firmwarecz294ad3q20bd4j74_firmwared3q16b_firmwared3q20cg0v48cd4h24bHP inkjet printers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-0213
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.52% / 88.72%
||
7 Day CHG~0.00%
Published-07 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-virtual_roomsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5607
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-34.60% / 96.87%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-12463
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.3||HIGH
EPSS-19.33% / 95.15%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-fortify_software_security_centerFortify Software Security Center
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-8994
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-operations_orchestrationHPE Operations Orchestration
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8988
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 72.52%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-xp_command_viewHPE Command View Advanced Edition
CVE-2017-8990
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-35.78% / 96.95%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-imc_wireless_service_managerHPE Intelligent Management Center (IMC) Wirelss Service Manager
CVE-2017-8992
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-2.89% / 85.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-centralview_fraud_risk_managementHPE CentralView Fraud Risk Management
CVE-2017-8979
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.08% / 86.24%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-out_2_firmwareintegrated_lights-outIntegrated Lights-Out 2 (iLO 2)
CVE-2017-8960
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 77.72%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-msa_2040_san_storagemsa_1040_san_storage_firmwaremsa_2040_san_storage_firmwaremsa_1040_san_storageMSA 1040 and 2040 SAN Storage
CVE-2017-7657
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-6.68% / 90.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationDebian GNU/LinuxHP Inc.
Product-rest_data_serviceselement_software_management_nodexp_p9000element_softwaresnapcenterdebian_linuxxp_p9000_command_viewhci_storage_nodessnapmanagere-series_santricity_os_controlleroncommand_system_managere-series_santricity_managementretail_xstore_point_of_servicesnap_creator_frameworke-series_santricity_web_servicessantricity_cloud_connectoroncommand_unified_managerjettyEclipse Jetty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-7658
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-9.39% / 92.47%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationDebian GNU/LinuxHP Inc.
Product-rest_data_serviceshci_storage_nodexp_p9000storage_services_connectorsolidfiresnapcenterretail_xstore_paymentdebian_linuxxp_p9000_command_viewsnapmanagerhci_management_nodee-series_santricity_os_controlleroncommand_system_managerretail_xstore_point_of_servicee-series_santricity_managementsnap_creator_frameworkoncommand_unified_manager_for_7-modesantricity_cloud_connectore-series_santricity_web_servicesjettyEclipse Jetty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2017-5810
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-13.40% / 93.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-network_automationNetwork Automation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-5792
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-82.05% / 99.16%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-5641
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-37.36% / 97.06%
||
7 Day CHG~0.00%
Published-28 Dec, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

Action-Not Available
Vendor-The Apache Software FoundationHP Inc.
Product-flex_blazedsxp_command_view_advanced_editionApache Flex Blaze DS
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-2750
