VYPR

Vendor CVEs

Microfocus

All CVEs

2,180 total · sorted by risk
  • CVE-2016-5752HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.

  • CVE-2016-4396HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

  • CVE-2016-4395HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

  • CVE-2016-4378HigAug 26, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before…

  • CVE-2016-4367HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4365HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4361HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…

  • CVE-2016-2027HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

  • CVE-2016-2026HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

  • CVE-2016-2025HigMay 30, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

  • CVE-2016-3705HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.05

    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted…

  • CVE-2016-3627HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.07

    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

  • CVE-2015-5446HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.03

    HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2018-6486HigFeb 2, 2018
    risk 0.48cvss 7.3epss 0.01

    XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

  • CVE-2017-14361HigDec 13, 2017
    risk 0.48cvss 7.4epss 0.01

    Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.

  • CVE-2016-4385HigSep 29, 2016
    risk 0.48cvss 7.3epss 0.04

    The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils…

  • CVE-2016-2107MedMay 5, 2016
    risk 0.48cvss 5.9epss 0.89

    The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE:…

  • CVE-2016-2001HigApr 12, 2016
    risk 0.48cvss 7.4epss 0.02

    HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.

  • CVE-2015-6863HigJan 16, 2016
    risk 0.48cvss 7.3epss 0.02

    HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

  • CVE-2026-4667HigApr 15, 2026
    risk 0.47cvss epss 0.00

    HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.

  • CVE-2023-6215HigOct 7, 2025
    risk 0.47cvss epss 0.00

    A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is…

  • CVE-2025-5808HigAug 29, 2025
    risk 0.47cvss epss 0.00

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.

  • CVE-2024-5477HigAug 13, 2025
    risk 0.47cvss epss 0.00

    A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and…

  • CVE-2020-11850HigAug 21, 2024
    risk 0.47cvss 7.3epss 0.00

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6

  • CVE-2021-22508HigMay 17, 2024
    risk 0.47cvss 7.2epss 0.00

    A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.

  • CVE-2023-4464HigDec 29, 2023
    risk 0.47cvss 7.2epss 0.03

    A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101,…

  • CVE-2023-50271HigDec 17, 2023
    risk 0.47cvss 7.2epss 0.01

    A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

  • CVE-2023-32268HigDec 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.

  • CVE-2022-4894HigAug 16, 2023
    risk 0.47cvss 7.3epss 0.00

    Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

  • CVE-2022-38758HigJan 26, 2023
    risk 0.47cvss 7.2epss 0.00

    Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

  • CVE-2022-38757HigDec 23, 2022
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in…

  • CVE-2019-18945HigFeb 26, 2021
    risk 0.47cvss 7.3epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.

  • CVE-2019-16284HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to…

  • CVE-2019-6326HigJun 17, 2019
    risk 0.47cvss 7.2epss 0.02

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow.

  • CVE-2019-6321HigMay 29, 2019
    risk 0.47cvss 7.2epss 0.01

    HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.

  • CVE-2018-5927HigMar 27, 2019
    risk 0.47cvss 7.3epss 0.00

    HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.

  • CVE-2017-14362HigDec 13, 2017
    risk 0.47cvss 7.3epss 0.01

    Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.

  • CVE-2016-0728HigFeb 8, 2016
    risk 0.47cvss 7.8epss 0.04

    The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted…

  • CVE-2016-0777MedJan 14, 2016
    risk 0.47cvss 6.5epss 0.63

    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

  • CVE-2026-0827HigApr 15, 2026
    risk 0.46cvss 7.1epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file…

  • CVE-2024-1470HigFeb 29, 2024
    risk 0.46cvss 7.1epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.

  • CVE-2023-32265HigJul 20, 2023
    risk 0.46cvss 7.1epss 0.00

    A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into…

  • CVE-2023-26299HigJun 30, 2023
    risk 0.46cvss 7.0epss 0.00

    A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

  • CVE-2022-31642HigJun 14, 2023
    risk 0.46cvss 7.0epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31641HigJun 14, 2023
    risk 0.46cvss 7.0epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31640HigJun 14, 2023
    risk 0.46cvss 7.0epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-43779HigFeb 12, 2023
    risk 0.46cvss 7.0epss 0.00

    A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the…

  • CVE-2022-27538HigFeb 1, 2023
    risk 0.46cvss 7.0epss 0.00

    A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential…

  • CVE-2021-22522HigJul 22, 2021
    risk 0.46cvss 7.1epss 0.01

    Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data.

  • CVE-2019-3474MedFeb 20, 2019
    risk 0.46cvss 6.5epss 0.09

    A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

Page 11 of 44