ByteOS

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-1.03% / 77.76%

||

7 Day CHG~0.00%

Published-28 Apr, 2023 | 15:59

Updated-30 Jan, 2025 | 20:15

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

Vendor-HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2019-5319

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-2.48% / 85.58%

||

7 Day CHG~0.00%

Published-30 Mar, 2021 | 01:45

Updated-04 Aug, 2024 | 19:54

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Product-scalance_w1750d_firmware instant scalance_w1750d Aruba Instant Access Points

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22753

Matching Score-10

Matching Score-10

Product-sd-wan arubaos Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-0.45% / 64.18%

||

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:33

Updated-11 Mar, 2025 | 14:15

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22782

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 19:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22786

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22784

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22755

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-0.43% / 62.58%

||

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:35

Updated-07 Mar, 2025 | 18:10

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22781

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 19:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22757

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-0.43% / 62.58%

||

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:36

Updated-07 Mar, 2025 | 18:09

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22783

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22754

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-0.43% / 62.58%

||

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:34

Updated-07 Mar, 2025 | 18:11

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22780

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-29 Jan, 2025 | 16:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22785

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22779

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.98% / 77.12%

||

7 Day CHG~0.00%

Published-08 May, 2023 | 14:02

Updated-29 Jan, 2025 | 16:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-27971

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.36% / 58.82%

||

7 Day CHG~0.00%

Published-28 Apr, 2023 | 15:55

Updated-30 Jan, 2025 | 21:15

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.

Vendor-HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-1329

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-7.98% / 92.24%

||

7 Day CHG+0.13%

Published-14 Jun, 2023 | 20:23

Updated-31 Dec, 2024 | 20:15

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.

Vendor-HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-39238

Matching Score-10

Assigner-HP Inc.

Product-futuresmart_5 futuresmart_4 futuresmart_3 HP Enterprise LaserJet; HP LaserJet Managed; HP Enterprise PageWide; HP PageWide Managed printers

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-5.98% / 90.86%

||

7 Day CHG~0.00%

Published-03 Nov, 2021 | 00:06

Updated-04 Aug, 2024 | 02:06

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.

Vendor-n/a HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22756

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-0.43% / 62.58%

||

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:36

Updated-07 Mar, 2025 | 18:10

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-37726

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.38% / 80.68%

||

7 Day CHG~0.00%

Published-12 Oct, 2021 | 14:06

Updated-04 Aug, 2024 | 01:23

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Product-aruba_instant scalance_w1750d_firmware scalance_w1750d HPE Aruba Instant (IAP)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-37716

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.66% / 82.43%

||

7 Day CHG~0.00%

Published-07 Sep, 2021 | 12:02

Updated-04 Aug, 2024 | 01:23

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Product-arubaos sd-wan scalance_w1750d_firmware scalance_w1750d Aruba SD-WAN Software and Gateways; Aruba Operating System Software

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37888

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.15% / 78.88%

||

7 Day CHG~0.00%

Published-06 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37891

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-3.02% / 86.89%

||

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37890

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-3.02% / 86.89%

||

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-28722

Matching Score-10

Assigner-HP Inc.