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-15.06% / 94.31%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 16:00
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.

Action-Not Available
Vendor-HP Inc.
Product-j7z08aj8a13a_firmwarecf068af2a68a_firmwarel2683aj7z14acf081ace708acf235a_firmwarej7z11a_firmwareb5l25a_firmwarej8a12ab5l25aj8j78a_firmwarej8a10aj7z98af2a77aj7x28aj8a11a_firmwareb5l26a_firmwaree6b68aj8j76aj8a06al1h45acz251a_firmwarecc419ad3l10aj8j74al2717a_firmwarej7z09a_firmwaref2a81a_firmwaref2a71a_firmwared7p68a_firmwarecf235al3u41a_firmwarecz248a_firmwarecz249a_firmwarej7z07a_firmwarej7z03ace707aj7z13acf067a_firmwareg1w47vj8j80a_firmwareg1w41al3u43a_firmwarece991acd645a_firmwareb3g84ag1w39ab5l06vj8j73a_firmwarecf082ag1w39a_firmwarel3u70ab3g85a_firmwareg1w40vj7z05a_firmwarec2s11v_firmwarecz249acc421a_firmwarej7z98a_firmwarecf066a_firmwaree6b69ab5l23a_firmwarej8j74a_firmwaref2a71am0p36ad3l10a_firmwarea2w75a_firmwarej7z12a_firmwareg1w46vj8j73acf117a_firmwarej8a17al3u42a_firmwarecf116aj8j79ae6b72am0p40ae6b72a_firmwarel3u51aa2w79a_firmwarecz255aa2w76a_firmwarec2s11vj8j66acz250a_firmwarej8j71a_firmwarej8a10a_firmwarej8j63ab5l46a_firmwarece990ab5l49aa2w77ad7p73al1h45a_firmwarek0q21ac2s12v_firmwarem0p39a_firmwareg1w40ak0q22ace991a_firmwareb5l04vb3g85aa2w75acd644a_firmwarej7z13a_firmwarecz244a_firmwarec2s12al3u42al3u55a_firmwarecz245af2a70a_firmwarek0q17acz251aj7z06a_firmwareg1w47a_firmwaree6b70a_firmwarecz248al3u59a_firmwarece989a_firmwarej7z11af2a68ag1w40a_firmwarej7z03a_firmwarej7x28a_firmwarek0q18a_firmwarece707a_firmwared7p71a_firmwarek0q14a_firmwarece708a_firmwarecf069aa2w78a_firmwarek0q19acc419a_firmwarecz255a_firmwarej7z10ag1w41vd3l09a_firmwarecc420a_firmwaree6b67aj8j71ace990a_firmwarece989al3u43aj8a04a_firmwarek0q21a_firmwarece992al3u52a_firmwarecd645aj7z14a_firmwarecf367a_firmwarece738acf068a_firmwarej8j80ad7p73a_firmwarea2w78ab5l54a_firmwareb5l48a_firmwarecz257a_firmwarea2w79ad7p71v_firmwarej8j66a_firmwarea2w76aj8a06a_firmwarecf236acf083a_firmwarel2683a_firmwarej7z09ace504ag1w41v_firmwaref2a69al3u60aj8j72a_firmwarecz245a_firmwarece709al3u41al3u56a_firmwarej7z04a_firmwarej8j65a_firmwareg1w47v_firmwarec2s11am0p40a_firmwaree6b71a_firmwarece993acf069a_firmwaree6b73a_firmwarez5g79am0p33aj8a13am0p35acz250ad7p68ace504a_firmwarel3u44a_firmwarec2s12a_firmwareb5l24a_firmwarece996a_firmwarel3u70a_firmwarecf238a_firmwarej8j64aj7z04acf118acd646a_firmwarej7z07acf236a_firmwared7p71vl2762a_firmwarej8j70af2a69a_firmwaree6b67a_firmwarej7z99ab5l07ag1w46v_firmwared3l08a_firmwarek0q20a_firmwarej7z10a_firmwareb5l07a_firmwaree6b68a_firmwarej7z05acz258a_firmwarej8a17a_firmwareb5l05acz244aj8a12a_firmwarecc421acf067ab5l06ak0q15a_firmwarek0q18ab5l50ag1w39v_firmwareb5l04ace709a_firmwarek0q17a_firmwareg1w39vf2a76ae6b69a_firmwareb3g84a_firmwarem0p35a_firmwarez5g77a_firmwarel3u59aj8j72ace995a_firmwarecf117aj7z08a_firmwarecf118a_firmwarej7z12ae6b70al3u51a_firmwarel3u44ace738a_firmwarece995acf066aj8a05a_firmwarece996acz257al3u55ab5l04a_firmwarek0q15al3u66a_firmwarek0q19a_firmwarea2w77a_firmwarej7z99a_firmwarecz256a_firmwareb5l05vb5l06a_firmwarel3u60a_firmwarej8a05ace994ab5l06v_firmwaree6b73aj8j64a_firmwarej8j76a_firmwareb5l47ab5l48af2a81ab5l50a_firmwareb5l49a_firmwarece993a_firmwarej8j63a_firmwarel3u56al3u40a_firmwareb5l54al3u65acd644am0p33a_firmwarecf238az5g77ab5l46ac2s12v-d3l08acz258am0p36a_firmwareg1w46a_firmwarel2762aj8j70a_firmwarec2s11a_firmwaree6b71aj8a11af2a76a_firmwarece503a_firmwareb5l05a_firmwarecf083af2a77a_firmwarecf082a_firmwarel3u52acd646ag1w40v_firmwarel3u65a_firmwarej7z06aj8j65al3u66ab5l24acf116a_firmwareb3g86ab3g86a_firmwarem0p39ag1w41a_firmwareb5l04v_firmwarece992a_firmwarej8a04ab5l23ad3l09aj8j78acz256ak0q20ak0q22a_firmwarek0q14ace503ad7p71acf081a_firmwareg1w47acc420aj8j79a_firmwareg1w46ace994a_firmwareb5l26al2717ab5l05v_firmwarez5g79a_firmwaref2a70al3u40ab5l47a_firmwarecf367aHP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found