CVE-2019-16284
https://notcve.org/view.php?id=CVE-2019-16284
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. Ha sido identificada una potencial vulnerabilidad de seguridad en múltiples productos y versiones de HP que implica la posible ejecución de código arbitrario durante los servicios de arranque que puede resultar en una elevación de privilegios. La estructura de EFI_BOOT_SERVICES podría ser sobrescrita por parte de un atacante para ejecutar código SMM (System Management Mode) arbitrario. • https://support.hp.com/rs-en/document/c06456250 •
CVE-2017-8360
https://notcve.org/view.php?id=CVE-2017-8360
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. La tarea mictray64 de Conexant Systems, tal como es usada en los sistemas HP Elite, EliteBook, ProBook y ZBook, filtra datos confidenciales (keystrokes) a cualquier proceso. En mictray64.exe (mic tray icon) versión 1.0.0.46, un hook de Windows en LowLevelKeyboardProc es usado para capturar las pulsaciones de teclas (keystrokes). • http://www.securitytracker.com/id/1038527 https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2243
https://notcve.org/view.php?id=CVE-2016-2243
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. Sure Start en HP Commercial PCs 2015 permite a usuarios locales causar una denegación de servicio (fallo de recuperación de la BIOS) aprovechándose del acceso administrativo. • http://www.securitytracker.com/id/1035193 https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469 • CWE-284: Improper Access Control •
CVE-2015-5368
https://notcve.org/view.php?id=CVE-2015-5368
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors. Vulnerabilidad en el módulo HP lt4112 LTE/HSPA+ Gobi 4G con firmware anterior a 12.500.00.15.1803 en dispositivos Thin Client EliteBook, ElitePad, Elite, ProBook, Spectre, Zbook y mt41, permite a atacantes remotos modificar los datos, provocar una denegación de servicio o ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/76176 http://www.securitytracker.com/id/1033414 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5367
https://notcve.org/view.php?id=CVE-2015-5367
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. Vulnerabilidad en el módulo HP lt4112 LTE/HSPA+ Gobi 4G con firmware anterior a 12.500.00.15.1803 en dispositivos Thin Client EliteBook, ElitePad, Elite, ProBook, Spectre, Zbook y mt4, permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www.securityfocus.com/bid/76171 http://www.securitytracker.com/id/1033414 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272 • CWE-264: Permissions, Privileges, and Access Controls •