Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2015-0839 | Key Management Errors vulnerability in HP Linux Imaging and Printing 3.17.7 The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. | 8.1 |
| 2017-06-27 | CVE-2016-4383 | Improper Access Control vulnerability in HP Helion Openstack Glance The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | 8.4 |
| 2017-05-11 | CVE-2015-5436 | Unspecified vulnerability in HP Integrated Lights-Out Firmware A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. | 7.5 |
| 2017-05-04 | CVE-2017-3733 | Improper Input Validation vulnerability in multiple products During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). | 7.5 |
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |
| 2017-01-09 | CVE-2016-8106 | Improper Input Validation vulnerability in multiple products A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | 5.9 |
| 2016-12-29 | CVE-2016-2246 | Permissions, Privileges, and Access Controls vulnerability in HP Thinpro HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | 7.8 |
| 2016-10-28 | CVE-2016-4396 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | 7.5 |
| 2016-10-28 | CVE-2016-4395 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | 7.5 |
| 2016-10-28 | CVE-2016-4394 | 7PK - Security Features vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | 6.5 |