Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-04 | CVE-2016-2244 | Information Exposure vulnerability in HP Futuresmart Firmware 3.7 HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. | 5.9 |
| 2016-03-04 | CVE-2016-2243 | Improper Access Control vulnerability in HP products Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. | 7.9 |
| 2016-02-18 | CVE-2016-1987 | Improper Input Validation vulnerability in HP Hp-Ux Ipfilter A.11.31.18.21 HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | 5.9 |
| 2016-02-18 | CVE-2015-7547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | 8.1 |
| 2016-02-12 | CVE-2016-1986 | Code Injection vulnerability in HP Continuous Delivery Automation 1.3.0 HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-02-08 | CVE-2016-0728 | The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. | 7.8 |
| 2016-01-30 | CVE-2016-1985 | Code Injection vulnerability in HP Operations Manager HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 10.0 |
| 2016-01-16 | CVE-2015-6864 | Improper Input Validation vulnerability in HP Arcsight Logger HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | 6.3 |
| 2016-01-16 | CVE-2015-6863 | Improper Input Validation vulnerability in HP Arcsight Logger HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | 7.3 |
| 2016-01-14 | CVE-2016-0778 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. | 8.1 |