Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-24646

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-19 Oct, 2020 | 17:34
Updated At-04 Aug, 2024 | 15:19
Rejected At-
Credits

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:19 Oct, 2020 | 17:34
Updated At:04 Aug, 2024 | 15:19
Rejected At:
▼CVE Numbering Authority (CNA)

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Affected Products
Vendor
n/a
Product
HPE Intelligent Management Center (iMC)
Versions
Affected
  • Prior to iMC PLAT 7.3 (E0705P07)
Problem Types
TypeCWE IDDescription
textN/Atftpserver stack-based buffer overflow remote code execution
Type: text
CWE ID: N/A
Description: tftpserver stack-based buffer overflow remote code execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
x_refsource_MISC
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
x_refsource_MISC
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:19 Oct, 2020 | 18:15
Updated At:21 Oct, 2020 | 17:10

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
HP Inc.
hp
>>intelligent_management_center>>Versions before 7.3(exclusive)
cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:-:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0501:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0503:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0503p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p04:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p4:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p03:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p07:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p09:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605h02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605h05:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605p04:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605p06:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705p04:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705p06:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2734Records found
CVE-2016-1985
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.41% / 84.75%
||
7 Day CHG~0.00%
Published-30 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsoperations_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-1997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 85.25%
||
7 Day CHG~0.00%
Published-22 Mar, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationoperations_orchestration_contentn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.23% / 86.77%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.
Product-release_controln/a
CWE ID-CWE-284
Improper Access Control
CVE-2008-1662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.57% / 85.21%
||
7 Day CHG~0.00%
Published-01 Aug, 2008 | 14:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxsystem_administration_managern/a
CWE ID-CWE-16
Not Available
CVE-2016-2007
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-47.25% / 97.60%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CVE-2023-35980
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 74.89%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:28
Updated-07 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points running InstantOS and ArubaOS 10arba_access_points_running_instantos_and_arubaos_10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-35981
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 81.94%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:28
Updated-07 Nov, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points running InstantOS and ArubaOS 10arba_access_points_running_instantos_and_arubaos_10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-35982
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 74.89%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:28
Updated-07 Nov, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points running InstantOS and ArubaOS 10arba_access_points_running_instantos_and_arubaos_10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2009-0720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.86% / 90.35%
||
7 Day CHG~0.00%
Published-05 May, 2009 | 17:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-43017
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.5||HIGH
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 20:40
Updated-21 Jan, 2026 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP ThinPro 8.1 SP8 Security Updates

HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-thinproHP ThinPro 8.1
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2009-0718
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.62% / 89.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-storageworks_storage_mirroringn/a
CVE-2006-5558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.08% / 88.28%
||
7 Day CHG~0.00%
Published-27 Oct, 2006 | 16:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2023-32674
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.01%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:40
Updated-03 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Action-Not Available
Vendor-HP Inc.
Product-pc_hardware_diagnosticsHP PC Hardware Diagnostics Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32673
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.73%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:39
Updated-03 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

Action-Not Available
Vendor-HP Inc.
Product-pc_hardware_diagnosticsimage_assistantthunderbolt_dock_g2thunderbolt_dock_g2_firmwareHP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware
CVE-2017-12542
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-10||CRITICAL
EPSS-94.25% / 99.93%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-out_4integrated_lights-out_4_firmwareIntegrated Lights-out 4 (iLO 4)
CVE-2023-30908
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 81.68%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 21:28
Updated-06 Mar, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote authentication bypass issue exists in a OneView API.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-oneviewHPE OneView
CVE-2023-30909
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-4.96% / 89.43%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 14:56
Updated-28 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote authentication bypass issue exists in some OneView APIs.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneViewoneview_global_dashboardoneview
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2006-0672
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.31% / 53.80%
||
7 Day CHG~0.00%
Published-13 Feb, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-psc_1210_all-in-onen/a
CVE-2008-0704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.67% / 85.46%
||
7 Day CHG~0.00%
Published-28 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-open_vms_tcp-ip_servicesintegrityalphan/a
CWE ID-CWE-264
Not Available
CVE-2008-0067
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-81.95% / 99.17%
||
7 Day CHG~0.00%
Published-08 Jan, 2009 | 19:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-32.49% / 96.74%
||
7 Day CHG~0.00%
Published-23 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.
Product-activexvirtual_roomsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.10% / 77.70%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_essentials_srm_standardstorage_essentials_srm_enterprisen/a
CWE ID-CWE-264
Not Available
CVE-2014-7891
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-30.08% / 96.54%
||
7 Day CHG~0.00%
Published-09 Mar, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.

