VYPR

Vendor CVEs

Microfocus

All CVEs

2,287 total · sorted by risk
  • CVE-2000-0702Oct 20, 2000
    risk 0.03cvss epss 0.01

    The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

  • CVE-2000-0636Jul 19, 2000
    risk 0.03cvss epss 0.04

    HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

  • CVE-2000-0516Jun 6, 2000
    risk 0.03cvss epss 0.01

    When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.

  • CVE-2000-0468Jun 2, 2000
    risk 0.03cvss epss 0.01

    man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

  • CVE-1999-0693Mar 2, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

  • CVE-2000-0077Jan 2, 2000
    risk 0.03cvss epss 0.01

    The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

  • CVE-1999-1433Jul 15, 1998
    risk 0.03cvss epss 0.01

    HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

  • CVE-1999-0014Jan 21, 1998
    risk 0.03cvss epss 0.01

    Unauthorized privileged access or denial of service via dtappgather program in CDE.

  • CVE-1999-0306Nov 4, 1997
    risk 0.03cvss epss 0.02

    buffer overflow in HP xlock program.

  • CVE-1999-0040May 1, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

  • CVE-1999-1408Mar 5, 1997
    risk 0.03cvss epss 0.01

    Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.

  • CVE-1999-0050Dec 1, 1996
    risk 0.03cvss epss 0.01

    Buffer overflow in HP-UX newgrp program.

  • CVE-1999-0130Nov 16, 1996
    risk 0.03cvss epss 0.01

    Local users can start Sendmail in daemon mode and gain root privileges.

  • CVE-2015-6946Sep 15, 2015
    risk 0.02cvss epss 0.20

    Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit…

  • CVE-2014-2626Jul 26, 2014
    risk 0.02cvss epss 0.19

    Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

  • CVE-2012-0127Mar 31, 2012
    risk 0.02cvss epss 0.23

    Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-1867Jul 11, 2011
    risk 0.02cvss epss 0.26

    Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to…

  • CVE-2011-1732May 7, 2011
    risk 0.02cvss epss 0.25

    Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.

  • CVE-2009-4000Jan 20, 2010
    risk 0.02cvss epss 0.20

    Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

  • CVE-2009-3845Dec 10, 2009
    risk 0.02cvss epss 0.22

    The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

  • CVE-2004-0826Dec 31, 2004
    risk 0.02cvss epss 0.23

    Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

  • CVE-2003-0196May 5, 2003
    risk 0.02cvss epss 0.23

    Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

  • CVE-2002-0679Sep 5, 2002
    risk 0.02cvss epss 0.23

    Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

  • CVE-2002-0076Mar 19, 2002
    risk 0.02cvss epss 0.27

    Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…

  • CVE-2015-8241Dec 15, 2015
    risk 0.01cvss epss 0.05

    The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

  • CVE-2015-7499Dec 15, 2015
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

  • CVE-2015-3196Dec 6, 2015
    risk 0.01cvss epss 0.13

    ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double…

  • CVE-2015-2135Aug 31, 2015
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2015-5368Aug 27, 2015
    risk 0.01cvss epss 0.07

    The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified…

  • CVE-2015-3269Aug 25, 2015
    risk 0.01cvss epss 0.10

    Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an…

  • CVE-2015-5424Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.

  • CVE-2015-5423Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.

  • CVE-2015-5422Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.

  • CVE-2015-5421Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.

  • CVE-2015-5420Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.

  • CVE-2015-5419Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.

  • CVE-2015-5418Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.

  • CVE-2015-5417Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.

  • CVE-2015-5416Aug 24, 2015
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.

  • CVE-2015-2137Aug 22, 2015
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2015-3237Jun 22, 2015
    risk 0.01cvss epss 0.09

    The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

  • CVE-2015-2110May 25, 2015
    risk 0.01cvss epss 0.11

    Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2015-2117Apr 27, 2015
    risk 0.01cvss epss 0.09

    HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading…

  • CVE-2015-3148Apr 24, 2015
    risk 0.01cvss epss 0.18

    cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

  • CVE-2015-3143Apr 24, 2015
    risk 0.01cvss epss 0.16

    cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

  • CVE-2015-2113Apr 14, 2015
    risk 0.01cvss epss 0.08

    Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary…

  • CVE-2014-7876Mar 31, 2015
    risk 0.01cvss epss 0.13

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

  • CVE-2014-7898Mar 9, 2015
    risk 0.01cvss epss 0.10

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2014-7897Mar 9, 2015
    risk 0.01cvss epss 0.10

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated…

  • CVE-2014-7895Mar 9, 2015
    risk 0.01cvss epss 0.10

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR,…

Page 23 of 46