Vulnerabilities > HP > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-19 CVE-2020-24649 Improper Input Validation vulnerability in HP Intelligent Management Center
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-20
critical
9.8
2020-10-19 CVE-2020-24648 Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-502
critical
9.8
2020-10-19 CVE-2020-24647 Improper Input Validation vulnerability in HP Intelligent Management Center
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-20
critical
9.8
2020-10-19 CVE-2020-24646 Out-of-bounds Write vulnerability in HP Intelligent Management Center
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-787
critical
9.8
2020-10-19 CVE-2020-24629 Improper Authentication vulnerability in HP Intelligent Management Center
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-287
critical
9.8
2020-07-17 CVE-2020-7206 OS Command Injection vulnerability in HP Nagios-Plugins-Hpilo 1.50
HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.
network
low complexity
hp CWE-78
critical
9.8
2020-04-24 CVE-2020-7133 Unspecified vulnerability in HP HPE IOT + GCP
A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
network
low complexity
hp
critical
9.8
2020-04-24 CVE-2020-7131 Out-of-bounds Write vulnerability in HP products
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products.
network
low complexity
hp CWE-787
critical
9.0
2020-03-10 CVE-2017-10992 Deserialization of Untrusted Data vulnerability in HP Storage Essentials 9.5.0.142
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.
network
low complexity
hp CWE-502
critical
9.8
2020-02-13 CVE-2020-7209 Unspecified vulnerability in HP Linuxki
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
network
low complexity
hp
critical
9.8