Vulnerabilities > HP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-4499 | Improper Certificate Validation vulnerability in HP Thinupdate A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. | 7.5 |
| 2023-09-05 | CVE-2015-1391 | Cross-Site Request Forgery (CSRF) vulnerability in HP Airwave Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | 8.8 |
| 2023-09-05 | CVE-2015-2201 | OS Command Injection vulnerability in multiple products Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | 7.2 |
| 2023-09-05 | CVE-2015-2202 | Improper Input Validation vulnerability in multiple products Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | 7.2 |
| 2023-08-16 | CVE-2022-4894 | Uncontrolled Search Path Element vulnerability in multiple products Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. | 7.3 |
| 2023-08-15 | CVE-2023-38401 | Unspecified vulnerability in HP Aruba Virtual Intranet Access A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. | 7.8 |
| 2023-08-15 | CVE-2023-38402 | Unspecified vulnerability in HP Aruba Virtual Intranet Access A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. | 7.1 |
| 2023-06-30 | CVE-2023-26299 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. | 7.0 |
| 2023-06-30 | CVE-2023-35176 | Classic Buffer Overflow vulnerability in HP products Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. | 8.8 |
| 2023-06-30 | CVE-2023-35177 | Out-of-bounds Write vulnerability in HP products Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. | 8.8 |