Hp: Security Vulnerabilities
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.
CVSS Score
9.8
EPSS Score
0.029
Published
2020-03-10
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.
CVSS Score
7.5
EPSS Score
0.024
Published
2020-03-04
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
CVSS Score
7.8
EPSS Score
0.033
Published
2020-02-21
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-02-13
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-02-13
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
CVSS Score
9.8
EPSS Score
0.936
Published
2020-02-13
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
CVSS Score
5.7
EPSS Score
0.005
Published
2020-02-10
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
CVSS Score
7.5
EPSS Score
0.022
Published
2020-02-04
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-03
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-01-31