Vulnerabilities > HP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-7176 | Expression Language Injection vulnerability in HP Intelligent Management Center A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7175 | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7174 | Expression Language Injection vulnerability in HP Intelligent Management Center A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7173 | Expression Language Injection vulnerability in HP Intelligent Management Center A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-24630 | Unspecified vulnerability in HP Intelligent Management Center A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-07-22 | CVE-2019-18619 | Release of Invalid Pointer or Reference vulnerability in multiple products Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | 7.8 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-04-27 | CVE-2020-7135 | Unspecified vulnerability in HP Service Pack for Proliant A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. | 7.8 |
| 2020-03-04 | CVE-2020-7130 | Information Exposure vulnerability in HP Oneview Global Dashboard 1.9 HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. | 7.5 |
| 2020-02-21 | CVE-2012-6277 | Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | 7.8 |