VYPR

Vendor CVEs

Microfocus

All CVEs

2,280 total · sorted by risk
  • CVE-2017-9282CriSep 21, 2017
    risk 0.64cvss 9.8epss 0.01

    An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.

  • CVE-2017-7420CriAug 21, 2017
    risk 0.64cvss 9.8epss 0.02

    An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers…

  • CVE-2017-7432CriMay 3, 2017
    risk 0.64cvss 9.8epss 0.02

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.

  • CVE-2016-5762CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

  • CVE-2016-5757CriMar 23, 2017
    risk 0.64cvss 9.8epss 0.02

    iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.

  • CVE-2016-9176CriNov 4, 2016
    risk 0.64cvss 9.8epss 0.03

    Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.

  • CVE-2016-4375CriSep 8, 2016
    risk 0.64cvss 9.8epss 0.03

    Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive…

  • CVE-2016-4373CriAug 1, 2016
    risk 0.64cvss 9.8epss 0.04

    The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

  • CVE-2016-4448CriJun 9, 2016
    risk 0.64cvss 9.8epss 0.07

    Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

  • CVE-2016-4368CriJun 8, 2016
    risk 0.64cvss 9.8epss 0.05

    HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC)…

  • CVE-2016-4366CriJun 8, 2016
    risk 0.64cvss 9.8epss 0.04

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

  • CVE-2016-2024CriJun 8, 2016
    risk 0.64cvss 9.8epss 0.04

    HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

  • CVE-2016-1999CriMay 30, 2016
    risk 0.64cvss 9.8epss 0.06

    The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-2003CriApr 20, 2016
    risk 0.64cvss 9.8epss 0.04

    HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

  • CVE-2016-2000CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.04

    HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

  • CVE-2016-1998CriMar 22, 2016
    risk 0.64cvss 9.8epss 0.07

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-1997CriMar 22, 2016
    risk 0.64cvss 9.8epss 0.07

    HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-2245CriMar 19, 2016
    risk 0.64cvss 9.8epss 0.06

    HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

  • CVE-2016-1986CriFeb 12, 2016
    risk 0.64cvss 9.8epss 0.04

    HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-1999-1324CriDec 31, 1999
    risk 0.64cvss 9.8epss 0.03

    VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

  • CVE-2015-7547HigFeb 18, 2016
    risk 0.63cvss 8.1epss 0.90

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS…

  • CVE-2017-9630CriAug 7, 2017
    risk 0.61cvss 9.4epss 0.01

    An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem,…

  • CVE-2016-5764HigOct 27, 2016
    risk 0.61cvss 8.8epss 0.08

    Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.

  • CVE-2026-0826CriJun 1, 2026
    risk 0.60cvss epss 0.26

    In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform.

  • CVE-2025-59108CriJan 26, 2026
    risk 0.60cvss epss 0.00

    By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.

  • CVE-2025-59103CriJan 26, 2026
    risk 0.60cvss epss 0.00

    The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that…

  • CVE-2016-4360CriJun 8, 2016
    risk 0.60cvss 9.1epss 0.09

    web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through…

  • CVE-2019-17082CriNov 26, 2024
    risk 0.59cvss epss 0.00

    Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to…

  • CVE-2018-12468CriAug 1, 2018
    risk 0.59cvss 9.1epss 0.02

    A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.

  • CVE-2016-2776HigSep 28, 2016
    risk 0.59cvss 7.5epss 0.89

    buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

  • CVE-2016-2029CriJun 8, 2016
    risk 0.59cvss 9.1epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.

  • CVE-2016-2018CriJun 8, 2016
    risk 0.59cvss 9.1epss 0.04

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-4405HigAug 6, 2018
    risk 0.58cvss 8.8epss 0.05

    A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

  • CVE-2017-5641CriDec 28, 2017
    risk 0.58cvss 9.8epss 0.21

    Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types…

  • CVE-2017-14353HigOct 5, 2017
    risk 0.58cvss 8.8epss 0.05

    A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-2025-59099HigJan 26, 2026
    risk 0.57cvss epss 0.01

    The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible…

  • CVE-2025-59098HigJan 26, 2026
    risk 0.57cvss epss 0.00

    The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the…

  • CVE-2024-27458HigOct 7, 2024
    risk 0.57cvss 8.8epss 0.00

    A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.

  • CVE-2024-3482HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-2835HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-4301HigApr 29, 2024
    risk 0.57cvss 8.8epss 0.01

    N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.

  • CVE-2018-5921HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.01

    A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

  • CVE-2018-6504HigSep 20, 2018
    risk 0.57cvss 8.8epss 0.01

    A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).

  • CVE-2018-6498HigAug 30, 2018
    risk 0.57cvss 8.8epss 0.03

    Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management…

  • CVE-2018-9023HigJun 18, 2018
    risk 0.57cvss 8.8epss 0.02

    An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.

  • CVE-2018-6497HigJun 16, 2018
    risk 0.57cvss 8.8epss 0.01

    Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe…

  • CVE-2018-6496HigJun 16, 2018
    risk 0.57cvss 8.8epss 0.01

    Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

  • CVE-2018-6493HigMay 22, 2018
    risk 0.57cvss 8.8epss 0.02

    SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

  • CVE-2017-7429HigMar 2, 2018
    risk 0.57cvss 8.8epss 0.01

    The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

Page 2 of 46