Vendor CVEs
Microfocus
All CVEs
2,225 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3282 | Low | 0.21 | 3.3 | 0.00 | Jan 9, 2020 | 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local… | ||
| CVE-2018-1346 | Low | 0.20 | 3.1 | 0.01 | Mar 21, 2018 | Addresses denial of service attack to eDirectory versions prior to 9.1. | ||
| CVE-2018-1344 | Low | 0.20 | 3.1 | 0.01 | Mar 21, 2018 | Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 | ||
| CVE-2017-5190 | Low | 0.20 | 3.1 | 0.01 | Apr 20, 2017 | NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. | ||
| CVE-2022-26325 | Low | 0.19 | 2.9 | 0.00 | May 2, 2022 | Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | ||
| CVE-2018-7675 | Low | 0.18 | 2.8 | 0.01 | Mar 7, 2018 | In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to… | ||
| CVE-2023-32263 | Low | 0.17 | 2.6 | 0.00 | Jul 19, 2023 | A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability… | ||
| CVE-2018-1350 | Low | 0.15 | 2.3 | 0.01 | Mar 26, 2018 | The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | ||
| CVE-2018-1349 | Low | 0.15 | 2.3 | 0.01 | Mar 26, 2018 | The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. | ||
| CVE-2025-0883 | Low | 0.14 | — | 0.00 | Mar 12, 2025 | Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager. The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80. | ||
| CVE-2017-2752 | Low | 0.14 | 2.1 | 0.00 | Mar 27, 2019 | A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. | ||
| CVE-2018-7674 | Low | 0.14 | 2.1 | 0.01 | Mar 28, 2018 | The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | ||
| CVE-2022-26328 | Low | 0.13 | — | 0.00 | Aug 21, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63. | ||
| CVE-2017-9279 | Low | 0.13 | 2.0 | 0.01 | Mar 2, 2018 | NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | ||
| CVE-2022-26329 | Low | 0.12 | 1.8 | 0.00 | Jan 26, 2023 | File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. | ||
| CVE-2000-0573 | 0.11 | — | 0.96 | Jul 7, 2000 | The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. | |||
| CVE-1999-0016 | 0.11 | — | 0.96 | Dec 1, 1997 | Land IP denial of service. | |||
| CVE-2014-2623 | 0.10 | — | 0.89 | Jul 18, 2014 | Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-2333 | 0.10 | — | 0.90 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. | |||
| CVE-2011-1865 | 0.10 | — | 0.89 | Jul 1, 2011 | Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters. | |||
| CVE-2011-0276 | 0.10 | — | 0.82 | Feb 2, 2011 | HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet… | |||
| CVE-2004-1857 | 0.10 | — | 0.87 | Mar 24, 2004 | Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | |||
| CVE-2003-0201 | 0.10 | — | 0.84 | May 5, 2003 | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | |||
| CVE-2003-0085 | 0.10 | — | 0.88 | Mar 31, 2003 | Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code. | |||
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | |||
| CVE-2013-6221 | 0.09 | — | 0.78 | Jun 18, 2014 | Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka… | |||
| CVE-2013-4835 | 0.09 | — | 0.71 | Nov 4, 2013 | The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765. | |||
| CVE-2013-4811 | 0.09 | — | 0.71 | Sep 16, 2013 | UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently… | |||
| CVE-2013-2367 | 0.09 | — | 0.69 | Jul 31, 2013 | Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. | |||
| CVE-2011-2404 | 0.09 | — | 0.73 | Aug 11, 2011 | A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and… | |||
| CVE-2011-0923 | 0.09 | — | 0.81 | Feb 9, 2011 | The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." | |||
| CVE-2011-0267 | 0.09 | — | 0.72 | Jan 13, 2011 | Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266. | |||
| CVE-2011-0266 | 0.09 | — | 0.70 | Jan 13, 2011 | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2. | |||
| CVE-2010-2703 | 0.09 | — | 0.71 | Jul 28, 2010 | Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. | |||
| CVE-2010-1885 | 0.09 | — | 0.75 | Jun 15, 2010 | The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute… | |||
| CVE-2010-1961 | 0.09 | — | 0.69 | Jun 10, 2010 | Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function. | |||
| CVE-2010-1960 | 0.09 | — | 0.69 | Jun 10, 2010 | Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe. | |||
| CVE-2010-1553 | 0.09 | — | 0.72 | May 13, 2010 | Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter. | |||
| CVE-2010-1552 | 0.09 | — | 0.69 | May 13, 2010 | Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters. | |||
| CVE-2010-1549 | 0.09 | — | 0.79 | May 7, 2010 | Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2009-3999 | 0.09 | — | 0.72 | Jan 20, 2010 | Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | |||
| CVE-2009-4178 | 0.09 | — | 0.74 | Dec 10, 2009 | Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter. | |||
| CVE-2009-3849 | 0.09 | — | 0.74 | Dec 10, 2009 | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe. | |||
| CVE-2009-3844 | 0.09 | — | 0.74 | Dec 8, 2009 | Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet. | |||
| CVE-2009-4189 | 0.09 | — | 0.79 | Dec 3, 2009 | HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet… | |||
| CVE-2009-4188 | 0.09 | — | 0.69 | Dec 3, 2009 | HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat… | |||
| CVE-2009-3843 | 0.09 | — | 0.79 | Nov 24, 2009 | HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServle… | |||
| CVE-2009-2685 | 0.09 | — | 0.77 | Nov 6, 2009 | Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. | |||
| CVE-2009-0920 | 0.09 | — | 0.75 | Mar 25, 2009 | Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067. | |||
| CVE-2008-0960 | 0.09 | — | 0.69 | Jun 10, 2008 | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2;… |
- risk 0.21cvss 3.3epss 0.00
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local…
- risk 0.20cvss 3.1epss 0.01
Addresses denial of service attack to eDirectory versions prior to 9.1.
