Vendor CVEs
Microfocus
All CVEs
2,280 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3113 | Cri | 0.87 | 9.8 | 1.00 | KEV | Jun 23, 2015 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | |
| CVE-2012-1823 | Cri | 0.87 | 9.8 | 1.00 | KEV | May 11, 2012 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options… | |
| CVE-2017-5638 | Cri | 0.86 | 9.8 | 1.00 | KEV | Mar 11, 2017 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,… | |
| CVE-2013-4810 | Cri | 0.85 | 9.8 | 0.79 | KEV | Sep 16, 2013 | HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE:… | |
| CVE-2005-2773 | Cri | 0.85 | 9.8 | 0.74 | KEV | Sep 2, 2005 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | |
| CVE-2015-8651 | Hig | 0.75 | 8.8 | 0.68 | KEV | Dec 28, 2015 | Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to… | |
| CVE-2018-12464 | Cri | 0.74 | 10.0 | 0.81 | Jun 29, 2018 | A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account… | ||
| CVE-2016-2004 | Cri | 0.74 | 9.8 | 0.94 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | ||
| CVE-2016-1606 | Cri | 0.70 | 9.8 | 0.46 | Jul 3, 2016 | Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to… | ||
| CVE-2017-5791 | Cri | 0.69 | 9.8 | 0.69 | Oct 11, 2017 | The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||
| CVE-2018-12463 | Cri | 0.68 | 9.8 | 0.14 | Jul 12, 2018 | An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||
| CVE-2018-12465 | Cri | 0.68 | 9.1 | 0.79 | Jun 29, 2018 | An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with… | ||
| CVE-2018-9022 | Cri | 0.68 | 9.8 | 0.20 | Jun 18, 2018 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | ||
| CVE-2016-4372 | Cri | 0.68 | 9.8 | 0.19 | Jul 15, 2016 | HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object,… | ||
| CVE-2016-5228 | Cri | 0.68 | 9.8 | 0.15 | Jul 3, 2016 | Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references… | ||
| CVE-2017-14803 | Cri | 0.67 | 9.8 | 0.35 | Jan 20, 2018 | In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | ||
| CVE-2016-2182 | Cri | 0.67 | 9.8 | 0.44 | Sep 16, 2016 | The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown… | ||
| CVE-2016-2177 | Cri | 0.67 | 9.8 | 0.45 | Jun 20, 2016 | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc… | ||
| CVE-2016-1985 | Cri | 0.66 | 10.0 | 0.07 | Jan 30, 2016 | HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||
| CVE-2024-13980 | Cri | 0.65 | — | 0.01 | Aug 27, 2025 | H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged… | ||
| CVE-2018-5924 | Cri | 0.65 | 9.8 | 0.12 | Aug 13, 2018 | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution. | ||
| CVE-2016-4404 | Cri | 0.65 | 9.8 | 0.15 | Aug 6, 2018 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue. | ||
| CVE-2016-4403 | Cri | 0.65 | 9.8 | 0.14 | Aug 6, 2018 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption. | ||
| CVE-2016-4402 | Cri | 0.65 | 9.8 | 0.16 | Aug 6, 2018 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow. | ||
| CVE-2016-4391 | Cri | 0.65 | 9.8 | 0.20 | Aug 6, 2018 | A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | ||
| CVE-2017-5789 | Cri | 0.65 | 9.8 | 0.18 | Oct 11, 2017 | HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | ||
| CVE-2016-4359 | Cri | 0.65 | 9.8 | 0.16 | Jun 8, 2016 | Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch… | ||
| CVE-2016-4543 | Cri | 0.65 | 9.8 | 0.12 | May 22, 2016 | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via… | ||
| CVE-2016-2008 | Cri | 0.65 | 9.8 | 0.10 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-2007 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | ||
| CVE-2016-2006 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. | ||
| CVE-2016-2005 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. | ||
| CVE-2016-1995 | Cri | 0.65 | 9.8 | 0.10 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-1989 | Cri | 0.65 | 9.8 | 0.11 | Mar 15, 2016 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988. | ||
| CVE-2016-1988 | Cri | 0.65 | 9.8 | 0.11 | Mar 15, 2016 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989. | ||
| CVE-2001-0248 | Cri | 0.65 | 9.8 | 0.11 | Jun 18, 2001 | Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. | ||
| CVE-2001-0249 | Cri | 0.65 | 9.8 | 0.20 | Jun 18, 2001 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | ||
| CVE-2026-8631 | Cri | 0.64 | 9.8 | 0.01 | May 20, 2026 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print… | ||
| CVE-2018-7679 | Cri | 0.64 | 9.8 | 0.02 | Jun 21, 2018 | Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | ||
| CVE-2018-9029 | Cri | 0.64 | 9.8 | 0.02 | Jun 18, 2018 | An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | ||
| CVE-2018-6489 | Cri | 0.64 | 9.8 | 0.01 | Feb 22, 2018 | XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | ||
| CVE-2018-6487 | Cri | 0.64 | 9.8 | 0.02 | Feb 20, 2018 | Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information. | ||
