Hp: Security Vulnerabilities
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-02-13
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
CVSS Score
9.8
EPSS Score
0.934
Published
2020-02-13
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
CVSS Score
5.7
EPSS Score
0.005
Published
2020-02-10
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
CVSS Score
7.5
EPSS Score
0.022
Published
2020-02-04
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-03
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-01-31
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-30
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
CVSS Score
5.9
EPSS Score
0.007
Published
2020-01-28
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-27
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-27