Filtered by vendor Hp
Subscriptions
Total
2550 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2468 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." | ||||
| CVE-2009-3097 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | ||||
| CVE-2006-5122 | 1 Hp | 1 Mercury Sitescope | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field. | ||||
| CVE-2007-0139 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | ||||
| CVE-2007-2553 | 1 Hp | 1 Tru64 | 2026-04-23 | N/A |
| Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable. | ||||
| CVE-2007-5241 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. | ||||
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | ||||
| CVE-2007-0394 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | ||||
| CVE-2006-5704 | 1 Hp | 1 Nonstop Server | 2026-04-23 | N/A |
| HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files. | ||||
| CVE-2008-0952 | 1 Hp | 1 Instant Support | 2026-04-23 | N/A |
| The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953. | ||||
| CVE-2015-8651 | 9 Adobe, Apple, Google and 6 more | 23 Air, Air Sdk, Air Sdk \& Compiler and 20 more | 2026-04-22 | 8.8 High |
| Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-3113 | 8 Adobe, Apple, Hp and 5 more | 19 Flash Player, Mac Os X, Insight Orchestration and 16 more | 2026-04-21 | 7.8 High |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | ||||
| CVE-2012-1823 | 8 Apple, Debian, Fedoraproject and 5 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2026-04-21 | 9.8 Critical |
| sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | ||||
| CVE-2013-4810 | 1 Hp | 2 Application Lifecycle Management, Procurve Manager | 2026-04-21 | 9.8 Critical |
| HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874. | ||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2026-04-21 | 9.8 Critical |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | ||||
| CVE-2026-1996 | 2 Hp, Hp Inc | 35 D9l18a, D9l18a Firmware, J6x76a and 32 more | 2026-04-17 | 5.3 Medium |
| Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | ||||
| CVE-2026-1997 | 2 Hp, Hp Inc | 90 D9l18a, D9l18a Firmware, D9l20a and 87 more | 2026-04-17 | 5.3 Medium |
| Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device. | ||||
| CVE-2026-2832 | 2 Hp, Samsung | 12 Sl-k4255rx, Sl-k4305lx, Sl-k4355lx and 9 more | 2026-04-17 | N/A |
| Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization. | ||||
| CVE-2026-4682 | 1 Hp | 6 Deskjet 2800e All-in-one Printer Series, Deskjet 4200 All-in-one Printer Series, Deskjet 4200e All-in-one Printer Series and 3 more | 2026-04-17 | N/A |
| Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities. | ||||