Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7135

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-27 Apr, 2020 | 14:16
Updated At-04 Aug, 2024 | 09:18
Rejected At-
Credits

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:27 Apr, 2020 | 14:16
Updated At:04 Aug, 2024 | 09:18
Rejected At:
▼CVE Numbering Authority (CNA)

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE Service Pack for ProLiant
Versions
Affected
  • 2018.06.0
  • 2018.09.0
  • 2018.11.0
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE Server Solid State Drives
Versions
Affected
  • HPG2
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE Server SAS Hard Drives
Versions
Affected
  • HPG2
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE Server SATA Hard Drives
Versions
Affected
  • HPG2
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE SATA Read Intensive Solid State Drives
Versions
Affected
  • HPG2
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE NVMe Mixed Use Solid State Drives
Versions
Affected
  • HPG2
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE Business Critical Hard Drives
Versions
Affected
  • HPG2
Vendor
Hewlett Packard Enterprise (HPE)HPE
Product
HPE Server Enterprise Hard Drives
Versions
Affected
  • HPG2
Problem Types
TypeCWE IDDescription
textN/Alocal execution of arbitrary code with privilege elevation
Type: text
CWE ID: N/A
Description: local execution of arbitrary code with privilege elevation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us
x_refsource_CONFIRM
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:27 Apr, 2020 | 15:15
Updated At:21 Jul, 2021 | 11:39

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>service_pack_for_proliant>>2018.06.0
cpe:2.3:a:hp:service_pack_for_proliant:2018.06.0:*:*:*:*:*:*:*
HP Inc.
hp
>>service_pack_for_proliant>>2018.09.0
cpe:2.3:a:hp:service_pack_for_proliant:2018.09.0:*:*:*:*:*:*:*
HP Inc.
hp
>>service_pack_for_proliant>>2018.11.0
cpe:2.3:a:hp:service_pack_for_proliant:2018.11.0:*:*:*:*:*:*:*
HP Inc.
hp
>>service_pack_for_proliant>>2019.03.0
cpe:2.3:a:hp:service_pack_for_proliant:2019.03.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

130Records found
CVE-2006-5452
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.21% / 43.66%
||
7 Day CHG~0.00%
Published-23 Oct, 2006 | 17:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64hp-uxn/a
CVE-2015-0949
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2006-1248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-17 Mar, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2014-2631
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.36% / 57.05%
||
7 Day CHG~0.00%
Published-12 Aug, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138.

Action-Not Available
Vendor-n/aHP Inc.
Product-application_lifecycle_managementn/a
CVE-2014-2639
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.28% / 51.01%
||
7 Day CHG~0.00%
Published-28 Sep, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-mpio_device_specific_module_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-7303
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2014-7302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.95%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2001-0772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 32.11%
||
7 Day CHG~0.00%
Published-12 Oct, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2014-7301
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.12% / 32.48%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.

Action-Not Available
Vendor-n/aHP Inc.
Product-sgi_tempon/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2001-0311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-45.88% / 97.54%
||
7 Day CHG+4.70%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

Action-Not Available
Vendor-n/aHP Inc.
Product-omniback_iihp-uxn/a
CVE-2001-0607
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0278
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.70%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-mpe_ixn/a
CVE-2000-1031
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.42% / 60.92%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64hp-uxn/a
CVE-2000-0468
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.26% / 49.27%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2000-0730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.70%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2000-0616
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