Action-Not Available
Vendor-n/aHP Inc.
Product-pos_keyboard_fk221aapos_keyboard_with_msr_fk218aaole_point_of_sale_drivern/a
CVE-2005-4090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.53% / 80.96%
||
7 Day CHG~0.00%
Published-08 Dec, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2023-27972
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.83% / 87.87%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 15:59
Updated-30 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

Action-Not Available
Vendor-HP Inc.
Product-laserjet_pro_mfp_m478-m479_w1a76a_firmwarelaserjet_pro_m404-m405_w1a51a_firmwarelaserjet_pro_mfp_m478-m479_w1a77a_firmwarelaserjet_pro_m404-m405_w1a51alaserjet_pro_m453-m454_w1y43alaserjet_pro_m404-m405_93m22a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a32a_firmwarelaserjet_pro_m404-m405_w1a56alaserjet_pro_m404-m405_w1a52a_firmwarelaserjet_pro_m304-m305_w1a47alaserjet_pro_m304-m305_w1a48a_firmwarelaserjet_pro_m404-m405_w1a60a_firmwarelaserjet_pro_mfp_m478-m479_w1a75a_firmwarelaserjet_pro_mfp_m478-m479_w1a80a_firmwarelaserjet_pro_m404-m405_w1a56a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a38alaserjet_pro_mfp_m428-m429_w1a28a_firmwarelaserjet_pro_mfp_m428-m429_w1a31a_firmwarelaserjet_pro_m404-m405_w1a52alaserjet_pro_m404-m405_w1a63a_firmwarelaserjet_pro_m453-m454_w1y44a_firmwarelaserjet_pro_m453-m454_w1y47a_firmwarelaserjet_pro_mfp_m478-m479_w1a78alaserjet_pro_m404-m405_w1a59alaserjet_pro_m304-m305_w1a66alaserjet_pro_m404-m405_w1a58a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a35alaserjet_pro_mfp_m428-m429_f_w1a29a_firmwarelaserjet_pro_m404-m405_w1a58alaserjet_pro_mfp_m478-m479_w1a79alaserjet_pro_m453-m454_w1y46a_firmwarelaserjet_pro_m453-m454_w1y46alaserjet_pro_mfp_m428-m429_w1a28alaserjet_pro_m304-m305_w1a47a_firmwarelaserjet_pro_m453-m454_w1y40alaserjet_pro_mfp_m428-m429_w1a33a_firmwarelaserjet_pro_m453-m454_w1y43a_firmwarelaserjet_pro_mfp_m428-m429_w1a33alaserjet_pro_m404-m405_w1a53alaserjet_pro_m404-m405_w1a57a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a30alaserjet_pro_mfp_m428-m429_f_w1a29alaserjet_pro_m453-m454_w1y41alaserjet_pro_m453-m454_w1y45alaserjet_pro_mfp_m478-m479_w1a77alaserjet_pro_m304-m305_w1a66a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a38a_firmwarelaserjet_pro_mfp_m478-m479_w1a75alaserjet_pro_mfp_m478-m479_w1a82a_firmwarelaserjet_pro_m453-m454_w1y44alaserjet_pro_m453-m454_w1y47alaserjet_pro_m404-m405_w1a53a_firmwarelaserjet_pro_mfp_m478-m479_w1a80alaserjet_pro_m304-m305_w1a48alaserjet_pro_m404-m405_w1a60alaserjet_pro_mfp_m428-m429_w1a31alaserjet_pro_m304-m305_w1a46a_firmwarelaserjet_pro_m304-m305_w1a46alaserjet_pro_mfp_m478-m479_w1a78a_firmwarelaserjet_pro_m404-m405_93m22alaserjet_pro_mfp_m478-m479_w1a76alaserjet_pro_mfp_m478-m479_w1a81a_firmwarelaserjet_pro_m453-m454_w1y40a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a35a_firmwarelaserjet_pro_m404-m405_w1a63alaserjet_pro_m453-m454_w1y41a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a32alaserjet_pro_m453-m454_w1y45a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a34alaserjet_pro_mfp_m478-m479_w1a79a_firmwarelaserjet_pro_m404-m405_w1a59a_firmwarelaserjet_pro_m404-m405_w1a57alaserjet_pro_mfp_m428-m429_f_w1a30a_firmwarelaserjet_pro_mfp_m478-m479_w1a82alaserjet_pro_mfp_m428-m429_f_w1a34a_firmwarelaserjet_pro_mfp_m478-m479_w1a81aHP LaserJet Pro
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2007-6194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.57% / 85.21%
||
7 Day CHG~0.00%
Published-06 Dec, 2007 | 02:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-select_identityn/a
CVE-2024-4143
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.52%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 21:46
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP PC products using AMI BIOS – Buffer Overflow

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability.