| CVE-2018-1342 | Cri | 0.64 | 9.8 | 0.01 | Jan 26, 2018 | A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. | ||
| CVE-2017-14356 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2017 | An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | ||
| CVE-2017-8994 | Cri | 0.64 | 9.8 | 0.10 | Oct 10, 2017 | A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | ||
| CVE-2017-14351 | Cri | 0.64 | 9.8 | 0.04 | Sep 30, 2017 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | ||
| CVE-2017-14350 | Cri | 0.64 | 9.8 | 0.07 | Sep 30, 2017 | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | ||
| CVE-2017-14349 | Cri | 0.64 | 9.8 | 0.03 | Sep 30, 2017 | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | ||
| CVE-2017-13983 | Cri | 0.64 | 9.8 | 0.06 | Sep 30, 2017 | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | ||
| CVE-2017-9283 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2017 | An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. |
- risk 0.87cvss 9.8epss 1.00
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
- risk 0.87cvss 9.8epss 1.00
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options…
- risk 0.86cvss 9.8epss 1.00
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…
- risk 0.85cvss 9.8epss 0.79
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE:…
- risk 0.85cvss 9.8epss 0.74
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
- risk 0.75cvss 8.8epss 0.68
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to…
- risk 0.74cvss 10.0epss 0.81
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account…
- risk 0.74cvss 9.8epss 0.94
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
- risk 0.70cvss 9.8epss 0.46
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to…
- risk 0.69cvss 9.8epss 0.69
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
- risk 0.68cvss 9.8epss 0.14
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
- risk 0.68cvss 9.1epss 0.79
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with…
- risk 0.68cvss 9.8epss 0.20
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
- risk 0.68cvss 9.8epss 0.19
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object,…
- risk 0.68cvss 9.8epss 0.15
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references…
- risk 0.67cvss 9.8epss 0.35
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
- risk 0.67cvss 9.8epss 0.44
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown…
- risk 0.67cvss 9.8epss 0.45
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc…
- risk 0.66cvss 10.0epss 0.07
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
- risk 0.65cvss —epss 0.01
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged…
- risk 0.65cvss 9.8epss 0.12
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.
- risk 0.65cvss 9.8epss 0.15
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.
- risk 0.65cvss 9.8epss 0.14
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.
- risk 0.65cvss 9.8epss 0.16
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.
- risk 0.65cvss 9.8epss 0.20
A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.
- risk 0.65cvss 9.8epss 0.18
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
- risk 0.65cvss 9.8epss 0.16
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch…
- risk 0.65cvss 9.8epss 0.12
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via…
- risk 0.65cvss 9.8epss 0.10
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
- risk 0.65cvss 9.8epss 0.10
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.65cvss 9.8epss 0.11
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
- risk 0.65cvss 9.8epss 0.11
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
- risk 0.65cvss 9.8epss 0.11
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
- risk 0.65cvss 9.8epss 0.20
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
- risk 0.64cvss 9.8epss 0.01
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print…
- risk 0.64cvss 9.8epss 0.02
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
- risk 0.64cvss 9.8epss 0.02
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
- risk 0.64cvss 9.8epss 0.01
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)
- risk 0.64cvss 9.8epss 0.02
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.
- risk 0.64cvss 9.8epss 0.01
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
- risk 0.64cvss 9.8epss 0.10
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
- risk 0.64cvss 9.8epss 0.04
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
- risk 0.64cvss 9.8epss 0.07
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
- risk 0.64cvss 9.8epss 0.03
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
- risk 0.64cvss 9.8epss 0.06
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
- risk 0.64cvss 9.8epss 0.01
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
Page 1 of 46