Hp: Security Vulnerabilities
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-08-06
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-08-06
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-08-06
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-08-06
The vulnerability could be remotely exploited to bypass authentication.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-07-16
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-28
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-06-20
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-06-10
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-06-10
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.
CVSS Score
6.8
EPSS Score
0.004
Published
2024-05-23