Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-11992 | Cross-site Scripting vulnerability in HP Oneview for VMWare Vcenter 9.5 A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. | 6.1 |
| 2019-11-22 | CVE-2019-18910 | OS Command Injection vulnerability in HP Thinpro The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. | 6.8 |
| 2019-11-22 | CVE-2019-18909 | OS Command Injection vulnerability in HP Thinpro The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. | 8.0 |
| 2019-11-22 | CVE-2019-16287 | Unspecified vulnerability in HP Thinpro In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. low complexity hp | 6.8 |
| 2019-11-22 | CVE-2019-16286 | Improper Authentication vulnerability in HP Thinpro Linux An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands. | 6.8 |
| 2019-11-22 | CVE-2019-16285 | Information Exposure vulnerability in HP Thinpro Linux If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. | 4.6 |
| 2019-11-21 | CVE-2019-10627 | Incorrect Calculation of Buffer Size vulnerability in multiple products Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. | 9.8 |
| 2019-11-14 | CVE-2019-11135 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 6.5 |
| 2019-11-07 | CVE-2019-6337 | Unspecified vulnerability in HP products For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. low complexity hp | 5.2 |
| 2019-11-05 | CVE-2019-16284 | Unspecified vulnerability in HP products A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. | 7.2 |