Vulnerabilities > HP > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2019-3480 Cross-site Scripting vulnerability in HP Arcsight Logger
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.
network
low complexity
hp CWE-79
6.1
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2018-12-03 CVE-2018-7115 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Intelligent Management Center
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows.
network
low complexity
hp CWE-119
5.3
2018-12-03 CVE-2018-7113 Unspecified vulnerability in HP Integrated Lights-Out 5 Firmware 1.30
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.
low complexity
hp
6.6
2018-12-03 CVE-2018-7112 Unspecified vulnerability in HP products
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information.
local
low complexity
hp
5.5
2018-10-17 CVE-2018-7111 Unspecified vulnerability in HP Universal Internet of Things
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
network
low complexity
hp
5.3
2018-10-17 CVE-2018-3214 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound).
network
low complexity
oracle redhat debian canonical hp
5.3
2018-10-17 CVE-2018-3180 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE).
network
high complexity
oracle redhat debian canonical hp
5.6
2018-10-03 CVE-2017-2751 Insufficiently Protected Credentials vulnerability in HP products
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others.
low complexity
hp CWE-522
4.6
2018-10-02 CVE-2018-9069 Race Condition vulnerability in multiple products
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
network
high complexity
hp lenovo CWE-362
5.9