Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Total 2415 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0248 2 Hp, Sgi 2 Hp-ux, Irix 2024-02-02 10.0 HIGH 9.8 CRITICAL
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
CVE-2001-0249 3 Hp, Oracle, Sgi 3 Hp-ux, Solaris, Irix 2024-02-02 10.0 HIGH 9.8 CRITICAL
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
CVE-2004-0940 6 Apache, Hp, Openpkg and 3 more 6 Http Server, Hp-ux, Openpkg and 3 more 2024-02-02 6.9 MEDIUM 7.8 HIGH
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2023-6573 1 Hp 1 Oneview 2024-01-29 N/A 5.5 MEDIUM
HPE OneView may have a missing passphrase during restore.
CVE-2023-50275 1 Hp 1 Oneview 2024-01-29 N/A 7.5 HIGH
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
CVE-2023-50274 1 Hp 1 Oneview 2024-01-29 N/A 7.8 HIGH
HPE OneView may allow command injection with local privilege escalation.
CVE-2000-0972 1 Hp 1 Hp-ux 2024-01-26 2.1 LOW 5.5 MEDIUM
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2023-12-28 5.0 MEDIUM 7.5 HIGH
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2023-50271 1 Hp 2 Hp-ux, System Management Homepage 2023-12-21 N/A 7.5 HIGH
A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.
CVE-2023-4694 1 Hp 24 Officejet Pro 8730 D9l19a, Officejet Pro 8730 D9l19a Firmware, Officejet Pro 8730 J7a28a and 21 more 2023-12-18 N/A 7.5 HIGH
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.
CVE-2023-45614 2 Arubanetworks, Hp 2 Arubaos, Instantos 2023-12-10 N/A 9.8 CRITICAL
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-29062 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2023-12-10 N/A 3.8 LOW
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
CVE-2023-45619 2 Arubanetworks, Hp 2 Arubaos, Instantos 2023-12-10 N/A 8.2 HIGH
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
CVE-2023-45623 2 Arubanetworks, Hp 2 Arubaos, Instantos 2023-12-10 N/A 7.5 HIGH
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
CVE-2023-29060 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2023-12-10 N/A 5.7 MEDIUM
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
CVE-2023-29064 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2023-12-10 N/A 4.3 MEDIUM
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
CVE-2023-45625 2 Arubanetworks, Hp 2 Arubaos, Instantos 2023-12-10 N/A 7.2 HIGH
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-45615 2 Arubanetworks, Hp 2 Arubaos, Instantos 2023-12-10 N/A 9.8 CRITICAL
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-45626 2 Arubanetworks, Hp 2 Arubaos, Instantos 2023-12-10 N/A 7.2 HIGH
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
CVE-2023-29063 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2023-12-10 N/A 2.4 LOW
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.