VYPR

Vendor CVEs

Microfocus

All CVEs

2,285 total · sorted by risk
  • CVE-2006-4201Aug 17, 2006
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation.

  • CVE-2006-1023Mar 7, 2006
    risk 0.01cvss epss 0.07

    Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.

  • CVE-2005-4823Dec 31, 2005
    risk 0.01cvss epss 0.12

    Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2005-3670Nov 18, 2005
    risk 0.01cvss epss 0.09

    Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a…

  • CVE-2005-1826May 3, 2005
    risk 0.01cvss epss 0.08

    Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.

  • CVE-2004-0993Jan 10, 2005
    risk 0.01cvss epss 0.10

    Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.

  • CVE-2004-1332Dec 31, 2004
    risk 0.01cvss epss 0.10

    Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2004-0809Sep 16, 2004
    risk 0.01cvss epss 0.15

    The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

  • CVE-2004-0716Aug 6, 2004
    risk 0.01cvss epss 0.13

    Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.

  • CVE-2004-0368May 4, 2004
    risk 0.01cvss epss 0.11

    Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

  • CVE-2004-1082Feb 3, 2004
    risk 0.01cvss epss 0.08

    mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

  • CVE-2003-0028Mar 25, 2003
    risk 0.01cvss epss 0.15

    Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…

  • CVE-2002-0836Oct 28, 2002
    risk 0.01cvss epss 0.08

    dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

  • CVE-2002-0835Oct 4, 2002
    risk 0.01cvss epss 0.07

    Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

  • CVE-2002-1604Sep 2, 2002
    risk 0.01cvss epss 0.15

    Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

  • CVE-2002-0677Jul 23, 2002
    risk 0.01cvss epss 0.07

    CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

  • CVE-2002-0678Jul 23, 2002
    risk 0.01cvss epss 0.09

    CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

  • CVE-2001-0817Dec 6, 2001
    risk 0.01cvss epss 0.10

    Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

  • CVE-1999-0057Nov 16, 1998
    risk 0.01cvss epss 0.08

    Vacation program allows command execution by remote users through a sendmail command.

  • CVE-1999-0333Aug 1, 1998
    risk 0.01cvss epss 0.06

    HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

  • CVE-1999-0007Jun 26, 1998
    risk 0.01cvss epss 0.08

    Information from SSL-encrypted sessions via PKCS #1.

  • CVE-1999-0104Dec 16, 1997
    risk 0.01cvss epss 0.09

    A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

  • CVE-2026-7539Jun 24, 2026
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability.

  • CVE-2026-11878Jun 24, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2.

  • CVE-2025-41368Mar 26, 2026
    risk 0.00cvss epss 0.01

    Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured…

  • CVE-2026-2915Mar 3, 2026
    risk 0.00cvss epss 0.00

    HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.

  • CVE-2026-1997Feb 10, 2026
    risk 0.00cvss epss 0.00

    Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an…

  • CVE-2026-1996Feb 10, 2026
    risk 0.00cvss epss 0.00

    Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.

  • CVE-2025-34395Dec 10, 2025
    risk 0.00cvss epss 0.01

    Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to…

  • CVE-2025-34394Dec 10, 2025
    risk 0.00cvss epss 0.01

    Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

  • CVE-2025-34393Dec 10, 2025
    risk 0.00cvss epss 0.01

    Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary…

  • CVE-2025-34392Dec 10, 2025
    risk 0.00cvss epss 0.22

    Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell…

  • CVE-2025-11531Dec 9, 2025
    risk 0.00cvss epss 0.00

    HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0.

  • CVE-2025-40312Dec 8, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does.

  • CVE-2025-13492Dec 3, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages.

  • CVE-2025-12785Nov 13, 2025
    risk 0.00cvss epss 0.00

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

  • CVE-2025-12784Nov 13, 2025
    risk 0.00cvss epss 0.00

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

  • CVE-2025-11761Nov 3, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.

  • CVE-2025-43017Oct 28, 2025
    risk 0.00cvss epss 0.00

    HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.

  • CVE-2025-10578Oct 1, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

  • CVE-2023-53485Oct 1, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type…

  • CVE-2023-53457Oct 1, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved…

  • CVE-2025-10568Sep 19, 2025
    risk 0.00cvss epss 0.00

    HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability.

  • CVE-2025-43018Jul 30, 2025
    risk 0.00cvss epss 0.00

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.

  • CVE-2025-43023Jul 28, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).

  • CVE-2025-3508Jul 25, 2025
    risk 0.00cvss epss 0.01

    Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.

  • CVE-2025-43488Jul 22, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.

  • CVE-2025-43487Jul 22, 2025
    risk 0.00cvss epss 0.00

    A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.

Page 27 of 46