| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. |
| A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. |
| A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. |
| A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. |
| A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability. |
| A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability
could potentially allow a local attacker to escalate privileges via a race condition when installing packages. |
| Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities. |
| Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities |
| HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. |
| A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. |
| An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system. |
| Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system. |
| A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism. |
| The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. |
| The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. |
| A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware. |
| Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. |
| Certain HP LaserJet Pro printers may potentially
experience a denial of service when a user sends a raw JPEG file to the printer
via IPP (Internet Printing Protocol). |
| Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. |
