Vulnerabilities > HP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-26586 | Unspecified vulnerability in HP Edgeline Infrastructure Management A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. | 5.0 |
| 2021-06-03 | CVE-2021-26584 | Cross-site Scripting vulnerability in HP Oneview for VMWare Vcenter A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. | 4.3 |
| 2021-05-25 | CVE-2021-29202 | Classic Buffer Overflow vulnerability in HP Integrated Lights-Out 4 and Integrated Lights-Out 5 A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | 4.6 |
| 2021-05-20 | CVE-2021-3438 | Classic Buffer Overflow vulnerability in multiple products A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. | 4.6 |
| 2021-01-05 | CVE-2020-7202 | Information Exposure vulnerability in HP Integrated Lights-Out 4 and Integrated Lights-Out 5 A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. | 5.0 |
| 2020-12-18 | CVE-2020-7201 | Cross-Site Request Forgery (CSRF) vulnerability in HP products A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. | 6.8 |
| 2020-11-06 | CVE-2020-7198 | Improper Privilege Management vulnerability in HP Oneview, Synergy Composer and Synergy Composer 2 There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. | 6.5 |
| 2020-10-26 | CVE-2020-7196 | Insufficiently Protected Credentials vulnerability in HP Bluedata Epic and Ezmeral Container Platform The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. | 4.0 |
| 2020-08-12 | CVE-2020-15596 | Information Exposure vulnerability in HP products The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. | 4.6 |
| 2020-07-22 | CVE-2019-18619 | Release of Invalid Pointer or Reference vulnerability in multiple products Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | 4.6 |