Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-15596 | Uncontrolled Search Path Element vulnerability in HP products The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. | 6.7 |
| 2020-07-22 | CVE-2019-18619 | Release of Invalid Pointer or Reference vulnerability in multiple products Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | 7.8 |
| 2020-07-22 | CVE-2019-18618 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | 6.0 |
| 2020-07-17 | CVE-2020-7206 | OS Command Injection vulnerability in HP Nagios-Plugins-Hpilo 1.50 HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. | 9.8 |
| 2020-07-17 | CVE-2019-12000 | Improper Certificate Validation vulnerability in HP MSE MSG GW Application E-Ltu HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. | 6.6 |
| 2020-07-08 | CVE-2020-7140 | Cross-site Scripting vulnerability in HP Icewall SSO DFW and Icewall SSO Dgfw A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). | 6.1 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-02 | CVE-2020-10136 | Authentication Bypass by Spoofing vulnerability in multiple products IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | 5.3 |
| 2020-04-27 | CVE-2020-7135 | Unspecified vulnerability in HP Service Pack for Proliant A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. | 7.8 |
| 2020-04-24 | CVE-2020-7134 | Unspecified vulnerability in HP HPE IOT + GCP A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | 6.5 |