Filtered by vendor Hp Subscriptions
Total 2443 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27973 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.
CVE-2023-27972 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.
CVE-2023-27971 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.
CVE-2023-27869 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2024-11-21 6.3 Medium
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.
CVE-2023-27868 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2024-11-21 6.3 Medium
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.
CVE-2023-27867 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2024-11-21 6.3 Medium
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.
CVE-2023-27859 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2024-11-21 6.5 Medium
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
CVE-2023-26301 1 Hp 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.
CVE-2023-26300 1 Hp 178 200 G4 22 All-in-one Pc \(rom Family Ssid 86f0\), 200 G4 22 All-in-one Pc \(rom Family Ssid 86f0\) Firmware, 200 G4 22 All-in-one Pc \(rom Family Ssid 86f2\) and 175 more 2024-11-21 7.8 High
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.
CVE-2023-26299 1 Hp 118 200 G3, 200 G3 Firmware, 200 G4 22 All-in-one and 115 more 2024-11-21 7.0 High
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.
CVE-2023-26298 1 Hp 1 Hp Device Manager 2024-11-21 8.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26297 1 Hp 1 Hp Device Manager 2024-11-21 8.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26296 1 Hp 1 Hp Device Manager 2024-11-21 8.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26295 1 Hp 1 Hp Device Manager 2024-11-21 9.8 Critical
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26294 1 Hp 1 Hp Device Manager 2024-11-21 7.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26283 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-11-21 5.4 Medium
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.
CVE-2023-26281 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Http Server and 4 more 2024-11-21 5.9 Medium
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.
CVE-2023-23477 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-11-21 8.1 High
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.
CVE-2023-22791 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-11-21 5.4 Medium
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
CVE-2023-22790 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-11-21 7.2 High
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.