VYPR

Vendor CVEs

Microfocus

All CVEs

2,280 total · sorted by risk
  • CVE-2015-3113CriKEVJun 23, 2015
    risk 0.87cvss 9.8epss 1.00

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

  • CVE-2012-1823CriKEVMay 11, 2012
    risk 0.87cvss 9.8epss 1.00

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options…

  • CVE-2017-5638CriKEVMar 11, 2017
    risk 0.86cvss 9.8epss 1.00

    The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…

  • CVE-2013-4810CriKEVSep 16, 2013
    risk 0.85cvss 9.8epss 0.79

    HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE:…

  • CVE-2005-2773CriKEVSep 2, 2005
    risk 0.85cvss 9.8epss 0.74

    HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

  • CVE-2015-8651HigKEVDec 28, 2015
    risk 0.75cvss 8.8epss 0.68

    Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to…

  • CVE-2018-12464CriJun 29, 2018
    risk 0.74cvss 10.0epss 0.81

    A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account…

  • CVE-2016-2004CriApr 21, 2016
    risk 0.74cvss 9.8epss 0.94

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

  • CVE-2016-1606CriJul 3, 2016
    risk 0.70cvss 9.8epss 0.46

    Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to…

  • CVE-2017-5791CriOct 11, 2017
    risk 0.69cvss 9.8epss 0.69

    The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.

  • CVE-2018-12463CriJul 12, 2018
    risk 0.68cvss 9.8epss 0.14

    An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

  • CVE-2018-12465CriJun 29, 2018
    risk 0.68cvss 9.1epss 0.79

    An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with…

  • CVE-2018-9022CriJun 18, 2018
    risk 0.68cvss 9.8epss 0.20

    An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

  • CVE-2016-4372CriJul 15, 2016
    risk 0.68cvss 9.8epss 0.19

    HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object,…

  • CVE-2016-5228CriJul 3, 2016
    risk 0.68cvss 9.8epss 0.15

    Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references…

  • CVE-2017-14803CriJan 20, 2018
    risk 0.67cvss 9.8epss 0.35

    In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

  • CVE-2016-2182CriSep 16, 2016
    risk 0.67cvss 9.8epss 0.44

    The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown…

  • CVE-2016-2177CriJun 20, 2016
    risk 0.67cvss 9.8epss 0.45

    OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc…

  • CVE-2016-1985CriJan 30, 2016
    risk 0.66cvss 10.0epss 0.07

    HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2024-13980CriAug 27, 2025
    risk 0.65cvss epss 0.01

    H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged…

  • CVE-2018-5924CriAug 13, 2018
    risk 0.65cvss 9.8epss 0.12

    A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

  • CVE-2016-4404CriAug 6, 2018
    risk 0.65cvss 9.8epss 0.15

    A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.

  • CVE-2016-4403CriAug 6, 2018
    risk 0.65cvss 9.8epss 0.14

    A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.

  • CVE-2016-4402CriAug 6, 2018
    risk 0.65cvss 9.8epss 0.16

    A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.

  • CVE-2016-4391CriAug 6, 2018
    risk 0.65cvss 9.8epss 0.20

    A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.

  • CVE-2017-5789CriOct 11, 2017
    risk 0.65cvss 9.8epss 0.18

    HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.

  • CVE-2016-4359CriJun 8, 2016
    risk 0.65cvss 9.8epss 0.16

    Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch…

  • CVE-2016-4543CriMay 22, 2016
    risk 0.65cvss 9.8epss 0.12

    The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via…

  • CVE-2016-2008CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.10

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-2007CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.20

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.

  • CVE-2016-2006CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.20

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.

  • CVE-2016-2005CriApr 21, 2016
    risk 0.65cvss 9.8epss 0.20

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.

  • CVE-2016-1995CriMar 18, 2016
    risk 0.65cvss 9.8epss 0.10

    HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-1989CriMar 15, 2016
    risk 0.65cvss 9.8epss 0.11

    HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.

  • CVE-2016-1988CriMar 15, 2016
    risk 0.65cvss 9.8epss 0.11

    HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

  • CVE-2001-0248CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.11

    Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

  • CVE-2001-0249CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.20

    Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

  • CVE-2026-8631CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print…

  • CVE-2018-7679CriJun 21, 2018
    risk 0.64cvss 9.8epss 0.02

    Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.

  • CVE-2018-9029CriJun 18, 2018
    risk 0.64cvss 9.8epss 0.02

    An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

  • CVE-2018-6489CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.01

    XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)

  • CVE-2018-6487CriFeb 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.

  • CVE-2018-1342CriJan 26, 2018
    risk 0.64cvss 9.8epss 0.01

    A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.

  • CVE-2017-14356CriOct 31, 2017
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

  • CVE-2017-8994CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.10

    A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

  • CVE-2017-14351CriSep 30, 2017
    risk 0.64cvss 9.8epss 0.04

    A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.

  • CVE-2017-14350CriSep 30, 2017
    risk 0.64cvss 9.8epss 0.07

    A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.

  • CVE-2017-14349CriSep 30, 2017
    risk 0.64cvss 9.8epss 0.03

    An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.

  • CVE-2017-13983CriSep 30, 2017
    risk 0.64cvss 9.8epss 0.06

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.

  • CVE-2017-9283CriSep 21, 2017
    risk 0.64cvss 9.8epss 0.01

    An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.

Page 1 of 46