Vulnerabilities > HP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-13982 | Unrestricted Upload of File with Dangerous Type vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 8.8 |
| 2017-08-02 | CVE-2015-0839 | Key Management Errors vulnerability in HP Linux Imaging and Printing 3.17.7 The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. | 8.1 |
| 2017-06-27 | CVE-2016-4383 | Improper Access Control vulnerability in HP Helion Openstack Glance The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | 8.4 |
| 2017-05-11 | CVE-2015-5436 | Unspecified vulnerability in HP Integrated Lights-Out Firmware A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. | 7.5 |
| 2017-05-04 | CVE-2017-3733 | Improper Input Validation vulnerability in multiple products During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). | 7.5 |
| 2016-12-29 | CVE-2016-2246 | Permissions, Privileges, and Access Controls vulnerability in HP Thinpro HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | 7.8 |
| 2016-10-28 | CVE-2016-4396 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | 7.5 |
| 2016-10-28 | CVE-2016-4395 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | 7.5 |
| 2016-10-05 | CVE-2016-4390 | Unspecified vulnerability in HP Keyview The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. | 8.1 |
| 2016-10-05 | CVE-2016-4389 | Unspecified vulnerability in HP Keyview The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | 8.1 |