HP : Security Vulnerabilities, CVEs, Published In March 2019

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.

Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.

SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.

HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.

A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.

In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.

A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.