VYPR

Vendor CVEs

Microfocus

All CVEs

2,225 total · sorted by risk
  • CVE-2010-3282LowJan 9, 2020
    risk 0.21cvss 3.3epss 0.00

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local…

  • CVE-2018-1346LowMar 21, 2018
    risk 0.20cvss 3.1epss 0.01

    Addresses denial of service attack to eDirectory versions prior to 9.1.

  • CVE-2018-1344LowMar 21, 2018
    risk 0.20cvss 3.1epss 0.01

    Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1

  • CVE-2017-5190LowApr 20, 2017
    risk 0.20cvss 3.1epss 0.01

    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.

  • CVE-2022-26325LowMay 2, 2022
    risk 0.19cvss 2.9epss 0.00

    Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2

  • CVE-2018-7675LowMar 7, 2018
    risk 0.18cvss 2.8epss 0.01

    In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to…

  • CVE-2023-32263LowJul 19, 2023
    risk 0.17cvss 2.6epss 0.00

    A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability…

  • CVE-2018-1350LowMar 26, 2018
    risk 0.15cvss 2.3epss 0.01

    The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.

  • CVE-2018-1349LowMar 26, 2018
    risk 0.15cvss 2.3epss 0.01

    The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.

  • CVE-2025-0883LowMar 12, 2025
    risk 0.14cvss epss 0.00

    Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.

  • CVE-2017-2752LowMar 27, 2019
    risk 0.14cvss 2.1epss 0.00

    A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.

  • CVE-2018-7674LowMar 28, 2018
    risk 0.14cvss 2.1epss 0.01

    The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.

  • CVE-2022-26328LowAug 21, 2024
    risk 0.13cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.

  • CVE-2017-9279LowMar 2, 2018
    risk 0.13cvss 2.0epss 0.01

    NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.

  • CVE-2022-26329LowJan 26, 2023
    risk 0.12cvss 1.8epss 0.00

    File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

  • CVE-2000-0573Jul 7, 2000
    risk 0.11cvss epss 0.96

    The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

  • CVE-1999-0016Dec 1, 1997
    risk 0.11cvss epss 0.96

    Land IP denial of service.

  • CVE-2014-2623Jul 18, 2014
    risk 0.10cvss epss 0.89

    Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2013-2333Jun 6, 2013
    risk 0.10cvss epss 0.90

    Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.

  • CVE-2011-1865Jul 1, 2011
    risk 0.10cvss epss 0.89

    Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.

  • CVE-2011-0276Feb 2, 2011
    risk 0.10cvss epss 0.82

    HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet…

  • CVE-2004-1857Mar 24, 2004
    risk 0.10cvss epss 0.87

    Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.

  • CVE-2003-0201May 5, 2003
    risk 0.10cvss epss 0.84

    Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

  • CVE-2003-0085Mar 31, 2003
    risk 0.10cvss epss 0.88

    Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

  • CVE-2001-0797Dec 12, 2001
    risk 0.10cvss epss 0.89

    Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

  • CVE-2013-6221Jun 18, 2014
    risk 0.09cvss epss 0.78

    Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka…

  • CVE-2013-4835Nov 4, 2013
    risk 0.09cvss epss 0.71

    The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

  • CVE-2013-4811Sep 16, 2013
    risk 0.09cvss epss 0.71

    UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently…

  • CVE-2013-2367Jul 31, 2013
    risk 0.09cvss epss 0.69

    Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.

  • CVE-2011-2404Aug 11, 2011
    risk 0.09cvss epss 0.73

    A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and…

  • CVE-2011-0923Feb 9, 2011
    risk 0.09cvss epss 0.81

    The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

  • CVE-2011-0267Jan 13, 2011
    risk 0.09cvss epss 0.72

    Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.

  • CVE-2011-0266Jan 13, 2011
    risk 0.09cvss epss 0.70

    Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.

  • CVE-2010-2703Jul 28, 2010
    risk 0.09cvss epss 0.71

    Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.

  • CVE-2010-1885Jun 15, 2010
    risk 0.09cvss epss 0.75

    The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute…

  • CVE-2010-1961Jun 10, 2010
    risk 0.09cvss epss 0.69

    Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

  • CVE-2010-1960Jun 10, 2010
    risk 0.09cvss epss 0.69

    Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.

  • CVE-2010-1553May 13, 2010
    risk 0.09cvss epss 0.72

    Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.

  • CVE-2010-1552May 13, 2010
    risk 0.09cvss epss 0.69

    Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.

  • CVE-2010-1549May 7, 2010
    risk 0.09cvss epss 0.79

    Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2009-3999Jan 20, 2010
    risk 0.09cvss epss 0.72

    Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

  • CVE-2009-4178Dec 10, 2009
    risk 0.09cvss epss 0.74

    Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.

  • CVE-2009-3849Dec 10, 2009
    risk 0.09cvss epss 0.74

    Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.

  • CVE-2009-3844Dec 8, 2009
    risk 0.09cvss epss 0.74

    Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.

  • CVE-2009-4189Dec 3, 2009
    risk 0.09cvss epss 0.79

    HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet…

  • CVE-2009-4188Dec 3, 2009
    risk 0.09cvss epss 0.69

    HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat…

  • CVE-2009-3843Nov 24, 2009
    risk 0.09cvss epss 0.79

    HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServle…

  • CVE-2009-2685Nov 6, 2009
    risk 0.09cvss epss 0.77

    Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.

  • CVE-2009-0920Mar 25, 2009
    risk 0.09cvss epss 0.75

    Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

  • CVE-2008-0960Jun 10, 2008
    risk 0.09cvss epss 0.69

    SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2;…

Page 17 of 45