Action-Not Available
Vendor-n/aHP Inc.
Product-mpe_ixn/a
CVE-2019-18619
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.36%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 13:15
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Action-Not Available
Vendor-synapticsn/aHP Inc.Lenovo Group Limited
Product-thinkpad_t480_firmwarethinkpad_t470_\(20hx\)thinkpad_p50_firmwarethinkpad_x1_carbon_firmwareenvy_x360_-_15t-dr100_firmwarethinkpad_25thinkpad_e580_firmwarethinkpad_e490thinkpad_e590_firmwareenvy_17m-bw0xxx_firmwareenvy_13-aq0xxxenvy_17-bw0xxx_firmwarethinkpad_t490thinkpad_t470s_\(20jx\)_firmwarethinkpad_t570\(20jx\)_firmwarethinkpad_x280_firmwarethinkpad_p73_firmwarethinkpad_t590thinkpad_p53envy_15-dr0xxx_x360envy_15m-dr0xxx_x360_\(validity_fps\)thinkpad_p72_firmwarethinkpad_x1_tabletenvy_-_17t-ce000_firmwarethinkpad_p52thinkpad_l480thinkpad_p70thinkpad_x1_carbon_\(20hx\)thinkpad_x390_firmwarethinkpad_r490_firmwareenvy_x360_-_15t-dr100_\(validity_fps\)pavilion_x360_-_14t-cd000_firmwarethinkpad_t570_\(20hx\)_firmwarethinkpad_x270envy_15-dr1xxx_x360_\(validity_fps\)envy_x360_-_15t-dr100thankpad_a485_firmwarethinkpad_t460penvy_13-aq1xxxthinkpad_p1envy_-_17t-ce100thinkpad_l580_firmwareenvy_-_17t-bw000envy_15-dr0xxx_x360_\(validity_fps\)pavilion_x360_14t-dh000thinkpad_x1_tablet_firmwarespectre_x360_firmwarethinkpad_x280thinkpad_x390envy_17-ce0xxx_firmwarepavilion_14-cd2xxx_x360pavilion_x360_14t-dh000_firmwarethinkpad_yoga_370envy_-_13t-ah100_firmwareenvy_17m-bw0xxxthinkpad_s3_firmwareenvy_13-ah0xxx_firmwareenvy_x360_-_15t-cn000_firmwarethinkpad_p71_\(20hx\)_firmwarethinkpad_t470s_\(20hx\)thinkpad_t490_firmwarethinkpad_x390_yoga_firmwareenvy_x360_-_15t-dr000thinkpad_r590_firmwareenvy_15-cn1xxx_x360thinkpad_t580thinkpad_t590_firmwarethinkpad_x1_yoga_firmwarethinkpad_t570\(20jx\)thinkpad_x1_extremethinkpad_x1_yogathinkpad_e485_firmwareenvy_x360_-_15t-cn000envy_13-ah1xxx_firmwarepavilion_14-cd1xxx_x360thinkpad_x1_carbonthinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarethinkpad_p51s_\(20kx\)pavilion_15thinkpad_p52s_firmwarethinkpad_r490envy_15-dr1xxx_x360_firmwarethinkpad_p51s_\(20hx\)envy_15-cn0xxx_x360_firmwareenvy_-_13t-aq100envy_13-aq0xxx_firmwareenvy_13-ah0xxxthinkpad_a275_firmwarethinkpad_e585pavilion_14m-dh0xxx_x360pavilion_15_firmwarethinkpad_x1_carbon_\(20kx\)envy_17m-ce1xxx_firmwareenvy_17-ce1xxxthinkpad_e590thinkpad_x1_yoga_3rd_genthinkpad_x380_yoga_firmwareenvy_15m-dr1xxx_x360_\(validity_fps\)envy_-_17t-bw000_firmwarepavilion_14-cd1xxx_x360_firmwarethinkpad_e490sthinkpad_t470_\(20jx\)thinkpad_p1_firmwarethinkpad_p51s_\(20jx\)envy_x360_-_15t-dr100_\(validity_fps\)_firmwarethinkpad_x1_carbon_\(20kx\)_firmwarethinkpad_x1_yoga_4th_genpavilion_14-cd2xxx_x360_firmwarethinkpad_t570_\(20hx\)thinkpad_p52_firmwarepavilion_x360_-_14t-cd000thinkpad_t470s_\(20hx\)_firmwareenvy_15-dr1xxx_x360_\(validity_fps\)_firmwarethinkpad_t470_\(20hx\)_firmwarethinkpad_t580_firmwarethinkpad_a275thinkpad_e485thinkpad_x380_yogathinkpad_l480_firmwarethinkpad_yoga_s1_firmwarethinkpad_p53sthinkpad_t480sthankpad_a485envy_15m-dr0xxx_x360thinkpad_p71_\(20hx\)envy_x360_-_15t-dr000_\(validity_fps\)_firmwarethinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarevfs75xxthinkpad_t460spavilion_x360_-_15t-dq000_firmwarethinkpad_x390_yogaenvy_13-aq1xxx_firmwarethinkpad_t25_\(20k7\)_firmwarepavilion_x360_-_15t-dq000pavilion_14-dh0xxx_x360pavilion_x360_14t-cd100_firmwareenvy_-_13t-aq100_firmwarepavilion_14m-dh0xxx_x360_firmwarethinkpad_p43sthinkpad_x1_yoga_4th_gen_firmwarethinkpad_x1_extreme_firmwarethinkpad_x1_yoga_3rd_gen_firmwareenvy_15m-cn0xxx_x360_firmwarepavilion_14m-cd0xxx_x360thinkpad_p51s_\(20kx\)_firmwarethankpad_a475_firmwarethinkpad_t490s_firmwarethinkpad_p51s_\(20hx\)_firmwarepavilion_x360_-_15t-dq100pavilion_14m-cd0xxx_x360_firmwarethinkpad_25_firmwarepavilion_14-dh0xxx_x360_firmwarespectre_x360thinkpad_l580thinkpad_p50thinkpad_r590envy_15-dr0xxx_x360_firmwarethinkpad_e580envy_17-bw0xxxenvy_15m-dr1xxx_x360_firmwareenvy_17-ce0xxxenvy_13-ah1xxxpavilion_x360_-_15t-dq100_firmwareenvy_15-dr0xxx_x360_\(validity_fps\)_firmwarethinkpad_x1_tablet_\(20jx\)thinkpad_e490s_firmwareenvy_15m-dr0xxx_x360_firmwarethinkpad_x1_yoga_\(20jx\)thinkpad_p1_gen_2envy_15-dr1xxx_x360thinkpad_t470p_firmwarethinkpad_e480_firmwareenvy_15m-dr1xxx_x360envy_17m-ce1xxxthinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_s1_3rd_firmwarethinkpad_t460s_firmwareenvy_x360_-_15t-dr000_\(validity_fps\)thinkpad_x1_tablet_\(20jx\)_firmwareenvy_17m-ce0xxx_firmwarethinkpad_p53_firmwarepavilion_x360_14t-cd100thinkpad_x270_firmwareenvy_-_17t-ce100_firmwarethankpad_a475thinkpad_t25_\(20k7\)envy_15m-cn0xxx_x360envy_x360_-_15t-dr000_firmwarevfs75xx_firmwareenvy_15-cn1xxx_x360_firmwarethinkpad_s1_3rdenvy_17-ce1xxx_firmwarethinkpad_e480thinkpad_t480s_firmwarethinkpad_p51thinkpad_yoga_260thinkpad_s3envy_15-cn0xxx_x360thinkpad_t470_\(20jx\)_firmwarethinkpad_e585_firmwarethinkpad_t490sthinkpad_p73thinkpad_p72envy_17m-ce0xxxthinkpad_t470pthinkpad_x1_yoga_\(20jx\)_firmwarethinkpad_yoga_260_firmwarethinkpad_yoga_s1envy_15m-dr0xxx_x360_\(validity_fps\)_firmwarethinkpad_t470s_\(20jx\)thinkpad_yoga_370_firmwareenvy_15m-dr1xxx_x360_\(validity_fps\)_firmwarethinkpad_p53s_firmwareenvy_-_17t-ce000thinkpad_p51s_\(20jx\)_firmwarethinkpad_t480envy_-_13t-ah100thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_p43s_firmwarethinkpad_x1_carbon_\(20hx\)_firmwaren/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2017-17482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.56%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 15:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-16286
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 21:49
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.

