Security Vulnerabilities - CVEs Published In 2022
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-12-12
A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-12-12
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.
CVSS Score
9.8
EPSS Score
0.044
Published
2022-12-12
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
CVSS Score
6.4
EPSS Score
0.001
Published
2022-12-12
A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-12-12
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-12-12
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.029
Published
2022-12-12
In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-12-12
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.
CVSS Score
5.4
EPSS Score
0.032
Published
2022-12-12
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.
CVSS Score
5.4
EPSS Score
0.032
Published
2022-12-12