Product-j9v80a_firmware d3q17a_firmware g5j38a j7k42a j7k42a_firmware j6u51b_firmware j7k40a_firmware k7s40a_firmware j7k40a d9l63a_firmware t0f39a j6u51b t0f29a_firmware d9l63a k7s43a d3q19a j7k38a_firmware y3z46a_firmware d9l64a_firmware t0g46a k7s38a_firmware w1b37a_firmware k7s37a_firmware j7k35a j6u55b p4c78a p4c84a_firmware y3z47a p4c86a p4c82a_firmware j7k37a t0g65a_firmware w1b38a j6x81a_firmware j6x79a_firmware j3p65a j6u55a d3q21a_firmware j3p66a t0f28a j7k33a_firmware t0g46a_firmware m9l70a_firmware j3p67a j7k36a k7s41a w1b39a g5j38a_firmware g5j56a t0g48a_firmware m9l65a_firmware m9l67a t0f39a_firmware j9v82a d3q16a_firmware j3p67a_firmware t0f40a_firmware j6x80a_firmware w1b31a_firmware t0f37a j6u57a y3z57a t0g70a t3p03a_firmware w1b29a_firmware p4c82a j6x79a t0f33a_firmware t0f29a y3z45a_firmware t0f40a t0g48a j6x83a_firmware t0f35a y0s18a t0g49a k7s41a_firmware t0g47a y0s18a_firmware p4c81a j6x81a d3q15a_firmware a7w93a t0g25a j3p68a p4c85a_firmware t0g70a_firmware t0f35a_firmware d9l18a_firmware m9l65a k7s42a j7k37a_firmware j7k39a t0f32a j6x77a w1b33a m9l66a t0f36a k7s39a d3q15a j7k38a d9l21a j6x76a_firmware t0g49a_firmware d3q19a_firmware l3t99a_firmware y0s19a_firmware j7k33a k7s37a j7k34a_firmware a7w93a_firmware y3z45a y0s19a y3z54a k7s32a k7s42a_firmware j6x78a_firmware m9l70a y3z46a m9l67a_firmware j6u55a_firmware d9l21a_firmware t0f31a_firmware j6x77a_firmware t0f34a w1b39a_firmware k9z76a_firmware j3p66a_firmware k7s40a p4c85a j7k36a_firmware y3z57a_firmware j6x80a y3z44a_firmware t0g65a d9l64a y3z44a l3t99a t0f38a t0f28a_firmware k7s39a_firmware j6u55b_firmware d3q17a d3q20a_firmware t0g47a_firmware y3z54a_firmware p4c78a_firmware m9l66a_firmware t1p99a_firmware w1b33a_firmware j7k41a j7k35a_firmware t0g25a_firmware w1b38a_firmware j6x78a d9l20a t1p99a t0f38a_firmware w1b31a t0f34a_firmware j9v80a d9l18a t0f33a w1b37a k7s43a_firmware t0f31a k9z76a t3p03a t0f30a t0f37a_firmware j6x83a t0g26a d9l20a_firmware p4c86a_firmware k7s38a j7k34a j6x76a j3p68a_firmware d3q16a d3q21a w1b29a t0f32a_firmware y3z47a_firmware j6u57a_firmware d3q20a w1b28a_firmware j7k41a_firmware j9v82a_firmware w1b28a j3p65a_firmware g5j56a_firmware k7s32a_firmware t0f30a_firmware j7k39a_firmware p4c81a_firmware t0g26a_firmware p4c84a t0f36a_firmware Certain HP inkjet printers, HP LaserJet Pro printers, HP PageWide Pro printers

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.35% / 57.60%

||

7 Day CHG~0.00%

Published-26 Sep, 2022 | 14:54

Updated-27 May, 2025 | 20:15

Certain HP Print Products are potentially vulnerable to Buffer Overflow.

Vendor-n/a HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2019-6327

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.82% / 74.70%

||

7 Day CHG~0.00%

Published-17 Jun, 2019 | 15:55

Updated-04 Aug, 2024 | 20:16

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.

Vendor-n/a HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37886

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.15% / 78.88%

||

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-25149

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.71% / 72.65%

||

7 Day CHG~0.00%

Published-29 Mar, 2021 | 23:58

Updated-03 Aug, 2024 | 19:56

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Product-scalance_w1750d_firmware instant scalance_w1750d Aruba Instant Access Points

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37885

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.15% / 78.88%

||

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37887

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.15% / 78.88%

||

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37889

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.15% / 78.88%

||

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2020-24633

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.66% / 82.41%

||

7 Day CHG~0.00%

Published-11 Dec, 2020 | 01:26

Updated-04 Aug, 2024 | 15:19

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Vendor-n/a Aruba Networks

Product-sd-wan 9004-lte 7005 7240xm 9012 7008 7030 7220 7010 7205 7024 7280 arubaos 7210 9004 Aruba 9000 Gateway Aruba 7000 Series Mobility Controllers Aruba 7200 Series Mobility Controllers

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-4143

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.21% / 43.76%

||

7 Day CHG~0.00%

Published-15 Jul, 2024 | 21:46

Updated-15 Apr, 2026 | 00:35

Certain HP PC products using AMI BIOS – Buffer Overflow

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability.

Vendor-HP Inc.

Product-Certain HP PC Products ami_bios

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-35980

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10 arba_access_points_running_instantos_and_arubaos_10

CVSS Score-9.8||CRITICAL

EPSS-1.26% / 79.80%

||

7 Day CHG~0.00%

Published-25 Jul, 2023 | 18:28

Updated-07 Nov, 2024 | 18:56

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-35982

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10 arba_access_points_running_instantos_and_arubaos_10

CVSS Score-9.8||CRITICAL

EPSS-1.26% / 79.80%

||

7 Day CHG~0.00%

Published-25 Jul, 2023 | 18:28

Updated-07 Nov, 2024 | 18:11

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-45614

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; arubaos instantos

CVSS Score-9.8||CRITICAL

EPSS-0.87% / 75.63%

||

7 Day CHG~0.00%

Published-14 Nov, 2023 | 22:43

Updated-14 Aug, 2024 | 20:35

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-45615

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CVSS Score-9.8||CRITICAL

EPSS-0.87% / 75.63%

||

7 Day CHG~0.00%

Published-14 Nov, 2023 | 22:44

Updated-30 Aug, 2024 | 17:23

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-35981

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10 arba_access_points_running_instantos_and_arubaos_10