Action-Not Available
Vendor-HPHP Inc.
Product-thinpro_linuxThinPro Linux
CWE ID-CWE-287
Improper Authentication
CVE-2013-2339
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.63%
||
7 Day CHG~0.00%
Published-29 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Thin Client allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-t610_plus_flexible_thin_clientt5565z_smart_clientt510_flexible_thin_clientt410_all-in-one_smart_zero_clientsmart_zero_coret610_flexible_thin_clientt410_smart_zero_clientn/a
CVE-2005-1433
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-03 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_event_correlation_servicesn/a
CVE-2005-0547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.23% / 45.47%
||
7 Day CHG-0.15%
Published-25 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2004-0940
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.70% / 90.05%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Action-Not Available
Vendor-trustixopenpkgn/aSlackwareSUSEHP Inc.The Apache Software Foundation
Product-hp-uxslackware_linuxhttp_serveropenpkgsuse_linuxsecure_linuxn/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2020-6931
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.92%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:07
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

Action-Not Available
Vendor-n/aHP Inc.
Product-print_and_scan_doctorHP Print and Scan Doctor
CVE-2000-0083
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-18 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2000-0414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.10% / 28.83%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxvvosn/a
CVE-2002-1439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.10% / 29.05%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.

Action-Not Available
Vendor-n/aHP Inc.
Product-virtualvaultvvosn/a
CVE-2002-1473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-17.34% / 94.79%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2002-1797
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer.

Action-Not Available
Vendor-n/aHP Inc.
Product-chaivmn/a
CVE-2000-0755
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.70%
||
7 Day CHG~0.00%
Published-21 Sep, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2002-1611
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 33.90%
||
7 Day CHG~0.00%
Published-25 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64hp-uxn/a
CVE-2002-1796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

Action-Not Available
Vendor-n/aHP Inc.
Product-chaivm_ezloaderlaserjet_8150laserjet_4550laserjet_4100laserjet_4500n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2002-0279
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.13% / 33.26%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 30.72%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-1506
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-21 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.