Action-Not Available
Vendor-HP Inc.
Product-Certain HP PC Productsami_bios
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2007-6425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.82% / 85.84%
||
7 Day CHG~0.00%
Published-23 Jan, 2008 | 20:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-87.21% / 99.43%
||
7 Day CHG~0.00%
Published-13 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-47.25% / 97.60%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CVE-2007-5606
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-25.89% / 96.14%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CVE-1999-1573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.92% / 75.52%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2016-2006
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-47.25% / 97.60%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CVE-2023-26301
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 71.13%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 16:06
Updated-02 Aug, 2024 | 11:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

Action-Not Available
Vendor-HP Inc.
Product-color_laserjet_pro_4201-4203_4ra87fcolor_laserjet_pro_mfp_4301-4303_4ra83f_firmwarecolor_laserjet_pro_4201-4203_4ra87f_firmwarecolor_laserjet_pro_4201-4203_5hh52a_firmwarecolor_laserjet_pro_4201-4203_4ra89acolor_laserjet_pro_4201-4203_5hh59a_firmwarecolor_laserjet_pro_4201-4203_4ra89a_firmwarecolor_laserjet_pro_4201-4203_4ra88fcolor_laserjet_pro_4201-4203_5hh52acolor_laserjet_pro_mfp_4301-4303_4ra80f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra84f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra84fcolor_laserjet_pro_mfp_4301-4303_5hh65acolor_laserjet_pro_4201-4203_5hh53a_firmwarecolor_laserjet_pro_4201-4203_5hh51a_firmwarecolor_laserjet_pro_4201-4203_5hh48a_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra83fcolor_laserjet_pro_mfp_4301-4303_5hh66acolor_laserjet_pro_mfp_4301-4303_5hh72a_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh67a_firmwarecolor_laserjet_pro_4201-4203_4ra88f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra80fcolor_laserjet_pro_mfp_4301-4303_5hh64f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra81fcolor_laserjet_pro_mfp_4301-4303_5hh65a_firmwarecolor_laserjet_pro_4201-4203_5hh59acolor_laserjet_pro_4201-4203_5hh51acolor_laserjet_pro_mfp_4301-4303_4ra81f_firmwarecolor_laserjet_pro_4201-4203_5hh53acolor_laserjet_pro_mfp_4301-4303_4ra82f_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh73a_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh66a_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh73acolor_laserjet_pro_mfp_4301-4303_5hh67acolor_laserjet_pro_mfp_4301-4303_4ra82fcolor_laserjet_pro_mfp_4301-4303_5hh72acolor_laserjet_pro_mfp_4301-4303_5hh64fcolor_laserjet_pro_4201-4203_5hh48aHP LaserJet Pro
CWE ID-CWE-862
Missing Authorization
CVE-2007-6195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-22.85% / 95.75%
||
7 Day CHG~0.00%
Published-15 Dec, 2007 | 01:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5610
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-14.69% / 94.32%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CVE-2007-4916
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-71.29% / 98.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2007 | 17:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-photo_and_imaging_galleryall-in-on_printern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-26295
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 84.67%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:18
Updated-06 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Action-Not Available
Vendor-HP Inc.
Product-hp_device_managerHP Device Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-1988
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.50% / 94.04%
||
7 Day CHG~0.00%
Published-15 Mar, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_automationn/a
CVE-2023-22783
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22785
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22782
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-31 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22786
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22781
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-31 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22779
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:02
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22784
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22780
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 77.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:03
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-23477
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.11% / 29.71%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 17:24
Updated-25 Mar, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

Action-Not Available
Vendor-HP Inc.IBM CorporationOracle CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-31469
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.10% / 86.49%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 22:25
Updated-24 Jun, 2025 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAOS-8 Instant and AOS-10 APinstantarubaos
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2017-13983
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-14.92% / 94.38%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.

Action-Not Available
Vendor-n/aHP Inc.
Product-bsm_platform_application_performance_management_system_healthn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 54
  • 55
  • Next
Details not found