CVSS Score-9.8||CRITICAL

EPSS-1.26% / 79.80%

||

7 Day CHG~0.00%

Published-25 Jul, 2023 | 18:28

Updated-07 Nov, 2024 | 18:51

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-32674

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.92% / 76.37%

||

7 Day CHG~0.00%

Published-12 Jun, 2023 | 21:40

Updated-03 Jan, 2025 | 19:15

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Vendor-HP Inc.

Product-pc_hardware_diagnostics HP PC Hardware Diagnostics Windows

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-30909

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-5.41% / 90.33%

||

7 Day CHG+0.45%

Published-14 Sep, 2023 | 14:56

Updated-28 Oct, 2024 | 19:35

A remote authentication bypass issue exists in some OneView APIs.

Product-oneview HPE OneView oneview_global_dashboard oneview

CWE ID-CWE-294

Authentication Bypass by Capture-replay

CVE-2025-26507

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.3||MEDIUM

EPSS-2.45% / 85.52%

||

7 Day CHG~0.00%

Published-14 Feb, 2025 | 17:01

Updated-15 Jan, 2026 | 14:43

Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Vendor-HP Inc.

Product-4y279a l3u43a 3qa75a 7ps96a 3gy04a 3sj34a 3sj21a 7h5w6a j7z12a y3z68a z8z05a 3pz95a 5rc87a 5fm77a j8j65a 4pz46a b5l48a m0p36a a8zq6a 5rc85a cf235a 3gy10a t3u66a e6b72a 5cm63a 49k98a j8a16a 5cm79a z8z010a 8gr98a x3a60a j7z10a 3sj03a z8z18a 1pv49a 5qj90a 7ps83a 4pz43a t3u55a j8j72a z8z02a x3a63a 3gx98a g1w46v 4y280a b5l38a 3gy16a 7pt00a a91s3a m0p32a z8z07a 5zp01a z8z12a 6qp99a 7ps85a 3gy12a j8j67a futuresmart_5 x3a59a 7h5w7a 49k97av g1w40a l2762a d7p71a 49l02a y3z63a 5zn99a x3a78a 4pz47a 1pv87a d7p70a x3a69a 7e357a b5l39a 5cm69a l3u57a 5cm59a 8pe98a x3a90a 7ps99a 8gs50a j7z11a 5cm71a y3z60a 5fm76a j7z99a 3qa55a 5qk08a 49k84a l3u42a z8z17a 5rc84a m0p39a f2a71a t3u64a 8pe94a 6qn30a 7ps88a 3gy19a 5cm64a x3a89a a91s1a 7ps84a z8z08a 1pv89a y3z65a a91s5a z8z011a 6qp98a z8z06a f2a66a cf068a 3pz75a 5fm80a j8j73a 5qj94a 6qq00a 49k86a j8j78a 3gy15a cf236a j8a13a f2a68a 3gn19a l3u51a j8a04a 1ps55a 8pe97a 3sj00a futuresmart_4 b5l46a 5rc88a 8gs37a g1w46a m0p35a 58r10a b5l50a 5zp00a 3sj19a 5cm65a x3a62a 115q0aw z5g77a 6qq01a 3gy18a 4pa44a 5cm75a 5cm58a 1pv66a k0q17a 8gs28a z8z23a b5l23a 3sj13a 3gy32a 5cm76a 3gy09a 5fm81a 1pv67a l3u64a 3pz16a 5fm82a 8gs15a 2gp26a 1pv64a 1pu52a 8gr96a 8gr95a 2gp25a 6qn37a x3a93a 3pz35a 1ps54a 8gs26a 6bs57a j8a10a 3gy14a j8j74a z8z00a x3a72a 2gp22a 8gs00a j8j66a 5qk13a j8j80a 6qn33a j8j63a j7z07a k0q14a az8z20a b5l25a 49l04a l3u56a 8gs27a j8j71a z8z22a 6qn28a futuresmart_3 t3u56a 8gs01a a8zq4a 6qn35a 5qj87a 3sj35a 6qn31a j7z13a l3u55a 3sj38a 7ps86a 8gs29a cf238a cz245a 49l00a 6qn36a j7z08a 3qa35a k0q15a 3pz56a t3u44a y3z66a f2a80a k0q21a 49k96av 5rc86a 7ps97a 7ps82a 3sj02a 5rc92a 115p9aw e6b73a l2763a 9rt92a g1w47v 3sj01a 58m42a 5zn98a j7z03a 5qj83a b5l24a x3a74a 8pe95a g1w41a j8j70a 3sj12a b5l49a 19gsaw z8z14a x3a75a y3z64a 1pu51a x3a84a 2gp23a f2a70a 5qj98a 49k90a 8gs43a 5qk02a l3u52a 3sj36a a8zq3a j7z98a j7z05a 5cm78a 5cm66a j7z14a x3a82a 3sj37a 8gs14a 3sj04a b5l54a 5qk03a 6qp97a j7z04a 1pv65a z8z0a 5rc90a x3a68a 7zu86a 1pv86a 8gs36a a8zq5a t3u43a 3gy03a bl27a x3a80a 7ps87a 7ps95a 3pz55a 3pz15a cz244a l3u63a 3sj32a m0p40a 7ps81a 7zu79a l3u65a x3a87a l3u70a 6qn38a 3gy20a x3a65a 5qj81a x3a86a j7z09a 6bs58a 8gs30a 3sj30a y3z62a 5cm68a 49k99a j8j76a 3gy31a f2a79a z8z16a 8gs25a 17f27aw 3sj11a j8a06a x3a83a k0q20a 7zu81a 5cm72a 8pe96a cf367a j8a05a 5fm78a z8z19 j8j64a x3a77a 8gs12a 7zu88a k0q19a 3sj28a 3sj29a j8a11a x3a71a 5qk18a l3u69a 7zu87a 9rt91a 7ps94a z8z13a 3sj22a 3gy17a b5l47a 3gy26a y3z61a f2a67a*5rc91a a2w76a x3a81a 7zu78a a91s7a l3u66a k0q22a 3gy25a x3a79a 5cm77a 5rc89a 8gr94a f2a69a y3z49a b5l26a z8z04a g1w39a 4pz45a j8a12a m0p33a j7z06a 5cm61a z5g79a 8gs44a 5qk20a 8gs13a cf069a 7ps98a 7zu85a 8gr97a a8zq7a cf067a cf066a 8gr99a g1w47a z8z09a 3sj33a z8z15a a8zq2a 5cm70a k0q18a j8j79a 5rc83a 1pv88a 5qk15a l3u67a a2w75a x3a66a 6qn29a 6bs59a j8a17a 3sj20a x3a92a 7pt01a z8z01a Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers

CWE ID-CWE-121

Stack-based Buffer Overflow

CVE-2025-26506

Matching Score-8

Assigner-HP Inc.

Product-499q4f 4ra89a_firmware 8d7l2a 4ra81e_firmware 499n1a 499q7e_firmware 4ra84a 499q9f_firmware 4ra84f 4ra86e 8d7l1a_firmware 4ra88f 499q5f_firmware 74t92f 499q8a 499r0e 499q6e 8d7l2a_firmware 5hh65a 499r0f_firmware 499q5fr_firmware 499n4a_firmware 499q4f_firmware 5hh52a_firmware 74t92a_firmware 4ra80f_firmware 4ra80a 499n0a 759v1f 499m6a 4ra89v 5hh59a 499q6f 5hh48v 5hh48a_firmware 4ra87f_firmware 5hh73a 499q5f 5hh51a_firmware 4ra86a_firmware 499q7a_firmware 499q6f_firmware 4ra82f 5hh67a_firmware 5hh64a_firmware 4ra84e_firmware 499q8a_firmware 4ra83e 4ra80e 499n6a 4ra84f_firmware 499q6e_firmware 5hh72a 499q5e_firmware 74t92a 499m7a 499q9e 499q9a_firmware 74p27a 4ra81f_firmware 4ra81e 4ra83a_firmware 4ra86f_firmware 5hh64f_firmware 4ra85v 759v0e 759v0f 759v1e_firmware 5hh48a 4ra81f 4ra87e_firmware 759v0f_firmware 759v2e_firmware 4ra83a 759v2e 4ra82a_firmware 499q3a_firmware 74p26a_firmware 759v2f_firmware 499r0a 8d7l1a 499q3e_firmware 499m8a 4ra85v_firmware 499q9a 4ra87f 499n1a_firmware 4ra89a 5hh67a 4ra85f 8d7l0a_firmware 499q5fr 499q8e_firmware 74p28a 499q5e 4ra82fr 5hh66a 4ra85a 499q7f_firmware 5hh53a_firmware 499q9f 5hh73a_firmware 4ra88f_firmware 4ra86e_firmware 499m9a_firmware 499q8f 5hh48v_firmware 759v1f_firmware 499q7a 4ra83e_firmware 499q4e_firmware 4ra89v_firmware 4ra80f 499m9a 4ra86a 499q3e 499q8e 499n6a_firmware 499n0a_firmware 4ra87a 4ra82fr_firmware 4ra81fr_firmware 499q5a 499r0a_firmware 499q3a 4ra83f 74p25a_firmware 4ra80a_firmware 499n5a_firmware 499q7f 499q6a 5hh52a 499q3f_firmware 499r0e_firmware 5hh72a_firmware 4ra81fr 499r0f 499n4a 4ra82f_firmware 4ra82a 4ra85a_firmware 4ra88a_firmware 4ra84e 5hh59a_firmware 4ra80e_firmware 4ra85e_firmware 4ra85e 5hh64e 4ra85f_firmware 74p26a 74p28a_firmware 4ra87a_firmware 74t92e 74p27a_firmware 4ra81a_firmware 499q5a_firmware 5hh64f 499q7e 759v2f 499q4e 499m7a_firmware 499q6a_firmware 4ra87e 4ra88e_firmware 5hh65a_firmware 74t92f_firmware 4ra88e 4ra81a 4ra84a_firmware 5hh51a 8d7l0a 5hh64e_firmware 499q8f_firmware 74t92e_firmware 74p25a 5hh64a 4ra88a 4ra83f_firmware 5hh53a 759v0e_firmware 4ra82e_firmware 4ra86f 499q3f 4ra82e 759v1e 499n5a 5hh66a_firmware 499m6a_firmware 499m8a_firmware 499q9e_firmware Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.2||CRITICAL