Action-Not Available
Vendor-n/aHP Inc.
Product-secure_osn/a
CVE-2000-1057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2016-0728
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-56.01% / 98.01%
||
7 Day CHG+0.62%
Published-08 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLCDebian GNU/LinuxHP Inc.Canonical Ltd.
Product-linux_kernelubuntu_linuxserver_migration_packdebian_linuxandroidn/a
CVE-2001-0379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2020-28416
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.64%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:02
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-officejet_pro_6830_m0f56aofficejet_pro_8732m_t0g56aofficejet_6960_t0g26a_firmwareofficejet_pro_8732m_t0g59aofficejet_pro_6960_t0g25aofficejet_pro_8747_k7s41a_firmwareofficejet_6960_t0g25a_firmwareofficejet_pro_8732m_t0g59a_firmwareofficejet_pro_8732m_t0g56a_firmwareofficejet_pro_6960_j7k33aofficejet_pro_8745_k7s43aofficejet_6835_t6t84aofficejet_4650_f1h96aofficejet_5740_b9s78apagewide_377dw_j9v80bofficejet_pro_8712_t0g46aofficejet_252c_n4l18cofficejet_pro_6830_e3e02aofficejet_4654_k9v76aofficejet_pro_8717_k7s38aofficejet_pro_8728_t0g54a_firmwarepagewide_pro_477dn_d3q19aofficejet_pro_8715_j6x76aofficejet_pro_8716_j6x81aofficejet_4650_f9d37a_firmwareofficejet_4651_k9v83b_firmwareofficejet_6960_t0f30aofficejet_6950_p4c85apagewide_managed_p52750dw_j9v78b_firmwarepagewide_managed_p57750dw_j9v82b_firmwareofficejet_pro_6970_t0f35aofficejet_pro_8743_t0g65aofficejet_7512_k1z44a_firmwareofficejet_6960_j7k33aofficejet_pro_8732m_t0g58a_firmwarepagewide_377dw_j9v80b_firmwarepagewide_pro_477dw_d3q20dofficejet_pro_8715_j6x78a_firmwareofficejet_pro_8728_t0g54aofficejet_pro_6960_t0f30aofficejet_6950_p4c84aofficejet_6950_p4c85a_firmwarepagewide_managed_p57750dw_9v82aofficejet_4650_f1h96a_firmwareofficejet_pro_6960_t0g26a_firmwareofficejet_pro_6970_t0f35a_firmwareofficejet_4655_f1j00a_firmwareofficejet_pro_6835_j2d37a_firmwarepagewide_managed_p57750dw_j9v82bpagewide_pro_477dn_d3q19d_firmwareofficejet_6960_j7k39aofficejet_pro_6970_t0f34a_firmwareofficejet_pro_6970_j7k42aofficejet_pro_8720_m9l75a_firmwareofficejet_pro_8720_d9l19aofficejet_pro_8727_j7a29aofficejet_pro_8718_t0g47a_firmwareofficejet_pro_6970_j7k34apagewide_managed_p57750dw_j9v82cofficejet_6960_j7k37a_firmwareofficejet_4655_f1j00aofficejet_5746_f8b09aofficejet_pro_8725_j7a28a_firmwareofficejet_6950_t3p03aofficejet_4655_k9v82bpagewide_managed_p57750dw_j9v82c_firmwareofficejet_5744_b9s85a_firmwareofficejet_6960_j7k38aofficejet_pro_8715_k7s37a_firmwareofficejet_pro_6960_j7k39aofficejet_258_n4l17aofficejet_pro_6970_t0f37apagewide_pro_477dn_d3q19dofficejet_4658_v6d28b_firmwareofficejet_pro_8712_t0g46a_firmwareofficejet_pro_8718_t0g48a_firmwarepagewide_377dw_j9v80a_firmwareofficejet_4651_k9v83bofficejet_pro_8740_d9l21aofficejet_pro_8732m_t0g57apagewide_managed_p57750dw_9v82a_firmwarepagewide_pro_477dn_d3q19bofficejet_pro_6960_j7k33a_firmwareofficejet_pro_6960_t0g26aofficejet_4656_k9v81bofficejet_pro_8732m_t0g57a_firmwareofficejet_252c_n4l18c_firmwarepagewide_pro_477dw_d3q20apagewide_managed_p57750dw_j9v82d_firmwareofficejet_6960_t0f28aofficejet_4656_k9v81b_firmwareofficejet_6960_t0f30a_firmwareofficejet_5744_b9s82a_firmwareofficejet_250c_l9d57a_firmwareofficejet_pro_6960_t0f31a_firmwareofficejet_pro_6960_j7k38a_firmwarepagewide_pro_577dw_d3q21cofficejet_6950_p4c81aofficejet_4650_k9v77a_firmwareofficejet_250c_l9d57apagewide_377dw_j9v80aofficejet_pro_6970_t0f39a_firmwareofficejet_7510_g3j47a_firmwareofficejet_5742_f8b11aofficejet_5744_b9s82aofficejet_4650_k9v85b_firmwareofficejet_pro_8710_j6x79a_firmwarepagewide