Vulnerabilities > HP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2019-18618 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | 6.0 |
| 2020-07-17 | CVE-2019-12000 | Improper Certificate Validation vulnerability in HP MSE MSG GW Application E-Ltu HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. | 6.6 |
| 2020-07-08 | CVE-2020-7140 | Cross-site Scripting vulnerability in HP Icewall SSO DFW and Icewall SSO Dgfw A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). | 6.1 |
| 2020-06-02 | CVE-2020-10136 | Authentication Bypass by Spoofing vulnerability in multiple products IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | 5.3 |
| 2020-04-24 | CVE-2020-7134 | Unspecified vulnerability in HP HPE IOT + GCP A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | 6.5 |
| 2020-04-23 | CVE-2020-7132 | Cross-site Scripting vulnerability in HP Onboard Administrator 4.85 A potential security vulnerability has been identified in HPE Onboard Administrator. | 5.4 |
| 2020-03-16 | CVE-2019-18917 | Improper Restriction of Excessive Authentication Attempts vulnerability in HP products A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | 6.5 |
| 2020-02-13 | CVE-2020-7208 | Cross-site Scripting vulnerability in HP Linuxki LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | 6.1 |
| 2020-02-10 | CVE-2012-1994 | Information Exposure vulnerability in HP Systems Insight Manager HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | 5.7 |
| 2020-02-03 | CVE-2019-18567 | Out-of-bounds Read vulnerability in HP Bromium 4.0.3.2060/4.1.7 Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. | 6.3 |