EPSS-2.06% / 84.25%

||

7 Day CHG~0.00%

Published-14 Feb, 2025 | 16:58

Updated-15 Jan, 2026 | 14:41

Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Vendor-HP Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CVE-2023-30912

Matching Score-8

Matching Score-8

CVSS Score-7.2||HIGH

EPSS-0.96% / 76.93%

||

7 Day CHG~0.00%

Published-25 Oct, 2023 | 14:39

Updated-17 Sep, 2024 | 14:35

A remote code execution issue exists in HPE OneView.

Vendor-Hewlett Packard Enterprise (HPE)

Product-oneview HPE OneView

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2026-8631

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.3||CRITICAL

EPSS-0.02% / 6.69%

||

7 Day CHG~0.00%

Published-20 May, 2026 | 20:11

Updated-21 May, 2026 | 18:58

HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.

Vendor-HP Inc HP Inc.

Product-linux_imaging_and_printing HP Linux Imaging and Printing Software

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2023-26295

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-2.35% / 85.21%

||

7 Day CHG~0.00%

Published-12 Jun, 2023 | 21:18

Updated-06 Jan, 2025 | 16:15

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Vendor-HP Inc.

Product-hp_device_manager HP Device Manager

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-26301

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.93% / 76.45%

||

7 Day CHG~0.00%

Published-21 Jul, 2023 | 16:06

Updated-02 Aug, 2024 | 11:46

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

Vendor-HP Inc.

CWE ID-CWE-862

Missing Authorization

CVE-2013-4810

Matching Score-8

Assigner-HP Inc.

Product-application_lifecycle_management procurve_manager n/a ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-89.70% / 99.59%

||

7 Day CHG~0.00%

Published-13 Sep, 2013 | 18:00

Updated-21 Apr, 2026 | 19:12

Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Vendor-n/a HP Inc.

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2019-6330

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-1.03% / 77.65%

||

7 Day CHG~0.00%

Published-09 Jan, 2020 | 18:37

Updated-04 Aug, 2024 | 20:16

A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

Vendor-n/a HP Inc.

Product-access_control HP Access Control

CVE-2019-6334

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-3.17% / 87.20%

||

7 Day CHG~0.00%

Published-16 Oct, 2019 | 14:16

Updated-04 Aug, 2024 | 20:16

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.

Vendor-n/a HP Inc.

CVE-2023-23477

Matching Score-8

Assigner-IBM Corporation

Vendor-HP Inc.IBM Corporation Oracle Corporation Microsoft Corporation Linux Kernel Organization, Inc

Matching Score-8

Assigner-IBM Corporation

CVSS Score-8.1||HIGH

EPSS-0.18% / 38.80%

||

7 Day CHG+0.04%

Published-03 Feb, 2023 | 17:24

Updated-25 Mar, 2025 | 19:46

IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

Product-solaris linux_kernel websphere_application_server i hp-ux windows z\/os aix WebSphere Application Server

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2017-14491

Matching Score-8

Assigner-MITRE Corporation