_pro_477dw_w2z53bpagewide_pro_577dw_d3q21a_firmwareofficejet_pro_6830c_l3l04a_firmwareofficejet_pro_7740_g5j38aofficejet_pro_8725_m9l80a_firmwareofficejet_6950_p4c82aofficejet_pro_6960_t0g25a_firmwarepagewide_pro_577dw_d3q21b_firmwareofficejet_4652_f1j02a_firmwareofficejet_pro_6960_t0f31aofficejet_pro_6970_j7k34a_firmwareofficejet_6835_t6t84a_firmwareofficejet_5740_b9s76a_firmwareofficejet_6960_t0f31a_firmwareofficejet_pro_6960_t0f32aofficejet_4658_v6d30bofficejet_pro_8745_j6x83aofficejet_pro_8740_k7s42aofficejet_pro_8725_k7s34aofficejet_pro_8720_k7s36aofficejet_pro_8744_k7s39aofficejet_pro_6960_t0f38a_firmwareofficejet_pro_8710_m9l67aofficejet_250_cz992aofficejet_6960_j7k38a_firmwareofficejet_pro_8740_d9l21a_firmwareofficejet_6960_t0f28a_firmwareofficejet_pro_8746_k7s40aofficejet_4658_v6d30b_firmwareofficejet_pro_6970_j7k41a_firmwareofficejet_6960_j7k39a_firmwareofficejet_6950_p4c84a_firmwareofficejet_pro_6960_j7k35a_firmwareofficejet_pro_6970_t0f33a_firmwareofficejet_pro_8747_k7s41apagewide_pro_477dn_d3q19a_firmwareofficejet_5742_b9s81a_firmwareofficejet_4654_f1j06bpagewide_pro_477dw_d3q20bofficejet_6960_t0g26aofficejet_4650_k9v85bofficejet_pro_8725_m9l80aofficejet_pro_8740_k7s42a_firmwarepagewide_pro_477dn_d3q19b_firmwareofficejet_4650_f9d37aofficejet_252_n4l16cofficejet_pro_7745_t1p99aofficejet_4654_f1j07bofficejet_pro_8715_m9l70aofficejet_pro_8744_k7s39a_firmwareofficejet_pro_8710_d9l18aofficejet_pro_8720_k7s35aofficejet_5741_b9s83aofficejet_pro_8727_j7a29a_firmwareofficejet_pro_6960_j7k37aofficejet_pro_8710_j6x79aofficejet_pro_7740_g5j38a_firmwareofficejet_6960_t0f32aofficejet_pro_8725_k7s34a_firmwareofficejet_5740_b9s76aofficejet_pro_6970_t0f40aofficejet_pro_6960_j7k38aofficejet_pro_8720_k7s35a_firmwarepagewide_pro_477dw_w2z53b_firmwareofficejet_4652_f1j05bofficejet_pro_8716_j6x81a_firmwareofficejet_pro_6970_t0f34aofficejet_pro_8718_t0g48aofficejet_5745_b9s80aofficejet_4657_v6d29bofficejet_6950_p4c78a_firmwareofficejet_5746_t1p36aofficejet_pro_6970_j7k42a_firmwareofficejet_6950_p4c86aofficejet_pro_8720_m9l74a_firmwareofficejet_pro_8720_m9l76a_firmwareofficejet_6950_p4c82a_firmwarepagewide_pro_577dw_d3q21bofficejet_6950_p4c78aofficejet_4657_v6d27bofficejet_6950_p4c86a_firmwareofficejet_5740_b9s79aofficejet_4657_v6d29b_firmwareofficejet_5742_b9s84a_firmwareofficejet_pro_8717_k7s38a_firmwareofficejet_5742_f8b11a_firmwareofficejet_pro_8719_t0g49a_firmwareofficejet_pro_6970_t0f39aofficejet_4654_k9v76a_firmwareofficejet_pro_6970_t0f29a_firmwareofficejet_pro_6960_t0f36a_firmwareofficejet_pro_7745_t1p99a_firmwarepagewide_pro_577dw_d3q21d_firmwareofficejet_pro_6970_j7k41aofficejet_6960_t0f38aofficejet_pro_6970_t0f33aofficejet_pro_8745_j6x83a_firmwarepagewide_pro_477dw_d3q20c_firmwarepagewide_pro_477dw_d3q20d_firmwareofficejet_4650_k9v77aofficejet_pro_8715_j6x80aofficejet_pro_6970_j7k36aofficejet_4657_v6d27b_firmwareofficejet_pro_8743_t0g65a_firmwareofficejet_pro_8720_k7s36a_firmwareofficejet_4650_f1j03aofficejet_pro_6960_t0f38aofficejet_6960_j7k33a_firmwareofficejet_pro_8715_j6x76a_firmwareofficejet_4652_k9v84b_firmwareofficejet_5742_b9s84aofficejet_pro_8720_m9l75apagewide_pro_577dw_d3q21aofficejet_pro_8720_d9l19a_firmwareofficejet_7510_g3j47aofficejet_pro_8716_j6x77aofficejet_6960_j7k37aofficejet_252_n4l16c_firmwareofficejet_pro_6960_t0f30a_firmwareofficejet_pro_6960_j7k39a_firmwareofficejet_4654_f1j06b_firmwareofficejet_pro_6960_t0f28aofficejet_pro_8725_j7a31aofficejet_4655_k9v82b_firmwarepagewide_pro_477dw_d3q20b_firmwareofficejet_pro_6970_t0f37a_firmwareofficejet_pro_8720_m9l76aofficejet_pro_6970_j7k36a_firmwareofficejet_pro_6960_t0f28a_firmwareofficejet_pro_8745_k7s43a_firmwareofficejet_pro_8710_m9l67a_firmwareofficejet_pro_8719_t0g49aofficejet_4658_v6d28bofficejet_6960_t0g25aofficejet_5746_f8b09a_firmwareofficejet_4650_e6g87a_firmwareofficejet_6960_j7k35aofficejet_5745_b9s80a_firmwareofficejet_258_n4l17a_firmwareofficejet_5743_f8b10a_firmwareofficejet_pro_8715_m9l70a_firmwareofficejet_4652_k9v84bofficejet_pro_6960_t0f36aofficejet_6960_t0f31aofficejet_pro_8710_m9l66a_firmwareofficejet_pro_8746_k7s40a_firmwareofficejet_pro_8715_k7s37apagewide_managed_p57750dw_j9v82dofficejet_5742_b9s81aofficejet_4650_f1h96b_firmwareofficejet_5744_b9s85aofficejet_pro_8717_m9l65aofficejet_250_cz992a_firmwareofficejet_pro_8718_t0g47apagewide_pro_477dw_d3q20a_firmwareofficejet_pro_6830_e3e02a_firmwareofficejet_4652_f1j02aofficejet_pro_6830c_l3l04aofficejet_6960_j7k35a_firmwareofficejet_pro_6960_j7k37a_firmwareofficejet_5740_b9s79a_firmwareofficejet_pro_8717_m9l65a_firmwareofficejet_6960_t0f38a_firmwareofficejet_6960_t0f32a_firmwareofficejet_6950_t3p03a_firmwareofficejet_pro_8710_d9l18a_firmwareofficejet_6960_t0f36a_firmwareofficejet_pro_6830_m0f56a_firmwareofficejet_pro_6970_t0f29aofficejet_5746_t1p36a_firmwareofficejet_pro_6970_j7k40a_firmwareofficejet_6950_p4c81a_firmwareofficejet_4650_f1j04aofficejet_pro_8725_j7a31a_firmwareofficejet_pro_873_d9l20a_firmwareofficejet_pro_6960_j7k35aofficejet_4650_f1h96bofficejet_5743_f8b10aofficejet_4652_f1j05b_firmwarepagewide_pro_577dw_d3q21c_firmwareofficejet_4654_f1j07b_firmwareofficejet_pro_8715_j6x78aofficejet_4650_e6g87aofficejet_4650_f1j04a_firmwareofficejet_pro_8716_j6x77a_firmwareofficejet_pro_8732m_t0g58aofficejet_7512_k1z44aofficejet_5741_b9s83a_firmwareofficejet_pro_6960_t0f32a_firmwareofficejet_pro_6970_j7k40aofficejet_pro_8710_m9l66aofficejet_4650_f1j03a_firmwareofficejet_5740_b9s78a_firmwareofficejet_pro_8715_j6x80a_firmwareofficejet_pro_8725_j7a28apagewide_managed_p52750dw_j9v78bpagewide_pro_477dw_d3q20cofficejet_pro_873_d9l20aofficejet_pro_8720_m9l74aofficejet_6960_t0f36apagewide_pro_577dw_d3q21dofficejet_pro_6970_t0f40a_firmwareofficejet_pro_6835_j2d37aHP OfficeJet Printer; HP PageWide Printer
CVE-1999-0432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.10% / 28.83%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftp on HP-UX 11.00 allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

Action-Not Available
Vendor-n/aHP Inc.
Product-openmailn/a
CVE-1999-1248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 15.97%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1242
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.13% / 33.77%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.10% / 28.83%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 15.97%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.13% / 33.24%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP-UX gwind program allows users to modify arbitrary files.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0423
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.51%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Action-Not Available
Vendor-bsdin/absdiSilicon Graphics, Inc.IBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)HP Inc.
Product-bsd_oshp-uxaixsolarisirixsunosfreebsdn/afreebsdbsd_ossolarissunoshp-uxaixirix
CWE ID-CWE-125
Out-of-bounds Read
CVE-1999-0129
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 31.91%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Action-Not Available
Vendor-eric_allmanbsdiscon/aIBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)HP Inc.
Product-sendmailbsd_osinternet_faststarthp-uxaixopenserversolarissunosfreebsdn/a
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found