- risk 0.20cvss 3.1epss 0.01
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
- risk 0.20cvss 3.1epss 0.01
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.
- risk 0.19cvss 2.9epss 0.00
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
- risk 0.18cvss 2.8epss 0.01
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to…
- risk 0.17cvss 2.6epss 0.00
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability…
- risk 0.15cvss 2.3epss 0.01
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.
- risk 0.15cvss 2.3epss 0.01
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
- risk 0.14cvss —epss 0.00
Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager. The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.
- risk 0.14cvss 2.1epss 0.00
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.
- risk 0.14cvss 2.1epss 0.01
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
- risk 0.13cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.
- risk 0.13cvss 2.0epss 0.01
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
- risk 0.12cvss 1.8epss 0.00
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
- CVE-2000-0573Jul 7, 2000risk 0.11cvss —epss 0.96
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
- CVE-1999-0016Dec 1, 1997risk 0.11cvss —epss 0.96
Land IP denial of service.
- CVE-2014-2623Jul 18, 2014risk 0.10cvss —epss 0.89
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2013-2333Jun 6, 2013risk 0.10cvss —epss 0.90
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
- CVE-2011-1865Jul 1, 2011risk 0.10cvss —epss 0.89
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
- CVE-2011-0276Feb 2, 2011risk 0.10cvss —epss 0.82
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet…
- CVE-2004-1857Mar 24, 2004risk 0.10cvss —epss 0.87
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
- CVE-2003-0201May 5, 2003risk 0.10cvss —epss 0.84
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
- CVE-2003-0085Mar 31, 2003risk 0.10cvss —epss 0.88
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
- CVE-2001-0797Dec 12, 2001risk 0.10cvss —epss 0.89
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
- CVE-2013-6221Jun 18, 2014risk 0.09cvss —epss 0.78
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka…
- CVE-2013-4835Nov 4, 2013risk 0.09cvss —epss 0.71
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
- CVE-2013-4811Sep 16, 2013risk 0.09cvss —epss 0.71
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently…
- CVE-2013-2367Jul 31, 2013risk 0.09cvss —epss 0.69
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
- CVE-2011-2404Aug 11, 2011risk 0.09cvss —epss 0.73
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and…
- CVE-2011-0923Feb 9, 2011risk 0.09cvss —epss 0.81
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
- CVE-2011-0267Jan 13, 2011risk 0.09cvss —epss 0.72
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.
- CVE-2011-0266Jan 13, 2011risk 0.09cvss —epss 0.70
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.
- CVE-2010-2703Jul 28, 2010risk 0.09cvss —epss 0.71
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
- CVE-2010-1885Jun 15, 2010risk 0.09cvss —epss 0.75
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute…
- CVE-2010-1961Jun 10, 2010risk 0.09cvss —epss 0.69
Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.
- CVE-2010-1960Jun 10, 2010risk 0.09cvss —epss 0.69
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.
- CVE-2010-1553May 13, 2010risk 0.09cvss —epss 0.72
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.
- CVE-2010-1552May 13, 2010risk 0.09cvss —epss 0.69
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.
- CVE-2010-1549May 7, 2010risk 0.09cvss —epss 0.79
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2009-3999Jan 20, 2010risk 0.09cvss —epss 0.72
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
- CVE-2009-4178Dec 10, 2009risk 0.09cvss —epss 0.74
Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.
- CVE-2009-3849Dec 10, 2009risk 0.09cvss —epss 0.74
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
- CVE-2009-3844Dec 8, 2009risk 0.09cvss —epss 0.74
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
- CVE-2009-4189Dec 3, 2009risk 0.09cvss —epss 0.79
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet…
- CVE-2009-4188Dec 3, 2009risk 0.09cvss —epss 0.69
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat…
- CVE-2009-3843Nov 24, 2009risk 0.09cvss —epss 0.79
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServle…
- CVE-2009-2685Nov 6, 2009risk 0.09cvss —epss 0.77
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
- CVE-2009-0920Mar 25, 2009risk 0.09cvss —epss 0.75
Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.
- CVE-2008-0960Jun 10, 2008risk 0.09cvss —epss 0.69
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2;…
Page 17 of 45